Higher-Order SMT Solving (W ork in Progress ) n m N Haniel Barbosa 1 - PowerPoint PPT Presentation

Higher-Order SMT Solving (W ork in Progress ) n m N Haniel Barbosa 1 Andrew Reynolds 1 Pascal Fontaine 2 Daniel El Ouraoui 2 Cesare Tinelli 1 University of Iowa, Iowa City, USA haniel-barbosa,cesare-tinelli@uiowa.edu,andrew.j.reynolds@gmail.com University of Lorraine, CNRS, Inria, and LORIA, Nancy, France daniel.el-ouraoui,pascal.fontaine@inria.fr 21st July 2018

Contents 1 Introduction 2 Towards Higher-Order 3 CVC4 approach 4 veriT approach 5 Conclusions

Contents 1 Introduction 2 Towards Higher-Order 3 CVC4 approach 4 veriT approach 5 Conclusions

Why Higher-Order (HO) Higher-Order logic Automation Expressive Hard to automatize Mathematics Few provers to reason on it Verification conditions LEO-II, Leo-III, Satalax The language of proof assistants Isabelle, Coq, Agda Challenge New techniques for SMT Avoid automatic translation

Summary Two procedures cvc4 University of Stanford/Iowa ( http://cvc4.cs.stanford.edu/web ) veriT Université de Lorraine/UFRN ( http://www.verit-solver.org )

Features Predicate calculus λ -free λ -calculus function � � � predicate � � � functional arguments � � ✗ quantification on objects � � � quantification on predicates ✗ � � quantification on functions ✗ � � partial applications ✗ � � anonymous functions ✗ ✗ �

Contents 1 Introduction 2 Towards Higher-Order 3 CVC4 approach 4 veriT approach 5 Conclusions

First-Order to Higher-Order with CDCL(T) Ground ¬ ( f a b ≃ b ) ∧ g ≃ f a ∧ f a ( f a b ) ≃ g b ∧ ∀ xy f x ≃ f y ⇒ x ≃ y Ground part described by the conjunctive sets of literals E Qantified part described by the sets of quantified formulas Q Check if E ∪ Q is consistent

First-Order to Higher-Order with CDCL(T) Ground ¬ ( f a b ≃ b ) ∧ g ≃ f a ∧ f a ( f a b ) ≃ g b ∧ ∀ xy f x ≃ f y ⇒ x ≃ y Instantiation Ground part described by the conjunctive sets of literals E Qantified part described by the sets of quantified formulas Q Check if E ∪ Q is consistent

First-Order to Higher-Order with CDCL(T) Ground ¬ ( f a b ≃ b ) ∧ g ≃ f a ∧ f a ( f a b ) ≃ g b ∧ ∀ xy f x ≃ f y ⇒ x ≃ y Instantiation Ground part described by the conjunctive sets of literals E Qantified part described by the sets of quantified formulas Q Check if E ∪ Q is consistent

Lift up SMT solver Ground Applicative encoding Suitable data-structure Instantiation E-matching extension

Contents 1 Introduction 2 Towards Higher-Order 3 CVC4 approach 4 veriT approach 5 Conclusions

Applicative encoding encoding For all terms of the shape ((( f τ 1 → ... → τ n → σ a 1 ) . . . ) a n )) : σ given a unique symbol @ we have the translation App defined as following: App ((( f a 1 ) . . . ) a n )) = @(@( . . . @( f , a 1 ) , . . . , a n )) f a b ≃ b ∧ f a ( f a b ) ≃ g b @(@( f , a ) , b ) ≃ b ∧ @(@( f , a ) , @(@( f , a ) , b )) ≃ @( g , b ) where f , g become constant symbols

Applicative encoding encoding For all terms of the shape ((( f τ 1 → ... → τ n → σ a 1 ) . . . ) a n )) : σ given a unique symbol @ we have the translation App defined as following: App ((( f a 1 ) . . . ) a n )) = @(@( . . . @( f , a 1 ) , . . . , a n )) app translation f a b ≃ b ∧ f a ( f a b ) ≃ g b @(@( f , a ) , b ) ≃ b ∧ @(@( f , a ) , @(@( f , a ) , b )) ≃ @( g , b ) where f , g become constant symbols

Lazy encoding Turn all partial applications into total Use first-order procedure on App ( E ) Add remaining equalites between regular terms E ′ = App ( E ) ∪ { App ( f ( a 1 , ..., a n )) ≃ f ( a 1 , ..., a n ) , ... } Do it only for partial function symbols Check again E ′ Example f a ≃ g ∧ f ( a , a ) �≃ g ( a ) ∧ g ( a ) ≃ h ( a ) ⇒ { @( f , a ) ≃ g , f ( a , a ) �≃ g ( a ) , g ( a ) ≃ h ( a ) } ⊆ E

Lazy encoding Turn all partial applications into total Use first-order procedure on App ( E ) Add remaining equalites between regular terms E ′ = App ( E ) ∪ { App ( f ( a 1 , ..., a n )) ≃ f ( a 1 , ..., a n ) , ... } Do it only for partial function symbols Check again E ′ Example f a ≃ g ∧ f ( a , a ) �≃ g ( a ) ∧ g ( a ) ≃ h ( a ) ⇒ { @( f , a ) ≃ g , f ( a , a ) �≃ g ( a ) , g ( a ) ≃ h ( a ) } ⊆ E E ∪ { @(@( f , a ) , a ) ≃ f ( a , a ) , @( g , a ) ≃ g ( a ) } ⇒ @(@( f , a ) , a ) ≃ @( g , a )

