Interpolation in local theory extensions

In this paper we study interpolation in local extensions of a base theory. We identify situations in which it is possible to obtain interpolants in a hierarchical manner, by using a prover and a procedure for generating interpolants in the base theory as black-boxes. We present several examples of theory extensions in which interpolants can be computed this way, and discuss applications in verification, knowledge representation, and modular reasoning in combinations of local theories.


Introduction
Many problems in mathematics and computer science can be reduced to proving satisfiability of conjunctions of (ground) literals modulo a background theory.This theory can be a standard theory, the extension of a base theory with additional functions, or a combination of theories.It is therefore very important to find efficient methods for reasoning in standard as well as complex theories.However, it is often equally important to find local causes for inconsistency.In distributed databases, for instance, finding local causes of inconsistency can help in locating errors.Similarly, in abstraction-based verification, finding the cause of inconsistency in a counterexample at the concrete level helps to rule out certain spurious counterexamples in the abstraction.
The problem we address in this paper can be described as follows: Let T be a theory and A and B be sets of ground clauses in the signature of T , possibly with additional constants.Assume that A ∧ B is inconsistent with respect to T .Can we find a ground formula I, containing only constants and function symbols common to A and B, such that I is a consequence of A with respect to T , and B ∧ I is inconsistent modulo T ?If so, I is a (Craig) interpolant of A and B, and can be regarded as a "local" explanation for the inconsistency of A ∧ B.
In this paper we study possibilities of obtaining ground interpolants in theory extensions.We identify situations in which it is possible to do this in a hierarchical manner, by using a prover and a procedure for generating interpolants in the base theory as "blackboxes".

V. SOFRONIE-STOKKERMANS
We consider a special type of extensions of a base theory -namely local theory extensions -which we studied in [15].We showed that in this case hierarchical reasoning is possible.i.e. proof tasks in the extension can be reduced to proof tasks in the base theory.
Here we study possibilities of hierarchical interpolant generation in local theory extensions.
The main contributions of the paper are summarized below: • First, we identify new examples of local theory extensions.
• Second, we present a method for generating interpolants in local extensions of a base theory.The method is general, in the sense that it can be applied to an extension T 1 of a theory T 0 provided that: (i) T 0 is convex; (ii) T 0 is P -interpolating for a specified set P of predicates (cf. the definition in Section 5.2); (iii) in T 0 every inconsistent conjunction of ground clauses A ∧ B allows a ground interpolant; (iv) the extension is defined by clauses of a special form (type (5.1) in Section 5.2).The method is hierarchical: the problem of finding interpolants in T 1 is reduced to that of finding interpolants in the base theory T 0 .We can use the properties of T 0 to control the form of interpolants in the extension T 1 .
• Third, we identify examples of theory extensions with properties (i)-(iv).
• Fourth, we discuss application domains such as: modular reasoning in combinations of local theories (characterization of the type of information which needs to be exchanged), reasoning in distributed databases, and verification.The existence of ground interpolants has been studied in several recent papers, mainly motivated by abstraction-refinement based verification [7,8,9,19,6].In [8] McMillan presents a method for generating ground interpolants from proofs in an extension of linear rational arithmetic with uninterpreted function symbols.The use of free function symbols is sometimes too coarse (cf. the example in Section 2.2).Here, we show that similar results also hold for other types of extensions of a base theory, provided that the base theory has some of the properties of linear rational arithmetic.Another method for generating interpolants for combinations of theories over disjoint signatures from Nelson-Oppen-style unsatisfiability proofs was proposed by Yorsh and Musuvathi in [19].Although we impose similar conditions on T 0 , our method is orthogonal to theirs, as it can also handle combinations of theories over non-disjoint signatures.In [6] a different interpolation property -stronger than the property under consideration in this paper -is studied, namely the existence of ground interpolants for arbitrary formulae -which is proved to be equivalent to the theory having quantifier elimination.This limits the applicability of the results in [6] to situations in which the involved theories allow quantifier elimination.If the theory considered has quantifier elimination then we can use this for obtaining ground interpolants for arbitrary formulae.The goal of our paper is to identify theories -possibly without quantifier elimination -in which, nevertheless, ground interpolants for ground formulae exist.
Structure of the paper: We start by providing motivation for the study in Section 2. In Section 3 the basic notions needed in the paper are introduced.Section 4 contains results on local theory extensions.In Section 5 local extensions allowing hierarchical interpolation are identified, and based on this, in Section 6 a procedure for computing interpolants hierarchically is given.In Section 7 applications to modular reasoning in combinations of theories, reasoning in complex databases, and verification are presented.In Section 8 we draw conclusions, discuss the relationship with existing work, and sketch some plans for future work.For the sake of clarity in presentation, all the proofs that are not directly related to the main thread of the paper can be found in the appendix.(These results concern illustrations of the fact that certain theory extensions are local, or satisfy assumptions that guarantee that interpolants can be computed hierarchically.)

Motivation
In this section we present two fields of applications in which it is important to efficiently compute interpolants: knowledge representation and verification.
Let AChem be an extension of Chem with concepts C 1 = {cat-oxydation, oxydation}, a rôle R 1 = {catalyzes}, terminology T 1 and constraints Γ 1 : Let BioChem be an extension of Chem with the concept C 2 = {enzyme}, the rôles R 2 = {produces, catalyzes}, terminology T 2 and constraints Γ 2 : The combination of Chem, AChem and BioChem is inconsistent (we wrongly added to Γ 1 the constraint reaction ⊆ oxydation instead of oxydation ⊆ reaction).This can be proved as follows: By results in [14] (p.156 and p.166) the combination of Chem, AChem and BioChem is inconsistent if and only if where T is the extension SLat ∧ f ∈R 1 ∪R 2 Mon(f ) of the theory of semilattices with smallest element 0 and monotone function symbols corresponding to ∃r for each rôle Using, for instance, the hierarchical calculus presented in [15] (see also Section 4), the contradiction can be found in polynomial time.In order to find the mistake we look for an explanation for the inconsistency in the common language of AChem and BioChem.
(Common to AChem and BioChem are the concepts substance, organic, inorganic, reaction and the rôle catalyzes.)This can be found by computing an interpolant for the conjunction in (2.1) in the theory of semilattices with monotone operators.In this paper we show how such interpolants can be found in an efficient way.The method is illustrated on the example above in Section 7.2.
2.2.Verification.In [8], McMillan proposed a method for abstraction-based verification in which interpolation (e.g. for linear arithmetic + free functions) is used for abstraction refinement.The idea is the following: Starting from a concrete, precise description of a (possibly infinite-state) system one can obtain a finite abstraction, by merging the states into equivalence classes.A transition exists between two abstract states if there exists a transition in the concrete systems between representatives in the corresponding equivalence classes.Literals describing the relationships between the state variables at the concrete level are represented -at the abstract level -by predicates on the abstract states (equivalence classes of concrete states).Classical methods (e.g.BDD-based methods) can be used for checking whether there is a path in the abstract model from an initial state to an unsafe state.We distinguish the following cases: (1) No unsafe state is reachable from an initial state in the abstract model.Then, due to the way transitions are defined in the abstraction, this is the case also at the concrete level.Hence, the concrete system is guaranteed to be safe.(2) There exists a path in the abstract model from an initial state to an unsafe state.This path may or may not have a correspondent at the concrete level.In order to check this, we analyse the counterpart of the counterexample in the concrete model.This can be reduced to testing the satisfiability of a set of constraints: If the set of constraints is satisfiable then an unsafe state is reached from the initial state also in the concrete system.Thus, the concrete system is not safe.(2.2) If the set of constraints is unsatisfiable, then the counterexample obtained due to the abstraction was spurious.This means that the abstraction was too coarse.
In order to refine it we need to take into account new predicates or relationships between the existing predicates.Interpolants provide information about which new predicates need to be used for refining the abstraction.
We illustrate these ideas below.Consider a water level controller modeled as follows: Changes in the water level by inflow/outflow are represented as functions in, out, depending on time t and water level L. Alarm and overflow levels L alarm <L overflow , as well as upper/lower bounds for mode durations 0 ≤ δt ≤ ∆t are parameters of the systems.

