SMT-LIB 3: Bringing higher-order logic to SMT Clark Barrett Pascal - - PowerPoint PPT Presentation

1/22

SMT-LIB 3: Bringing higher-order logic to SMT

Clark Barrett Pascal Fontaine Cesare Tinelli

Stanford University, USA The University of Iowa, USA Universit´ e de Lorraine, CNRS, Inria, LORIA, France

2/22

Disclaimer

Many things here

◮ are early work in progress ◮ are inconsistent with each other ◮ need to be concretely applied to reveal flaws ◮ have not been properly discussed with the SMT community ◮ will evolve

3/22

Credits

Based on inputs from Nikolaj Bjørner, Jasmin Blanchette, Koen Claessen, Tobias Nipkow, . . . , [your name here!]

4/22

SMT-LIB 2 Standard

◮ Widely adopted I/O language for SMT solvers

4/22

SMT-LIB 2 Standard

◮ Widely adopted I/O language for SMT solvers ◮ around 300,000 benchmarks

4/22

SMT-LIB 2 Standard

◮ Widely adopted I/O language for SMT solvers ◮ around 300,000 benchmarks ◮ Command language

◮ Stack-based, tell-and-ask execution model ◮ Benchmarks are command scripts ◮ Same online and offline behavior

4/22

SMT-LIB 2 Standard

◮ Widely adopted I/O language for SMT solvers ◮ around 300,000 benchmarks ◮ Command language

◮ Stack-based, tell-and-ask execution model ◮ Benchmarks are command scripts ◮ Same online and offline behavior

◮ Simple syntax

◮ Sublanguage of Common Lisp S-expressions ◮ Easy to parse ◮ Few syntactic categories

4/22

SMT-LIB 2 Standard

◮ Widely adopted I/O language for SMT solvers ◮ around 300,000 benchmarks ◮ Command language

◮ Stack-based, tell-and-ask execution model ◮ Benchmarks are command scripts ◮ Same online and offline behavior

◮ Simple syntax

◮ Sublanguage of Common Lisp S-expressions ◮ Easy to parse ◮ Few syntactic categories

◮ Powerful underlying logic

◮ Many sorted FOL with (pseudo-)parametric types ◮ Schematic theory declarations ◮ Semantic definition of theories

5/22

SMT-LIB 2 Concrete Syntax

Strict subset of Common Lisp S-expressions: spec constant ::= numeral | decimal | hexadecimal | binary | string s expr ::= spec constant | symbol | ( s expr∗ )

6/22

Example: Concrete Syntax

( declare−datatype L i s t ( par (X) ( ( n i l ) ( cons ( head X) ( t a i l ( L i s t X) ) ) ) ) ) ( declare−fun append (( L i s t I n t ) ( L i s t I n t ) ( L i s t I n t ) ) ) ( declare−const a I n t ) ( a s s e r t ( f o r a l l (( x ( L i s t I n t )) ( y ( L i s t I n t ) ) ) (= ( append x y ) ( i t e (= x ( as n i l ( L i s t I n t ) ) ) y ( l e t (( h ( head x )) ( t ( t a i l x ) ) ) ( cons h ( append t y )) ) ) ) ) ) ( a s s e r t (= ( append ( cons a ( as n i l ( L i s t I n t ) ) ) ( append ( cons 2 ( as n i l ( L i s t I n t ) ) ) n i l ) ) ) ( check−sat )

7/22

Example: TIP vs. SMT-LIB

( declare−datatypes () (( Nat ( Zero ) ( Succ ( pred Nat ) ) ) ) ) ( define−fun−rec p l u s (( x Nat ) ( y Nat )) Nat ( match x ( case Zero y ) ( case ( Succ n ) ( Succ ( p l u s n y ) ) ) ) ) ( assert−not ( f o r a l l (( n Nat ) (m Nat )) (= ( p l u s n m) ( p l u s m n ) ) ) ) ( check−sat )

8/22

Example: TIP vs. SMT-LIB

( declare−datatype Nat (( Zero ) ( Succ ( Pred Nat ) ) ) ) ( define−fun−rec p l u s (( x Nat ) ( y Nat )) Nat ( match x ( Zero y ) (( Succ n ) ( Succ ( p l u s n y ) ) ) ) ) ( a s s e r t ( not ( f o r a l l (( n Nat ) (m Nat )) (= ( p l u s n m) ( p l u s m n ) ) ) ) ) ( check−sat )

9/22

SMT-LIB vs. TIP

Many TIP features have been integrated into the SMT-LIB

◮ declare-datatypes: similar semantics, simplified syntax ◮ match (Section 3.5.1)

◮ No case keyword ◮ No default keyword: use variable (usable inside term)

◮ define-fun-rec was already in SMT-LIB 2.5 (Section 4.2.3) ◮ assert-not: Tagging a goal can be done with :named annotation ◮ par: parametric functions are not yet supported

TIP

This document does not yet cover mutual recursion (over data types or

• ver functions), or partial branches and partiality.