Extentionality ( ∀ ¯ x f (¯ x ) ≃ g (¯ x )) ↔ f ≃ g The “ ← ” direction is ensured by the functional congruence axiom: f ≃ g → ( ∀ ¯ x f (¯ x ) ≃ g (¯ x )) The “ → ” direction is ensured by f (¯ k ) �≃ g (¯ k ) for some Skolem ¯ k f (¯ k ) �≃ g (¯ k ) ∨ f ≃ g is added for each pair of functions of finite type

Model generation For each satisfiable problem produce a first-order model M f 1 ( 0 ) ≃ f 1 ( 1 ) ∧ f 1 ( 1 ) ≃ f 2 f 2 ( 0 ) ≃ f 2 ( 1 ) ∧ f 2 ( 1 ) ≃ 2 f 1 : Int × Int → Int, and f 2 : Int → Int Model construction M ( f 1 ) = λ xy ite ( x ≃ 0 , λ x ite ( x ≃ 1 , 2 , _ )( y ) , ite ( x ≃ 1 , λ x ite ( x ≃ 1 , 2 , _ )( y ) , _ )) Polynomial construction M ( f 1 ) = λ xy ite ( x ≃ 0 , M ( f 2 )( y ) , ite ( x ≃ 1 , M ( f 2 )( y ) , _ )) M ( f 2 ) = λ x ite ( x ≃ 1 , 2 , _ )

Trigger based instantiation Triggers A trigger T for a quantified formula ∀ x n .ψ is a set of non-ground terms u 1 , . . . , u n ∈ T ( ψ ) such that: { x } ⊆ FV ( u 1 ) ∪ . . . ∪ FV ( u n ) . E -matching Given a conjunctive set of equality literals E and terms u and t , with t ground, the E -matching problem is that of finding a substitution σ such that E | = u σ ≃ t . E = { f ( a ) ≃ g ( b ) , a ≃ g ( b ) } Q = {∀ x f ( g ( x )) �≃ g ( x ) } f ( a ) E -matches f ( g ( x )) under { x �→ b }

E-matching E -matching relies on indexing term by head symbols for efficiency At Higher-Order level two applications can be equals with different head symbol f ≃ g ∧ f a ≃ g b Common term indexing First-order E -matching with applicative encoding and suitable indexing

E-matching ϕ = q ( k ( 0 , 1 )) ∧ ¬ p ( k ( 0 , 0 )) ∧ ∀ ( f : Int × Int → Int ) ( y , z : Int ) . p ( f ( y , z )) ∨ ¬ q ( f ( 1 , y )) Extend first-order E -matching to derive new lambda expressions From Huet’s algorithm to higher-order matching Unsatisfiable with regular Henkin semantics { f �→ λ w 1 w 2 . k ( 0 , w 1 ) , y �→ 0 , z �→ 0 }

Evaluation hosmt vs smt-lib smt-lib 10 1 10 1 cvcho cvcho 10 0 10 0 10 − 1 10 − 1 10 − 2 10 − 2 10 − 2 10 − 1 10 0 10 1 10 − 2 10 − 1 10 0 10 1 cvc4 cvc4 Figure: Time comparison of cvc 4 configurations on “Judgement day” benchmarks. hosmt smt-lib #unsat avg time (s) #unsat avg time (s) cvc 4 - ho 648 1.08 662 1.02 cvc 4 4 0.06 662 1.01 Table: cvc 4 configurations on “Judgement day” benchmarks with 60s timeout.

Contents 1 Introduction 2 Towards Higher-Order 3 CVC4 approach 4 veriT approach 5 Conclusions

Congruence closure Theory of equality T E Σ f = { a , b , f , g , . . . } Σ p = { = , p , q , . . . } ∀ ( x : τ ) x = x (reflexivity) ∀ ( xy : τ ) x = y ⇒ y = x (symmetry) ∀ ( xyz : τ ) ( x = y ⇒ y = z ) ⇒ x = z (transitivity) HO congruence x = y ⇒ f x = f y (right cong) f = g ⇒ f x = g x (lef cong)

Congruence closure Deciding a conjunction of T E : How can we check whether a set of T E is satisfiable ? Union find algorithm Optimal time complexity: O ( n log n ) Graphs with connected component Not optimal time complexity: O ( n 2 )

Evaluation 10 2 10 2 veriT-ho 10 1 10 1 cvc4 10 0 10 0 10 − 1 10 − 1 10 − 1 10 0 10 1 10 2 10 − 1 10 0 10 1 10 2 veriT-ho veriT Figure: Time comparison of cvc 4 veriT and veriT -Ho on QFUF benchmarks.

Contents 1 Introduction 2 Towards Higher-Order 3 CVC4 approach 4 veriT approach 5 Conclusions

Conclusions and future directions No significant overhead HO ATPs such LEO-II, Leo-III, Satalax should be investigated Towards an effective and refutationally complete calculus Improving and extend veriT in the same fashion