Higher-Order SMT Solving (W ork in Progress ) n m N Haniel Barbosa 1 - - PowerPoint PPT Presentation

Higher-Order SMT Solving

(Work in Progress) n m N Haniel Barbosa1 Andrew Reynolds1 Pascal Fontaine2 Daniel El Ouraoui2 Cesare Tinelli1

University of Iowa, Iowa City, USA

haniel-barbosa,cesare-tinelli@uiowa.edu,andrew.j.reynolds@gmail.com

University of Lorraine, CNRS, Inria, and LORIA, Nancy, France

daniel.el-ouraoui,pascal.fontaine@inria.fr

21st July 2018

Contents

1 Introduction 2 Towards Higher-Order 3 CVC4 approach 4 veriT approach 5 Conclusions

Contents

1 Introduction 2 Towards Higher-Order 3 CVC4 approach 4 veriT approach 5 Conclusions

Why Higher-Order (HO)

Higher-Order logic

Expressive

Mathematics Verification conditions

The language of proof assistants

Isabelle, Coq, Agda

Automation

Hard to automatize Few provers to reason on it LEO-II, Leo-III, Satalax

Challenge

New techniques for SMT Avoid automatic translation

Summary

Two procedures cvc4 University of Stanford/Iowa (http://cvc4.cs.stanford.edu/web)

veriT Université de Lorraine/UFRN (http://www.verit-solver.org)

Features Predicate calculus λ-free λ-calculus function

• predicate
• functional arguments

✗

• quantification on objects
• quantification on predicates

✗

• quantification on functions

✗

• partial applications

✗

• anonymous functions

✗ ✗

Contents

1 Introduction 2 Towards Higher-Order 3 CVC4 approach 4 veriT approach 5 Conclusions

First-Order to Higher-Order with CDCL(T)

Ground ¬(f a b ≃ b) ∧ g ≃ f a ∧ f a (f a b) ≃ g b ∧ ∀xy f x ≃ f y ⇒ x ≃ y Ground part described by the conjunctive sets of literals E Qantified part described by the sets of quantified formulas Q Check if E ∪ Q is consistent

First-Order to Higher-Order with CDCL(T)

Ground ¬(f a b ≃ b) ∧ g ≃ f a ∧ f a (f a b) ≃ g b ∧ ∀xy f x ≃ f y ⇒ x ≃ y Instantiation Ground part described by the conjunctive sets of literals E Qantified part described by the sets of quantified formulas Q Check if E ∪ Q is consistent

First-Order to Higher-Order with CDCL(T)

Ground ¬(f a b ≃ b) ∧ g ≃ f a ∧ f a (f a b) ≃ g b ∧ ∀xy f x ≃ f y ⇒ x ≃ y Instantiation Ground part described by the conjunctive sets of literals E Qantified part described by the sets of quantified formulas Q Check if E ∪ Q is consistent

Lift up SMT solver

Ground Applicative encoding Suitable data-structure Instantiation E-matching extension

Contents

1 Introduction 2 Towards Higher-Order 3 CVC4 approach 4 veriT approach 5 Conclusions

Applicative encoding

encoding

For all terms of the shape (((fτ1→...→τn→σ a1) . . .) an)) : σ given a unique symbol @ we have the translation App defined as following: App(((f a1) . . .) an)) = @(@(. . . @(f , a1), . . . , an))

f a b ≃ b ∧ f a (f a b) ≃ g b @(@(f , a), b) ≃ b ∧ @(@(f , a), @(@(f , a), b)) ≃ @(g, b) where f , g become constant symbols

Applicative encoding

encoding

For all terms of the shape (((fτ1→...→τn→σ a1) . . .) an)) : σ given a unique symbol @ we have the translation App defined as following: App(((f a1) . . .) an)) = @(@(. . . @(f , a1), . . . , an))

app translation f a b ≃ b ∧ f a (f a b) ≃ g b @(@(f , a), b) ≃ b ∧ @(@(f , a), @(@(f , a), b)) ≃ @(g, b) where f , g become constant symbols

Lazy encoding

Turn all partial applications into total Use first-order procedure on App(E) Add remaining equalites between regular terms E′ = App(E) ∪ {App(f (a1, ..., an)) ≃ f (a1, ..., an), ...} Do it only for partial function symbols Check again E′

Example

f a ≃ g ∧ f (a, a) ≃ g(a) ∧ g(a) ≃ h(a) ⇒ {@(f , a) ≃ g, f (a, a) ≃ g(a), g(a) ≃ h(a)} ⊆ E

Lazy encoding

Turn all partial applications into total Use first-order procedure on App(E) Add remaining equalites between regular terms E′ = App(E) ∪ {App(f (a1, ..., an)) ≃ f (a1, ..., an), ...} Do it only for partial function symbols Check again E′

