Constrained Horn Clauses ( and Refinement Types) Toby Cathcart Burn, - - PowerPoint PPT Presentation
Higher-Order Constrained Horn Clauses ( and Refinement Types) Toby Cathcart Burn, Luke Ong and Steven Ramsay University of Oxford l l e e t t add add x y = x + y l l e e t t r e c it iter er f m n = i i f f n 0 t t h h e
Toby Cathcart Burn, Luke Ong and Steven Ramsay
University of Oxford
add x y = x + y
iter er f m n =
ter f m (n-1))
iter er add add 0 n)
π¨ = π¦ + π§ π©ππ π¦ π§ π¨ π β€ 0 π±πππ π π π π π > 0 β§ π±πππ π π π β 1 π β§ π π π π π±πππ π π π π π±πππ π©ππ 0 π π π β€ π
add x y = x + y
iter er f m n =
ter f m (n-1))
iter er add add 0 n)
Higher-order βunknownβ relations: π½π’ππ βΆ int β int β int β bool β int β int β int β bool Quantification at higher-sorts: β at sort int β int β int β bool Literals headed by variables: π π π π βΆ bool π¨ = π¦ + π§ π©ππ π¦ π§ π¨ π β€ 0 π±πππ π π π π π > 0 β§ π±πππ π π π β 1 π β§ π π π π π±πππ π π π π π±πππ π©ππ 0 π π π β€ π
semantics of sorts
All functions from π π to π π
Two truth values, πΊ β π
All of the integers
There is some predicate on sets of integers that makes π» true in β³
and the monotone semantics
Satisfiable systems of higher-order constrained Horn clauses do not necessarily possess least models. (Least with respect to inclusion of relations)
Satisfiable systems of higher-order constrained Horn clauses do not necessarily possess least models. (Least with respect to inclusion of relations)
π one = β πΈ βΆ
πΉ βΆ one β bool
π one = β π one β bool = 1 π
β bool = π πΊ π π π πΊ π π π πΊ π π π πΊ π π (β πΊ) (β π)
π½ πΈ π πΊ π π = πΊ π½ πΈ π πΊ π π = πΊ π½ πΈ π πΊ π π = π π½ πΈ π πΊ π π = π π½ πΉ = π πΈ βΆ
πΉ βΆ one β bool
πΎ πΈ π πΊ π π = π πΎ πΈ π πΊ π π = πΊ πΎ πΈ π πΊ π π = πΊ πΎ πΈ π πΊ π π = π πΎ πΉ = π πΈ βΆ
πΉ βΆ one β bool
πΎ πΈ π πΊ π π = π πΎ πΈ π πΊ π π = πΊ πΎ πΈ π πΊ π π = πΊ πΎ πΈ π πΊ π π = π πΎ πΉ = π π½ πΉ = π π½ πΈ π πΊ π π = πΊ π½ πΈ π πΊ π π = πΊ π½ πΈ π πΊ π π = π π½ πΈ π πΊ π π = π
π πΊ π π π = π π πΊ π π π = πΊ
β β
semantics of sorts
All monotone functions from π π to π π
Two truth values, πΊ β π
All of the integers, ordered discretely
There is some monotone predicate on sets of integers that makes π» true in β³
βπ§π¨. π¦ π§ β§ π§ π¨ π¦ β¦ 1
π int β bool All sets of integers π int β bool β bool All upward closed sets of sets of integers π int β bool β bool β bool All upward closed sets of upward closed sets of sets
semantics
Completely standard satisfiability problem (modulo background theory) in higher-order logic. Bespoke satisfiability problem with highly restricted class of models. No least model Least model arising in the usual way
semantics
Given set of higher-order constrained horn clauses H:
semantics of H.
semantics of H, there is a (standard) model π½(π½) of the standard semantics of H.
Mapping models means mapping relations:
π int β bool β bool β bool π int β bool β bool β bool
Mapping models means mapping relations:
π int β bool β bool β bool
From monotone to standard: inclusion?
π½ β¨π βπ¦: int β bool β bool. π’π π£π β πΈ π¦ π½ πΈ = {π β π¬ π¬ β€ βΆ X upward closed } π½ βπ βπ¦: int β bool β bool. π’π π£π β πΈ π¦ π int β bool β bool β bool
Inclusion: constructs relations that are typically too small
πΎ π π’ = απ (π’) ππ π’ β π int β bool β bool πΊ ππ’βππ π₯ππ‘π π int β bool β bool β bool π int β bool β bool β bool π int β bool β bool π int β bool β bool β bool πΎ
Complementary inclusion: constructs relations that are typically too large
πΎπ π π’ = απ (π’) ππ π’ β π int β bool β bool π ππ’βππ π₯ππ‘π π int β bool β bool β bool π int β bool β bool β bool π int β bool β bool π int β bool β bool β bool πΎπ
Determine the value of standard relation πΎ(π ) on non-(hereditarily) monotone input π’ by considering the value of π on: The largest (hereditarily) monotone relation of at most π’ The smallest (hereditarily) monotone relation of at least π’
π½ π 1 = π 1 , 1,2 , 1,2,3 , β¦ πΎ π 1 = π β
π π π π π π π½π ππ ππ πΎπ
The uniquely determined upper adjoint of πΎπ The uniquely determined lower adjoint of π½π
π½ππππ(π) π½πππ’βπ(π ) π½π1βπ2(π ) π π½π β π π½π2 β π β ππ1 = = = πΎππππ(π) πΎπππ’βπ(π ) πΎπ1βπ2(π ) π πΎπ β π πΎπ2 β π β ππ1 = = =
For each sort of relations π:
Given set of higher-order constrained horn clauses H:
interpretation of H there is a (monotone) model π(πΎ) of the monotone interpretation of H.
interpretation of H, there is a (standard) model π½(π½) of the standard interpretation of H.
π π π π π π π½π ππ ππ πΎπ
in the rest of the paper
A refinement type system for solving the monotone satisfiability problem:
In models satisfying Ξ β¦ β¦ the truth of goal π» β¦ β¦ is bounded above by constraint π Typability reduces to first-order constrained Horn clause solving Given any refinement type π and any goal term π», π» βΆ π can be expressed as a higher-order constrained Horn clause.
work
Higher-order program safety problem Higher-order constrained Horn clause problem First-order constrained Horn clause problem πππ’ refined by π βΆ πππ’ β ππππ πππ‘π’ refined by π βΆ π½ β ππππ β πππ‘π’ π½ β ππππ relative completeness? problem reduction? Refinements of type constructors:
Thanks.
Constraint e.g. x > 3 Atom e.g. Iter f m (n-1) p e.g. f n p r Relational βunknownβ e.g. Iter
At ππππ: π ππππ = π ππππ πΎππππ is the identity with upper adjoint πππππ also the identity At πππ’ β ππππ: π πππ’ β ππππ = π πππ’ β ππππ πΎπππ’βππππ π = πΎππππ β π = π is the identity with upper adjoint ππππ’βππππ also the identity At πππ’ β ππππ β ππππ: π πππ’ β ππππ β ππππ β π πππ’ β ππππ β ππππ πΎ πππ’βππππ βππππ π = πΎππππ β π β ππππ’βππππ = π is an inclusion π πππ’βππππ βππππ π‘ = α« π’ β π πππ’ β ππππ β ππππ πΎ πππ’βππππ βππππ π’ β π‘ πΎππππ(π) πΎπππ’βπ(π ) πΎπ1βπ2(π ) π πΎπ β π πΎπ2 β π β ππ1 = = = = α« π’ β π πππ’ β ππππ β ππππ π’ β π‘