L:= in(out(L, g(t)−t), h(t)−t) L:= in(L, k(t)−t) t:= k(t)
• If L ≥ L alarm then a valve is opened until time g(t), time changes to t ′ := h(t) and the water level to • If L < L alarm then the valve is closed; time changes to t ′ := k(t), and the water level to We impose restrictions K on h, g, k and on in and out: We want to show that if initially L < L alarm then the water level always remains below L overflow .
We start with an abstraction in which the predicates are: and no other relations between these predicates are specified.We can, for instance, use finite model checking for the finite abstraction obtained this way.Note for instance that is satisfiable, i.e. in the abstract model there exists a path (of length 2) from the initial state to an unsafe state.We analyze the corresponding path in the concrete model to see if this counterexample to safety is spurious, i.e. we check whether there exist l, l ′ , l ′′ , t, t ′ , t ′′ 1 , t ′′ 2 ∈ R such that the conjunction: in, out are regarded as free function symbols this conjunction is satisfiable, so the spuriousness of the counterexample cannot be detected.G can however be proved to be unsatisfiable if we take into account the additional conditions K on the functions in, out, g, h and k.Interpolants can be used for determining the cause of inconsistency, and can therefore help in refining the abstraction.The hierarchical interpolation method we present here allows us to efficiently generate ground interpolants for extensions with functions satisfying axioms of the type considered here and also for a whole class of more general axioms.An illustration of this method on the formulae in the example presented here is given in Section 7.3.
Besides the application to verification by abstraction-refinement, computation of Craig interpolants has other potential applications (e.g. to goal-directed overapproximation for achieving faster termination, or to automatic invariant generation).

Preliminaries
In this section we introduce the main notions and definitions concerning theories, models and interpolants needed in the paper.
3.1.Theories and models.Theories can be regarded as sets of formulae or as sets of models.In this paper, whenever we speak about a theory T -if not otherwise specifiedwe implicitly refer to the set Mod(T ) of all models of T .Definition 3.1.Let T be a theory in a given signature Π = (Σ, Pred), where Σ is a set of function symbols and Pred a set of predicate symbols.Let φ and ψ be formulae over the signature Π with variables in a set X.The notion of truth of formulae and of entailment is the usual one in logic.We say that: • φ is satisfiable with respect to T if there exists at least one model M of T and an assignment β : X → M such that (M, β) |= φ.Otherwise we say that φ is unsatisfiable.• We say that φ entails ψ with respect to T (denoted φ |= T ψ) if for every model M of T and every valuation β, if (M, β) |= φ then (M, β) |= ψ.
Note that φ is unsatisfiable with respect to T if and only if φ |= T ⊥ (⊥ stands for false).

Interpolation.
A theory T has interpolation if, for all formulae φ and ψ in the signature of T , if φ |= T ψ then there exists a formula I containing only symbols which occur in both φ and ψ such that φ |= T I and I |= T ψ.First order logic has interpolation butfor an arbitrary theory T -even if φ and ψ are e.g.conjunctions of ground literals, I may still be an arbitrary formula, containing alternations of quantifiers (cf.[6] for an example of ground formulae φ and ψ in the language of the theory Th arrays of arrays whose conjunction is unsatisfiable, but there is no ground interpolant over the common variables of φ and ψ).
It is often important to identify situations in which ground clauses have ground interpolants.There exist results which relate ground interpolation to amalgamation or the injection transfer property [5,2,18] and thus allow us to recognize many theories with ground interpolation.We present these results in Appendix A.
(2) Linear rational and real arithmetic.Other examples of theories which allow ground interpolation are the equational classes of (abelian) groups and lattices.In many applications one needs to consider extensions or combinations of theories, and proving amalgamation properties can be complicated.On the other hand, just knowing that ground interpolants exist is usually not sufficient: we would like to construct the interpolants fast.
In the examples considered in Theorem 3.3, methods for constructing interpolants exist.For the theories of pure equality and of posets interpolants can be constructed for instance from proofs [8,19].For linear rational or real arithmetic they can either be constructed from proofs [8] or by constructing linear programming problems and solving these problems using an off-the-shelf sound solver [11] 2 .For the theories of Boolean algebras, distributive lattices and semilattices they can be reconstructed from resolution proofs associated with the translation of the satisfiability problems to propositional logic [13]; the construction is similar to the one described in the proof of Theorem 5.4 in Appendix C. We would like to use the advantages of modular or hierarchical reasoning for constructing interpolants in theory extensions in an efficient way.This is why in this paper we aim at giving methods for constructing interpolants in a hierarchical way.Since in [15] we identified a 1 In fact, the theories (1) and (4) allow equational interpolation (cf.Definition A.2 in Appendix A).Similar results were also established for (2) in [11].
2 Some off-the-shelf linear programming solvers may not be sound, so care is needed when choosing them.
class of theory extensions -namely, local theory extensions -in which hierarchical reasoning was possible, in what follows we will study interpolation in local theory extensions.