◮ SMT-LIB does cover mutual recursion, over functions and

data-types: define-funs-rec and declare-datatypes

◮ partiality is not covered

10/22

From Many-sorted FOL to HOL

Motivation:

◮ Several hammers for ITP systems use SMT solvers ◮ New communities are extending SMT-LIB with HOL features

(for synthesis, inductive reasoning, symbolic computation, . . . ) Goals:

◮ Serve these new users and other non-traditional users ◮ Maintain backward compatibility as much as possible

11/22

From Many-sorted FOL to HOL

Plan:

◮ Adopt (Gordon’s) HOL with parametric types, rank-1

polymorphism, and extensional equality

◮ Extend syntax by introducing → type, λ and ε binders ◮ Make all function symbols Curried ◮ Enable higher-order quantification ◮ Keep SMT-LIB 2 constructs/notions but define them

in terms of HOL

12/22

SMT-LIB 3: Basic Concrete Syntax for Sorts (Types)

indentifier ::= symbol | ( symbol label+ ) σ sort ::= identifier | ( -> sort+ sort ) | ( identifier sort+ ) τ par sort ::= sort | ( par ( symbol+ ) sort )

• > predefined right-associative type constructor

13/22

SMT-LIB 3: Basic Concrete Syntax for Terms

sorted var ::= ( symbol sort ) term ::= spec constant | identifier | ( term term ) | ( lambda ( sorted var ) term ) | ( choose ( sorted var ) term ) | ( ! term attribute+ )

14/22

SMT-LIB 3: Extended Concrete Syntax for Terms

◮ (t1 t2 t3 · · · tn) := ((t1 t2) t3 · · · tn)

14/22

SMT-LIB 3: Extended Concrete Syntax for Terms

◮ (t1 t2 t3 · · · tn) := ((t1 t2) t3 · · · tn) ◮ (lambda ((x σ) (x1 σ1) · · · (xn σn)) ϕ) :=

(lambda ((x σ)) (lambda ((y1 σ1) · · · (yn σn)) ϕ[yi/xi])) with yi fresh

14/22

SMT-LIB 3: Extended Concrete Syntax for Terms

◮ (t1 t2 t3 · · · tn) := ((t1 t2) t3 · · · tn) ◮ (lambda ((x σ) (x1 σ1) · · · (xn σn)) ϕ) :=

(lambda ((x σ)) (lambda ((y1 σ1) · · · (yn σn)) ϕ[yi/xi])) with yi fresh

◮ (let ((x1 t1) · · · (xn tn)) t) :=

((lambda ((x1 σ1) · · · (xn σn)) t) t1 · · · tn) where σi is the sort of ti

14/22

SMT-LIB 3: Extended Concrete Syntax for Terms

◮ (t1 t2 t3 · · · tn) := ((t1 t2) t3 · · · tn) ◮ (lambda ((x σ) (x1 σ1) · · · (xn σn)) ϕ) :=

(lambda ((x σ)) (lambda ((y1 σ1) · · · (yn σn)) ϕ[yi/xi])) with yi fresh

◮ (let ((x1 t1) · · · (xn tn)) t) :=

((lambda ((x1 σ1) · · · (xn σn)) t) t1 · · · tn) where σi is the sort of ti

◮ (forall ((x σ)) ϕ) :=

(= (lambda ((x σ)) ϕ) (lambda ((x σ)) true)) (forall ((x1 σ1) (x2 σ2) · · · (xn σn)) ϕ) := (forall ((x1 σ1)) (forall ((x2 σ2) · · · (xn σn)) ϕ))

14/22

SMT-LIB 3: Extended Concrete Syntax for Terms

◮ (t1 t2 t3 · · · tn) := ((t1 t2) t3 · · · tn) ◮ (lambda ((x σ) (x1 σ1) · · · (xn σn)) ϕ) :=