Example

f a ≃ g ∧ f (a, a) ≃ g(a) ∧ g(a) ≃ h(a) ⇒ {@(f , a) ≃ g, f (a, a) ≃ g(a), g(a) ≃ h(a)} ⊆ E E ∪ {@(@(f , a), a) ≃ f (a, a), @(g, a) ≃ g(a)} ⇒ @(@(f , a), a) ≃ @(g, a)

Extentionality

(∀¯ x f (¯ x) ≃ g(¯ x)) ↔ f ≃ g The “←” direction is ensured by the functional congruence axiom: f ≃ g → (∀¯ x f (¯ x) ≃ g(¯ x)) The “→” direction is ensured by f (¯ k) ≃ g(¯ k) for some Skolem ¯ k f (¯ k) ≃ g(¯ k) ∨ f ≃ g is added for each pair of functions of finite type

Model generation

For each satisfiable problem produce a first-order model M f1(0) ≃ f1(1) ∧ f1(1) ≃ f2 f2(0) ≃ f2(1) ∧ f2(1) ≃ 2

f1 : Int × Int → Int, and f2 : Int → Int

Model construction

M(f1) = λxy ite(x ≃ 0, λx ite(x ≃ 1, 2, _)(y), ite(x ≃ 1, λx ite(x ≃ 1, 2, _)(y), _))

Polynomial construction

M(f1) = λxy ite(x ≃ 0, M(f2)(y), ite(x ≃ 1, M(f2)(y), _)) M(f2) = λx ite(x ≃ 1, 2, _)

Trigger based instantiation

Triggers

A trigger T for a quantified formula ∀xn.ψ is a set of non-ground terms u1, . . . , un ∈ T(ψ) such that: {x} ⊆ FV(u1) ∪ . . . ∪ FV(un).

E-matching

Given a conjunctive set of equality literals E and terms u and t, with t ground, the E-matching problem is that of finding a substitution σ such that E | = uσ ≃ t. E = {f (a) ≃ g(b), a ≃ g(b)} Q = {∀x f (g(x)) ≃ g(x)} f (a) E-matches f (g(x)) under {x → b}

E-matching

E-matching relies on indexing term by head symbols for efficiency At Higher-Order level two applications can be equals with different head symbol f ≃ g ∧ f a ≃ g b Common term indexing First-order E-matching with applicative encoding and suitable indexing

E-matching

ϕ = q(k(0, 1)) ∧ ¬p(k(0, 0)) ∧ ∀(f : Int × Int → Int) (y, z : Int). p(f (y, z)) ∨ ¬q(f (1, y))

Extend first-order E-matching to derive new lambda expressions From Huet’s algorithm to higher-order matching Unsatisfiable with regular Henkin semantics {f → λw1w2. k(0, w1), y → 0, z → 0}

Evaluation

10−2 10−1 100 101

cvc4

10−2 10−1 100 101

cvcho hosmt vs smt-lib

10−2 10−1 100 101

cvc4

10−2 10−1 100 101

cvcho smt-lib

Figure: Time comparison of cvc4 configurations on “Judgement day” benchmarks.

hosmt smt-lib #unsat avg time (s) #unsat avg time (s) cvc4-ho 648 1.08 662 1.02 cvc4 4 0.06 662 1.01

Table: cvc4 configurations on “Judgement day” benchmarks with 60s timeout.

Contents

1 Introduction 2 Towards Higher-Order 3 CVC4 approach 4 veriT approach 5 Conclusions

Congruence closure

Theory of equality TE Σf = {a, b, f , g, . . .} Σp = {=, p, q, . . .} ∀(x : τ) x = x (reflexivity) ∀(xy : τ) x = y ⇒ y = x (symmetry) ∀(xyz : τ) (x = y ⇒ y = z) ⇒ x = z (transitivity)

HO congruence

x = y ⇒ f x = f y (right cong) f = g ⇒ f x = g x (lef cong)

Congruence closure

Deciding a conjunction of TE: How can we check whether a set of TE is satisfiable ? Union find algorithm Optimal time complexity: O(n log n) Graphs with connected component Not optimal time complexity: O(n2)

Evaluation

10−1 100 101 102

veriT-ho

10−1 100 101 102

cvc4

10−1 100 101 102

veriT

10−1 100 101 102

veriT-ho

Figure: Time comparison of cvc4 veriT and veriT-Ho on QFUF benchmarks.

Contents

1 Introduction 2 Towards Higher-Order 3 CVC4 approach 4 veriT approach 5 Conclusions

Conclusions and future directions

No significant overhead HO ATPs such LEO-II, Leo-III, Satalax should be investigated Towards an effective and refutationally complete calculus Improving and extend veriT in the same fashion