Local Theory Extensions
Let T 0 be a theory with signature Π 0 = (Σ 0 , Pred).We consider extensions T 1 = T 0 ∪ K of T 0 with signature Π = (Σ, Pred), where Σ = Σ 0 ∪ Σ 1 (i.e. the signature is extended by new function symbols) and T 1 is obtained from T 0 by adding a set K of (universally quantified) clauses.Thus, Mod(T 1 ) consists of all Π-structures M which are models of K and whose reduct where M = ∅ and for every f ∈ Σ with arity n, f M is a partial function from M n to M .
Any variable assignment β : X → M extends in a natural way to terms, such that β(f (t 1 , . . ., t n )) = f M (β(t 1 ), . . ., β(t n )).Thus, the notion of evaluating a term t with respect to a variable assignment β : X → M for its variables in a partial structure M is the same as for total algebras, except that this evaluation is undefined if t = f (t 1 , . . ., t n ) and at least one of β(t i ) is undefined, or else (β(t 1 ), . . ., β(t n )) is not in the domain of f M .Definition 4.2.Let M be a partial Π-structure, C a clause and β : X → M .Then (M, β) |= w C if and only if either (i) for some term t in C, β(t) is undefined, or else (ii) β(t) is defined for all terms t of C, and there exists a literal L in C such that β(L) is true in M. M weakly satisfies C (notation: M |= w C) if (M, β) |= w C for all assignments β.We say that M weakly satisfies a set of clauses K or M is a weak partial model of K (notation:

4.1.
Local theory extensions: definitions.Let T 0 be a theory with signature Π 0 = (Σ 0 , Pred) and let K be a set of (universally quantified) clauses in the signature Π = (Σ, Pred), where Σ = Σ 0 ∪Σ 1 .In what follows, when referring to sets G of ground clauses we assume they are in the signature Π c = (Σ∪Σ c , Pred) where Σ c is a set of new constants.For the sake of simplicity, we will use the same notation for a structure and for its universe.
A (total) model of be the class of all weak partial models P of K, in which the Σ 1 -functions are partial and such that P |Π 0 is a total model of T 0 .
An extension T 0 ⊆ T 0 ∪ K is local if, in order to prove unsatisfiability of a set G of clauses with respect to T 0 ∪ K, it is sufficient to use only those instances K[G] of K in which the terms starting with extension functions are in the set st(G, K) of ground terms which already occur in G or K. Definition 4.3.We consider the following properties of an extension T 1 =T 0 ∪ K of a theory T 0 with additional function symbols satisfying a set K of clauses.
(Loc) For every set G of ground clauses, G |= T 1 ⊥ if and only if there is no partial Π c -structure P such that P |Π 0 is a total model of T 0 , all terms in st(K, G) are defined in P , and P weakly satisfies A weaker notion (Loc f ) is defined by requiring that the locality condition only holds for finite sets G of ground clauses.(Loc f ) For every finite set G of ground clauses, G |= T 1 ⊥ if and only if there is no partial Π c -structure P such that P |Π 0 is a total model of T 0 , all terms in st(K, G) are defined in P , and P weakly satisfies Since (Loc f ) is the property we are interested in, we will only refer to this form of locality in what follows.We will say that the extension 4.2.Embeddability and locality.In [15,17] we showed that embeddability of certain weak partial models into total models implies locality of an extension.Consider condition:   15,17]).Let K be a set of clauses in which all terms starting with a function symbol in Σ 1 are flat and linear.If the extension T 0 ⊆ T 1 satisfies (Emb fd w ) then it satisfies (Loc f ).

4.3.
Examples.Using a variant of Theorem 4.5, in [15] we gave several examples of local theory extensions: any extension of a theory with free functions; extensions with selector functions for a constructor which is injective in the base theory; extensions of R with a Lipschitz function in a point x 0 ; extensions of partially ordered theories -in a class Ord consisting of the theories of posets, (dense) totally-ordered sets, semilattices, (distributive) lattices, Boolean algebras, or R -with a monotone function f , i.e. satisfying: Generalized monotonicity conditions -combinations of monotonicity in some arguments and antitonicity in other arguments -were studied in [17].Below, we give some additional examples with particular relevance in verification.
All the extensions above satisfy condition Loc f .Proof.The proof is given in Appendix B. 4.4.Hierarchic reasoning in local theory extensions.Let T 0 ⊆ T 1 =T 0 ∪ K be a local theory extension.To check the satisfiability of a set G of ground clauses with respect to T 1 we can use the following hierarchical procedure to reduce the problem to a satisfiability problem in the base theory (for details cf.[15]): Step 1: Use locality.By the locality condition, we know that G is unsatisfiable with respect to T 1 if and only if K[G] ∧ G has no weak partial model in which all the subterms of K[G] ∧ G are defined, and whose restriction to Π 0 is a total model of T 0 .
Step 2: Flattening and purification.As in K[G] and G the functions in Σ 1 have as arguments only ground terms, K[G] ∧ G can be purified and flattened by introducing new constants for the arguments of the extension functions as well as for the (sub)terms t = f (g 1 , . . ., g n ) starting with extension functions f ∈ Σ 1 , together with new corresponding definitions c t ≈ t.The set of clauses thus obtained has the form K 0 ∧ G 0 ∧ D, where D is a set of ground unit clauses of the form f (c 1 , . . ., c n ) ≈ c, where f ∈ Σ 1 and c 1 , . . ., c n , c are constants, and K 0 , G 0 are clauses without function symbols in Σ 1 .
Step 3: Reduction to testing satisfiability in T 0 .We reduce the problem of testing satisfiability of G with respect to T 1 to a satisfiability test in T 0 as shown in Theorem 4.7.

Theorem 4.7 ([15]
). Assume that T 0 ∪ K is a local extension of T 0 with a set K of clauses.With the notation above, the following are equivalent: (1) ∧ G has a weak partial model where all terms in st(K, G) are defined.
(3) T 0 ∧ K 0 ∧ G 0 ∧ D has a weak partial model with all terms in st(K, G) defined. ( is the set of instances of the congruence axioms for the functions in Σ 1 corresponding to the extension terms in D. Example 4.8.Let T 1 = SLat ∪ SGc(f, g) ∪ Mon(f, g) be the extension of the theory of semilattices with two monotone functions f, g satisfying the semi-Galois condition SGc(f, g).
Consider the following ground formulae A, B in the signature of T 1 : where c and d are shared constants.By Theorem 4.6(e), T 1 is a local extension of the theory of semilattices.To prove that A ∧ B |= T 1 ⊥ we proceed as follows: Step 1: Use locality.By the locality condition, A ∧ B is unsatisfiable with respect to Step 2: Flattening and purification.We purify and flatten the formula SGc(f, g)∧Mon(f, g) by replacing the ground terms starting with f and g with new constants.The clauses are separated into a part containing definitions for terms starting with extension functions, D A ∧ D B , and a conjunction of formulae in the base signature, A 0 ∧ B 0 ∧ SGc 0 ∧ Mon 0 .
Step 3: Reduction to testing satisfiability in T 0 .As the extension SLat ⊆ T 1 is local, by Theorem 4.7 we know that

Extension
Base , together with SGc 0 this yields b 1 ≤ a, which together with a ≤ c and b 1 ≤ c leads to a contradiction.

Hierarchical Interpolant Computation
Let T 0 ⊆ T 1 = T 0 ∪ K be a theory extension by means of a set of clauses K. Assume that A ∧ B |= T 1 ⊥, where A and B are two sets of ground clauses.Our goal is to find a ground interpolant, that is a ground formula I containing only constants and extension functions which are common to A and B such that Flattening and purification do not influence the existence of ground interpolants: Proof.
Let I be obtained from I by replacing, recursively, all newly introduced constants with the terms in the original signature which they represent.Then: Therefore we can restrict without loss of generality to finding interpolants for the purified and flattened conjunction of formulae We focus on interpolation in local theory extensions.Let T 0 ⊆ T 1 = T 0 ∪ K be a local theory extension.From Theorem 4.7 we know that in such extensions hierarchical reasoning is possible: if A and B are sets of ground clauses in a signature Π c , and A 0 ∧ D A (resp.B 0 ∧ D B ) are obtained from A (resp.B) by purification and flattening then: ] by replacing the Σ 1 -terms with the corresponding constants contained in the definitions D A and D B and In general we cannot use Theorem 4.7 for generating a ground interpolant because: (i) K[D A ∧ D B ] (hence also K 0 ) may contain free variables.
(ii) If some clause in K contains two or more different extension functions, it is unlikely that these extension functions can be separated in the interpolants.(iii) The clauses in K[D A ∧ D B ] and the instances of congruence axioms (and therefore the clauses in K 0 ∧ Con[D A ∧ D B ] 0 ) may contain combinations of constants and extension functions from A and B. To avoid (i), we will need to take into account only extensions with sets K of clauses in which all variables occur below some extension term.To solve (ii), we define a relation ∼ between extension functions, where f ∼ g if f and g occur in the same clause in K.This defines an equivalence relation ∼ on Σ 1 .We henceforth consider that a function f ∈ Σ 1 is common to A and B if there exist g, h ∈ Σ 1 such that f ∼ g, f ∼ h, g occurs in A and h occurs in B.
Example 5.2.Consider the reduction to the base theory in Example 4.8.We explain the problems mentioned above.Ad (ii) As SGc(f, g) contains occurrences of both f and g, it is not likely to find an interpolant with no occurrence of f and g, even if g only occurs in A and f only occurs in B. We therefore assume that f ∼ g, i.e. that both f and g are shared.Ad (iii) The clause b ≤ a 1 → b 1 ≤ a of SGc 0 is mixed, i.e. contains combinations of constants from A and B.
The idea for solving problem (iii) is presented below.
has no weak partial model where all ground terms in K, D A , D B , T are defined.
The A and B-part share the constants c and d, and no function symbols.However, as f and g occur together in SGc, f ∼ g, so they are considered to be all shared.
(Thus, the interpolant is allowed to contain both f and g.)We obtain a separation for the clause b ≤ a 1 → b 1 ≤ a of SGc 0 as follows: (ii) We can find an SLat-term t containing only shared constants of A 0 and B 0 such that . We thus obtain a separated conjunction A 0 ∧ B 0 (where , which can be proved to be unsatisfiable in T 0 = SLat.(iv) To compute an interpolant in SLat for A 0 ∧ B 0 note that A 0 is logically equivalent to the conjunction of unit literals By replacing the new constants with the terms they denote we obtain the interpolant Note that in order to be able to perform in general the succession of steps in Example 5.3 it is necessary that K 0 is ground and the theory extension and the base theory have certain properties: (i) it always is possible to find an axiom instance such that all its premises are entailed by A 0 ∧ B 0 ; (ii) we can find separating terms (in the joint signature) for the entailed literals; (iii) the axioms come in pairs with corresponding monotonicity axioms which are then used to separate mixed rules; (iv) we can compute ground interpolants in T 0 .
Theory extensions satisfying these conditions appear in a natural way in a wide variety of applications ranging from knowledge representation to verification.In what follows we will give several examples of theories with properties (i)-(iv).

5.2.
Examples of theory extensions with hierarchic interpolation.We identify a class of theory extensions for which interpolants can be computed hierarchically (and efficiently) using a procedure for generating interpolants in the base theory T 0 .This allows us to exploit specific properties of T 0 for obtaining simple interpolants in T 1 .We make the following assumptions about T 0 : Assumption 1: T 0 is convex with respect to the set Pred of all predicates (including equality ≈), i.e., for all conjunctions Γ of ground atoms, relations R 1 , . . ., R m ∈ Pred and ground tuples of corresponding arity t 1 , . . ., t n , if Γ |= T 0 m i=1 R i (t i ) then there exists j ∈ {1, . . ., m} such that Γ |= T 0 R j (t j ).Proof.The proof is given in Appendix C.
We make the following assumption about the extension T 1 of T 0 .
Assumption 4: T 1 = T 0 ∪ K is a local extension of T 0 with the property that in all clauses in K each variable occurs also below some extension function.
For the sake of simplicity we only consider sets A, B of unit clauses, i.e. conjunctions of ground literals.This is not a restriction, since if we can obtain interpolants for conjunctions of ground literals then we also can construct interpolants for conjunctions of arbitrary clauses by using standard methods3 discussed e.g. in [8] or [19].By Lemma 5.1, we can restrict without loss of generality to finding an interpolant for the purified and flattened conjunction of unit clauses ] by replacing the Σ 1 -terms with the corresponding constants contained in the definitions D A ∧ D B and In general, where Con A 0 , K A 0 only contain extension functions and constants which occur in A, Con B 0 , K B 0 only contain extension functions and constants which occur in B, and Con mix , K mix contain mixed clauses with constants occurring in both A and B. Our goal is to separate Con mix and K mix into an A-local and a B-local part.We show that, under Assumptions 1 and 2, Con mix can always be separated, and K mix can be separated if K contains the following type of combinations of clauses: where n ≥ 1, x 1 , . . ., x n are variables, R 1 , . . ., R n , R are binary relations with R 1 , . . ., R n ∈ P and R transitive, and each s i is either a variable among the arguments of g, or a term of the form f i (z 1 , . . ., z k ), where f i ∈ Σ 1 and all the arguments of f i are variables occurring among the arguments of g. 4We therefore make the following additional assumption about the theory extension T 1 : (d) Extensions of theories in Ord with functions satisfying SGc(f, g 1 ) ∧ Mon(f, g 1 ).
(e) Extensions of theories in Ord with functions satisfying Leq(f, g) ∧ Mon(f ).
Remark 5.6.If the clauses in K are of type (5.1), then similarly for K B 0 , and where R i ∈ P , R is transitive, and c i , d i , c, d are constants.Moreover, the cardinality of K 0 ∪ Con[D A ∧ D B ] 0 is quadratic in the size of A ∧ B for a fixed K. Proposition 5.7.Assume that T 0 satisfies Assumptions 1 and 2. Let H be a set of Horn clauses ( n i=1 c i R i d i ) → cRd in the signature Π c 0 (with R transitive and R i ∈ P ) which are instances of flattened and purified clauses of type (5.1) and of congruence axioms.Let A 0 and B 0 be conjunctions of ground literals in the signature Π c 0 such that A 0 ∧ B 0 ∧ H |= T 0 ⊥.Then H can be separated into an A and a B part by replacing the set H mix of mixed clauses

The following hold:
(1) There exists a set T of Σ 0 ∪ Σ c -terms containing only constants common to A 0 and B 0 such that A 0 ∧ B 0 ∧ (H\H mix ) ∧ H sep |= T 0 ⊥, where and c f (t 1 ,...,tn) are new constants in Σ c (considered to be common) introduced for the corresponding terms f (t 1 , . . ., t n ).(2) A 0 ∧ B 0 ∧ (H\H mix ) ∧ H sep is logically equivalent with respect to T 0 with the following separated conjunction of ground literals: Proof.We prove (1) and (2) simultaneously by induction on the number of clauses in H.
If H = ∅ then the initial problem is already separated into an A and a B part so we are done: we can choose T = ∅.Assume that H contains at least one clause, and that for every H ′ with fewer clauses and every conjunctions of literals and (2) hold.
Let D be the set of all atoms c i R i d i occurring in premises of clauses in H.As every model of the conjunction of all atoms in A 0 ∧B 0 , and (A 0 ∧ B 0 ) − be the set of all negative literals in A 0 ∧ B 0 .Then By Assumption 1, T 0 is convex with respect to Pred.Moreover, (A 0 ∧ B 0 ) + is a conjunction of positive literals.Therefore, either (i) (A 0 ∧ B 0 ) + |= L for some L ∈ (A 0 ∧ B 0 ) − (then A 0 ∧ B 0 is unsatisfiable and hence entails any atom Case 1: A 0 ∧ B 0 is unsatisfiable.In this case (1) and ( 2) hold for T = ∅.Case 2: A 0 ∧B 0 is satisfiable.Then A 0 ∧B 0 is logically equivalent in T 0 with A 0 ∧B 0 ∧c i R i d i .If it is not the case that by adding c i R i d i all premises of some rule in H become true we repeat the procedure for has a model then A 0 ∧ B 0 ∧ H has one), and as before, using convexity we infer that either A 0 ∧ B 0 is unsatisfiable (which cannot be the case) or there exists We can repeat the process until all the premises of some clause in H are proved to be entailed by and -by Assumption 2 -T 0 is P -interpolating.Thus, there exist terms t 1 , . . ., t n containing only constants common to A 0 and B 0 such that for all i ∈ {1, . . ., n} (5.2) Let c f (t 1 ,...,tn) be a new constant, denoting the term f (t 1 , . . ., t n ), and let Thus, C A corresponds to the monotonicity axiom (where |=| T 0 stands for logical equivalence with respect to T 0 ).Hence,

H\C). On the other hand, as
Rd and H ′ = H\C we know that there exists a set T ′ of terms such that sep |=⊥, and also (2) holds.Then (1) holds for T = T ′ ∪{t 1 , . . ., t n }. (2) can be proved similarly using the induction hypothesis.
(3) follows from the same induction schema taking into account the fact that, by strong interpolation, always if A 0 ∧ B 0 |= c i R i d i there exists t i (containing only constants common to A 0 and B 0 ) with ..,tn) Rd.)By using the induction hypothesis, (3) follows easily.
An immediate consequence of Proposition 5.7 is Proposition 5.8.Proposition 5.8.Assume T 0 satisfies Assumptions 1 and 2, the extension T 0 ⊆ T 0 ∪ K satisfies Assumptions 4 and 5, and Then there exists a set T of Σ 0 ∪ Σ c -terms containing only constants common to A 0 and B 0 such that (if As before, Σ c contains the new constants c f (t 1 ,...,tn) , considered to be common to A 0 and B 0 , introduced for terms f (t 1 , . . ., t n ), with t 1 , . . ., t n ∈ T .

the following holds:
(1) There exists a Π c 0 -formula I 0 containing only constants common to A 0 , B 0 with Proof.
(1) is a direct consequence of Proposition 5.8, since K A 0 , K AD 0 , K B 0 , K BD 0 are ground and we assumed that T 0 has ground interpolation.
(2) Let I be obtained from I 0 by recursively replacing each constant c t introduced in the separation process with the term t.We show that I is an interpolant of (A 0 ∧ D A ) ∧ (B 0 ∧ D B ) with respect to T 1 , i.e. that (i) satisfies all instances of the axioms in K and of the congruence axioms in K A 0 ∧ K DA 0 ∧Con A 0 ∧Con DA 0 (and similarly for the B part).Thus, the restriction (M |Π 0 , v) of (M, v) to the base theory satisfies This contradicts the fact that the set of clauses above is unsatisfiable with respect to T 0 .Thus, I ∧ B 0 ∧ D B |= T 1 ⊥.

A procedure for hierarchical interpolation
We obtain a procedure for computing interpolants for A ∧ B described in Figure 1.Lemma 6.1.Assume that the cycle in Step 2 of the procedure described in Figure 1 stops after processing all mixed clauses in H mix and moving their separated form into the set H sep .The following are equivalent: 2) is a consequence of Theorems 4.7 and Proposition 5.8.As the conjunction in (2) corresponds to a subset of instances of then no matter which terms are chosen for separating mixed clauses in Con[D A ∧ D B ] 0 ∧ K 0 , we obtain a separated conjunction of clauses unsatisfiable with respect to T 0 .Lemma 6.1 shows that if the set of clauses obtained when the procedure stops is satisfiable then A ∧ B was satisfiable, and conversely, so the procedure can be used to test satisfiability and to compute interpolants at the same time.(However, it is more efficient to first test A ∧ B |= T 1 ⊥.) Theorem 6.2.Let T 0 be a theory with the following properties: Assumption 1: T 0 is convex with respect to the set Pred (including equality ≈); Assumption 2: T 0 is P -interpolating with respect to a subset P ⊆ Pred and the separating terms t i can be effectively computed; and Assumption 3: T 0 has ground interpolation (note that we assume, in particular, that T 0 satisfies a stronger form of Assumption 2).Assume that the extension T 1 = T 0 ∪ K of T 0 has the following properties:
Using locality, flattening and purification we obtain a set H ∧ A 0 ∧ B 0 of formulae in the base theory, where Step 2: Reduction to an interpolation problem in the base theory.
Repeat as long as possible: Let C∈H whose premise is entailed by If C is mixed, compute terms t i which separate the premises in C, and separate the clause into an instance C 1 of monotonicity and an instance C 2 of a clause in K as in the proof of Case 2b in Prop.5.7.
Remove C from H, and add C 1 , C 2 to H sep and their conclusions to ∆. Otherwise move C to H sep and add its conclusion to ∆.
Step 3: Interpolation in the base theory.
Compute an interpolant I 0 in T 0 for the separated formula A 0 ∧ B 0 (logically equivalent to A 0 ∧ B 0 ∧ (H\H mix ) ∧ H sep ) obtained this way.
Step 4: Construct interpolant for the initial problem.
Construct an interpolant I in T 1 from I 0 by recursively replacing each constant c t introduced in the separation process with the term t, as explained in Corollary 5.9(2).
Figure 1: Procedure for hierarchical interpolant computation Assumption 5: K consists of the following type of combinations of clauses: where n ≥ 1, x 1 , . . ., x n are variables, R 1 , . . ., R n , R are binary relations, R 1 , . . ., R n ∈ P , R is transitive, and each s i is either a variable among the arguments of g, or a term of the form f i (z 1 , . . ., z k ), where f i ∈ Σ 1 and all the arguments of f i are variables occurring among the arguments of g (i.e.combinations of clauses of type (5.1)).For every conjunction A ∧ B of ground unit clauses in the signature Π c of T 1 (possibly containing additional constants) with A∧B |= T 1 ⊥ the procedure for hierarchical interpolation terminates and it computes an interpolant I for A ∧ B.
Proof.To prove termination note that at every execution of the loop in Step 2, the number of mixed clauses decreases.All entailment tests in Step 2 are decidable (their complexity is discussed separately).By Assumption (2'), terms t i which separate the premises can be computed in finite time.This shows that Step 2 terminates.Termination of Steps 1, 3 and 4 is immediate.
We now prove correctness.We know that Hence, by Lemma 6.1, when the cycle in Step 2 of the procedure terminates replacing the set of clauses H mix with H sep , then A 0 ∧ B 0 ∧ (H\H mix ) ∧ H sep |= T 0 ⊥.By construction, at termination H\H mix ∧H sep contains only pure (unmixed) clauses.We can use the alternative form of H\H mix , denoted before by K A 0 ∧ K B 0 , as well as of In Step 3 an interpolant I 0 containing only constants common to A 0 , B 0 with Step 4, a ground Π c -formula I containing only constants and function symbols which occur both in A and B such that A |= T 1 I and B ∧ I |= T 1 ⊥ is constructed starting from I as explained in Corollary 5.9.This is the interpolant of A ∧ B.
Complexity: Assume that in T 0 for a formula of length n: (a) interpolants can be computed in time g(n), (b) P -interpolating terms can be computed in time h(n), (c) entailment can be checked in time k(n).The size n of the set of clauses obtained after the preprocessing phase is quadratic in the size of the input.Under the assumptions (a), (b), (c) above the procedure above computes an interpolant in time of order n • (k(n)+h(n))+g(n).Remark 6.3.If T 0 satisfies Assumptions 1 and 3 at the beginning of Section 5.2.and is strongly P -interpolating, the procedure above can be changed (according to the proof of Proposition 5.7(3)) to separate all clauses in H and store the conclusions of the separated then there exists a set T of Σ 0 ∪ Σ c -terms containing only constants common to A 0 and B 0 , and common new constants in a set Σ c such that the terms in T can be used to separate , where: is logically equivalent to A 0 , and B 0 ∧K DB 0 ∧Con DB 0 is logically equivalent to B 0 , where A 0 , B 0 are the following conjunctions of literals: Thus, if for instance in T 0 interpolants for conjunctions of ground literals are always again conjunctions of ground literals, the same is also true in the extension.(e) Extensions of any theory in Theorem 5.4(1)-( 4) with Bound t (f ) or GBound t (f ) (where t is a term and φ a set of literals in the base theory).(f) Extensions of the theories in Theorem 5.4(2),(4) with Mon(f ) ∧ Bound t (f ), if t is monotone in its variables.
(g) R ∪ (L λ f ), the extension of the theory of reals with a unary function which is λ-Lipschitz in a point x 0 , where ( are direct consequences of Corollary 5.9, since all sets of extension clauses are of type (5.1).For extensions of linear arithmetic note that due to the totality of ≤ we can always assume that A and B are positive, so convexity with respect to ≈ is sufficient (cf.proof of Proposition 5.7).Also, in [11] we show that being P -interpolating with respect to ≤ is sufficient in this case.(e)-(g) follow from Corollary 5.9 and the fact that if each clause in K contains only one occurrence of an extension function, no mixed instances can be generated when computing K[A ∧ B].
Let G be a set of ground clauses in the signature Π c = (Σ 0 ∪ Σ 1 ∪ Σ 2 ∪ Σ c , Pred).G can be flattened and purified, so we assume without loss of generality that G = G 1 ∧ G 2 , where G 1 , G 2 are flat and linear sets of clauses in the signatures Π 1 , Π 2 respectively, i.e.Proof.By Theorem 4.7, the following are equivalent: (1) , where, for j = 1, 2, and K 0 i is the formula obtained from K i [G i ] after purification and flattening, taking into account the definitions from By assumption (a), A and B are both ground.As A and B have no extension function symbols in common and only share the constants which G 1 and G 2 share, there exists an interpolant I 0 in the signature Π 0 , containing only Σ 0 -function symbols and only constants shared by G 1 , G 2 , such that A |= T 0 I 0 and B ∧ I 0 |= T 0 ⊥.An interpolant for G 1 ∧ G 2 with respect to T 1 can now be obtained by replacing the newly introduced constants by the terms they replaced.By Remark 6.3, if T 0 is strongly P -interpolating and has equational interpolation then I is a conjunction of literals, so for modularly proving G 1 ∧ G 2 |= T 1 ⊥ only conjunctions of ground literals containing constants shared by G 1 , G 2 need to be exchanged between specialized provers for T 1 and T 2 .7.2.Terminological Databases.Consider the combination of databases in Section 2.1.We prove that where T is the extension SLat∪ f ∈R 1 ∪R 2 Mon(f ) of the theory of semilattices with 0 and monotone functions corresponding to the rôles in R 1 ∪R 2 , where: T 2 = {reaction ≈ process ∧ produces(substance), enzyme ≈ organic ∧ catalyzes(reaction)} In order to find the mistake we look for an explanation for the inconsistency in the joint language of the two databases.Based on results on hierarchical reasoning in extensions of theories in [15] we can show that if we purify the problem by introducing definitions for the terms starting with an extension role symbol we can reduce the satisfiability test to a satisfiability test in the base theory.Thus, (7.1) is equivalent to the unsatisfiability of a set of clauses over the theory of semilattices, namely: The following instances of the congruence or monotonicity axioms need to be considered: oxydation ✄ reaction → cp ✄ cr, where ✄ ∈ {≈, ≤, ≥}.
They are not mixed.The conjunction of formulae in the base theory is unsatisfiable in the theory of semilattices.It can be split into a part A containing only concepts in AChem and a part B containing only concepts in BioChem.An interpolant for A ∧ B in the theory of semilattices with 0 is I 0 = substance ∧ cr ≤ inorganic.Thus, I = substance ∧ catalyzes(reaction) ≤ inorganic is an interpolant for A ∧ B. This is an explanation for the inconsistency of A ∧ B, and may help to find the error more easily than the initial proof of unsatisfiability.For this we can, for instance, analyze the (shorter) proofs of A |= I and B ∧ I |=⊥ and note that the constraint reaction ≤ oxydation is used in the proof of A |= I.
7.3.Verification.Consider the verification example from Section 2.2.We illustrate our method for generating interpolants for a formula corresponding to a path of length 2 from an initial state to an unsafe state: Hierarchic reasoning.The extension T 1 of linear arithmetic with the clauses K in Section 2 is local, so to prove G |= T 1 ⊥ it is sufficient to consider ground instances K[G] in which all extension terms already occur in G.After flattening and purifying K[G]∧G, we separate the problem into a definition part (Extension) and a base part G 0 ∧ K 0 .By Theorem 4.7 [15], the problem can be reduced to testing the satisfiability in the base theory of the conjunction G 0 ∧ K 0 ∧ Con 0 .As this conjunction is unsatisfiable with respect to T 0 , G is unsatisfiable.
Interpolation.Let A and B be given by: 2 , e 2 2 }.The shared constants are l ′ and t ′ .To generate an interpolant for A ∧ B, we partition the clauses in The abstraction defined in Section 2.2 can then be refined by introducing another predicate L ′ < L overflow .

Conclusions
We presented a method for obtaining simple interpolants in theory extensions.We identified situations in which it is possible to do this in a hierarchical manner, by using a prover and a procedure for generating interpolants in the base theory as "black-boxes".This allows us to use the properties of T 0 (e.g. the form of interpolants) to control the form of interpolants in the extension T 1 .We discussed applications of interpolation in verification and knowledge representation.
The method we presented can be applied to a class of theories which is more general than that considered in McMillan [8] (extension of linear rational arithmetic with uninterpreted function symbols).Our method is orthogonal to the method for generating interpolants for combinations of theories over disjoint signatures from Nelson-Oppen-style unsatisfiability proofs proposed by Yorsh and Musuvathi in [19], as it allows us to consider combinations of theories over non-disjoint signatures.
The hierarchical interpolation method presented here was in particular used for efficiently computing interpolants in the special case of the extension of linear arithmetic with free function symbols in [11]; the algorithm we used in that paper (on which an implementation is based) differs a bit from the one presented here in being tuned to the constrained based approach used in [11].The implementation was integrated into the predicate discovery procedure of the software verification tools Blast [4] and ARMC [10].First tests suggest that the performance of our method is of the same order of magnitude as the methods which construct interpolants from proofs, and considerably faster on many examples.In addition, our method can handle systems which pose problems to other interpolation-based provers: we can handle problems containing both strict and nonstrict inequalities, and it allows us to verify examples that require predicates over up to four variables.Details about the implementation and benchmarks for the special case of linear arithmetic + free function symbols are described in [11].
Although the method we presented here is based on a hierarchical reduction of proof tasks in a local extension of a given theory T 0 to proof tasks in T 0 , the results presented in Section 5 (in particular the separation technique described in Proposition 5.7) and in Section 6 also hold for non-purified formulae (i.e. they also hold if we do not perform the step of introducing new constant names c f (d) for the ground terms f (d) which occur in the problem or during the separation process).Depending on the properties of T 0 , techniques for reasoning and interpolant generation in the extension of T 0 with free function symbols e.g.within state of the art SMT solvers can then be used.We can, therefore, use the results in Sections 5 and 6 to extend in a natural way existing methods for interpolant computation which take advantage of state of the art SMT technology (cf.e.g.[3]) to the more complex types of theory extensions with sets of axioms of type (5.1) we considered here.
An immediate application of our method is to verification by abstraction-refinement; there are other potential applications (e.g.goal-directed overapproximation for achieving faster termination, or automatic invariant generation) which we would like to study.We would also like to analyze in more detail the applications to reasoning in complex knowledge bases.

Proof.
In what follows we will denote by Π 0 the signature of the base theory T 0 , and with Σ 1 the extension functions, namely f for cases (a) and (b), f, g for case (c), f, g 1 , . . ., g n for case (d) and f, g 1 for case (e).
(a) Let (P, f P ) be a partial Π-structure which weakly satisfies Bound t (f ), such that P ∈ Mod(T 0 ) and f P : P n → P is partial.Let A = (P, f A ) be a total Π-structure with the same support as P , where: f A (x 1 , . . ., x n ) = f P (x 1 , . . ., x n ) if f P (x 1 , . . ., x n ) defined t(x 1 , . . ., x n ) otherwise.
That the identity i is a weak embedding can be proved as before.
(c) The proof is very similar to the proof of (b).We first discuss the case (1)-(3).Let (P, f P , g P ) be a weak partial model of T 1 .Let A = (OI(P ), f A , g A ), where f A is defined as in (b).We define g(U 1 , . . ., U n ) by g A (U 1 , . . ., U n ) = ↓ g P (x 1 , . . ., x n ) if U i =↓ x i and g P (x 1 , . . ., x n ) defined f A (U 1 , . . ., U n ) otherwise.

Definition 3 . 2 .
We say that a theory T has the ground interpolation property (or, shorter, that T has ground interpolation) if for all ground clauses A(c, d) and B(c, e), if A(c, d) ∧ B(c, e) |= T ⊥ then there exists a ground formula I(c), containing only the constants c occurring both in A and B, such that A(c, d) |= T I(c) and B(c, e) ∧ I(c) |= T ⊥ .

Theorem 4 . 5
([ has no weak partial model in which all terms in A and B are defined.The extension terms occurring in A ∧ B are f (b) and g(a), hence: with respect to SLat , where Con 0 = Con[A ∧ B] 0 consists of the flattened form of those instances of the congruence axioms containing only f -and g-terms which occur in D A or D B , and SGc 0 ∧ Mon 0 consists of those instances of axioms in SGc(f, g) ∧ Mon(f, g) containing only f -and g-terms which occur in D A or D B .

Lemma 5 . 1 .
Let A and B be two sets of ground clauses in the signature Π c .Let A 0 ∧ D A and B 0 ∧D B be obtained from A resp.B by purification and flattening.If I is an interpolant of (A 0 ∧ D A ) ∧ (B 0 ∧ D B ) then the formula I, obtained from I by replacing, recursively, all newly introduced constants with the terms in the original signature which they represent, is an interpolant for A ∧ B.

5. 1 .
Main Idea.The idea of our approach is to separate mixed instances of axioms in K 0 , or of congruence axioms in Con[D A ∧ D B ] 0 , into an A-part and a B-part.This is, if A ∧ B |= T 1 ⊥ we find a set T of Σ 0 ∪Σ 1 -terms containing only constants and extension functions common to A and B, such that K[A ∧ B] can be separated into a part K[A, T ] consisting of instances with extension terms occurring in A and T , and a part K[B, T ] containing only instances with extension terms in B and T , such that: whose flattened form is in SGc 0 , we can use, without loss of unsatisfiability: (1) an instance of the monotonicity axiom for f : b ≤ d → f (b) ≤ f (d), (2) another instance of SGc, namely: d ≤ g(a) → f (d) ≤ a.For this, we introduce a new constant c f (d) for f (d) (its definition, c f (d) ≈ f (d), is stored in a set D T ), and the corresponding instances H sep = H A sep ∧ H B sep of the congruence, monotonicity and SGc(f, g)-axioms, which are now separated into an A-part

Assumption 2 :Theorem 5 . 4 . 1 ) 2 ) 3 )
T 0 is P -interpolating with respect to P ⊆ Pred, i.e. for all conjunctions A and B of ground literals, all binary predicates R ∈ P and all constants a and b such that a occurs in A and b occurs in B (or vice versa), if A ∧ B |= T 0 aRb then there exists a term t containing only constants common to A and B with A ∧ B |= T 0 aRt ∧ tRb.(If we can always find a term t containing only constants common to A and B with A |= T 0 aRt and B |= T 0 tRb we say that T 0 is strongly P -interpolating.)Assumption 3: T 0 has ground interpolation.Some examples of theories satisfying these properties are given below.The following theories have ground interpolation and are convex and Pinterpolating with respect to the indicated set P of predicate symbols: (The theory of EQ of pure equality without function symbols (for P = {≈}).(The theory PoSet of posets (for P = {≈, ≤}).(Linear rational arithmetic LI(Q) and linear real arithmetic LI(R) (convex with respect to P = {≈}, strongly P -interpolating for P = {≤}).(4) The theories Bool of Boolean algebras, SLat of semilattices and DLat of distributive lattices (strongly P -interpolating for P = {≈, ≤}).

Example 5 . 5 .
an extension of T 0 with a set of clauses K which only contains combinations of clauses of type (5.1).The following local extensions satisfy Assumptions 4 and 5: (a) Any extension with free functions (K = ∅).(b) Extensions of any theory in Ord (cf.Section 4.3) with monotone functions.(c) Extensions of any totally-ordered theory in Ord with functions satisfying SGc(f, g 1 , . . ., g n ) ∧ Mon(f, g 1 , . . ., g n ).
1) holds.In order to prove(2), note that, by definition, H ′ mix = H mix and H ′ sep = H sep .By the induction hypothesis,A ′ 0 ∧ B ′ 0 ∧ (H ′ \H ′ mix ) ∪ H ′ sep islogically equivalent to a corresponding conjunction A ′ 0 ∧ B ′ 0 containing as conjuncts all literals in A ′ 0 and B ′ 0 and all conclusions of rules in H ′ \H ′ mix and H ′ sep .On the other hand, A ′ 0 ∧ B ′ 0 is logically equivalent to A 0 ∧ B 0 ∧ (cRd), where (cRd) is the conclusion of the rule C ∈ H\H mix .This proves (2).Case 2b.Assume now that C is mixed, for instance that c 1 , . . ., c n , c are constants in A and d 1 , . . ., d n , d are constants in B. Assume that C is obtained from an instance of a clause of the form n i=1 x i R i s i (y) → f (x 1 , . . ., x n )Rg(y).(The case when C corresponds to an instance of a monotonicity axiom is similar.)This means that there exist c ≈ f (c 1 , . . ., c n ) ∈ D A and d i ≈ s i (e), d ≈ g(e) ∈ D B .C was chosen such that for each premise

9 .
. If K only contains combinations of clauses of type (5.1) then all clauses in K 0 ∧ Con[D A ∧ D B ] 0 satisfy the restrictions on H in Proposition 5.7.Thus Proposition 5.7 holds for H = K 0 ∧ Con[D A ∧ D B ] 0 .Therefore there exists a set T of Σ 0 ∪ Σ c -terms containing only constants common to A 0 and B 0 such that A 0 ∧ B 0 ∧ (H\H mix ) ∧ H sep .The statement of the theorem uses the description of H\H mix , denoted before by K A 0 ∧ K B 0 , as well as of H sep as K DA 0 Assume that the extension T 0 ⊆ T 0 ∪ K satisfies Assumptions 1-5, and that

)
There exists a ground Π c -formula I containing only constants and function symbols which occur both in A and B such that A |= T 1 I and B ∧ I |= T 1 ⊥ .

Assumption 4 :
T 1 is a local extension of T 0 ; and Given: Local extension T 0 ⊆ T 1 = T 0 ∪ K which satisfies Assumptions 1-5; Conjunctions A and B of literals over the signature of T 1 such that A ∧ B |= T1 ⊥ Task: Find an interpolant for A ∧ B, i.e. a formula I with A |= T1 I and I ∧ B |= T1 ⊥.

Theorem 7 . 1 .
where G 0 i and G 0 are clauses in the base theory and D i conjunctions of unit clauses of the form f (c 1 , . . ., c n ) = c, f ∈ Σ i \Σ 0 .With the notations above, assume that G 1 ∧ G 2 |= T 1 ∪T 2 ⊥.Then there exists a ground formula I, containing only constants shared by G 1 and G 2 , with G 1 |= T 1 ∪T 2 I and I ∧ G 2 |= T 1 ∪T 2 ⊥.
combination (say in CNF) of the common propositional variables occurring in N A and N B such that (N A ∧ P a ) |= I and (N B ∧ ¬P b ) ∧ I |=⊥ .But then A |= Bool a ≤ f (e 1 , . . ., e n ) and B |= Bool f (e 1 , . . ., e n ) ≤ b. (4)(b) The proof is similar to that of (4)(a) with the difference that in the renaming rules in the structure-preserving translation to clause form only the conjunction rules apply, hence N A and N B are sets of non-negative Horn clauses.We can saturate N A ∪ P a under resolution with selection on the negative literals in linear time.The saturated set N * A of clauses contains all unit clauses P e where e is subterm of A with A |= SLat a ≤ e.Only unit positive clauses P e where e occurs in both A and B can enter into resolution inferences with clauses in N B ∪ ¬P b and lead to a contradiction.Thus we proved that {P e | A |= SLat a ≤ e, e common subterm} ∧ N B ∧ ¬P b |=⊥ .This is equivalent to B |= SLat t ≤ b, where t = {e | A |= SLat a ≤ e, e common subterm of A and B} .Obviously, A |= SLat a ≤ t.

( 4 )
(c) The case of distributive lattices can be treated similarly.Due to the fact that in this case the renaming rules for ∨ and ∧ are taken into account, the sets N A and N B are not Horn.We adopt the same negative selection strategy.When saturating N A ∪ P a a finite set of positive clauses is generated, namely of the formP e 1 ∨ • • • ∨ P en where A |= DL a ≤ (e 1 ∨ • • • ∨ e n ).We consider a total ordering on the propositional variables where P e is larger than P g if e occurs in A and not in B and g occurs in both A and in B. Then the only inferences which can lead to a contradiction with N B ∪ ¬P b are those between the clauses in N * A which only contain common propositional variables.Thus we proved that { P e i | A |= DL a ≤ e i , e i common terms} ∧ N B ∧ ¬P b |=⊥ .This is equivalent to B |= DL t ≤ b, where t = { e i | A |= DL a ≤ e i , where all e i are common subterms of A and B}.Obviously, A |= DL a ≤ t.This work is licensed under the Creative Commons Attribution-NoDerivs License.To view a copy of this license, visit ØØÔ »»Ö Ø Ú ÓÑÑÓÒ×ºÓÖ »Ð Ò× ×» Ý¹Ò »¾º¼» or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
where C T i and C Γ i are as in the table below (the shared symbols are underlined):