(lambda ((x σ)) (lambda ((y1 σ1) · · · (yn σn)) ϕ[yi/xi])) with yi fresh

◮ (let ((x1 t1) · · · (xn tn)) t) :=

((lambda ((x1 σ1) · · · (xn σn)) t) t1 · · · tn) where σi is the sort of ti

◮ (forall ((x σ)) ϕ) :=

(= (lambda ((x σ)) ϕ) (lambda ((x σ)) true)) (forall ((x1 σ1) (x2 σ2) · · · (xn σn)) ϕ) := (forall ((x1 σ1)) (forall ((x2 σ2) · · · (xn σn)) ϕ))

◮ (choose ((x1 σ1) · · · (xn σn)) ϕ) := . . .

14/22

SMT-LIB 3: Extended Concrete Syntax for Terms

◮ (t1 t2 t3 · · · tn) := ((t1 t2) t3 · · · tn) ◮ (lambda ((x σ) (x1 σ1) · · · (xn σn)) ϕ) :=

(lambda ((x σ)) (lambda ((y1 σ1) · · · (yn σn)) ϕ[yi/xi])) with yi fresh

◮ (let ((x1 t1) · · · (xn tn)) t) :=

((lambda ((x1 σ1) · · · (xn σn)) t) t1 · · · tn) where σi is the sort of ti

◮ (forall ((x σ)) ϕ) :=

(= (lambda ((x σ)) ϕ) (lambda ((x σ)) true)) (forall ((x1 σ1) (x2 σ2) · · · (xn σn)) ϕ) := (forall ((x1 σ1)) (forall ((x2 σ2) · · · (xn σn)) ϕ))

◮ (choose ((x1 σ1) · · · (xn σn)) ϕ) := . . . ◮ (exists ((x1 σ1) · · · (xn σn)) ϕ) := . . .

15/22

SMT-LIB 3: Commands

◮ As in SMT-LIB 2 ◮ Fed to the solver’s standard input channel or stored in a file ◮ Look like Lisp function calls: ( comm name arg∗ ) ◮ Operate on an stack of assertion sets ◮ Cause solver to outputs an S-expression to the standard

• utput/error channel

◮ Four categories:

◮ assertion-set commands, modify the assertion set stack ◮ post-check commands, query about the assertion sets ◮ option commands, set solver parameters ◮ diagnostic commands, get solver diagnostics

16/22

SMT-LIB 3: Assertion-Set Commands

(declare-sort s n)

Example: (declare-sort Elem 0) (declare-sort Set 1) Effect: declares sort symbol s with arity n

(define-sort s (u1 · · · un) σ)

Example: (define-sort MyArray (u) (Array Int u)) Effect: enables the use of (MyArray Real) as a shorthand for (Array Int Real)

17/22

SMT-LIB 3: Assertion-Set Commands

(declare-const f τ)

Example: (declare-const a (Array Int Real)) (declare-const g (-> Int Int Int)) (declare-const len (par (X) (-> (List X) Int))) Effect: declares f with type τ

(declare-fun f (σ1 · · · σn) σ)

Example: (declare-fun a () (Array Int Real)) (declare-fun g (Int Int) Int) Effect: same as (declare-const f (-> σ1 · · · σn σ))

(declare-fun f (par (u1 · · · un) (σ1 · · · σn) σ))

Example: (declare-fun len (par (X) ((List X)) Int)) Effect: same as (declare-const f (par (u1 · · · un) (-> σ1 · · · σn σ)))

18/22

SMT-LIB 3: Assertion-Set Commands

(set-logic s) deprecated!

19/22

SMT-LIB 3: set-logic replacements

(import-sorts T [(σ1 · · · σn)])

Example: (import-sort Arrays) (import-sort Reals Int (Real Int)) (import-sort Arrays ((par (X) (Array Int X)))) Effect: Import all instances of sorts [σ1 · · · σn] in theory T

(deport-sorts T (σ1 · · · σn))

Example: (deport-sort Reals Int (Real)) (deport-sort Arrays ((par (X Y) (Array Int (Array X Y))))) Effect: Remove for imported sort set all instances of sorts σ1 · · · σn in theory T

20/22

SMT-LIB 3: set-logic replacements

(import-funs T [(f1 · · · fn)])

Example: (import-funs Arrays) (import-funs Reals Int (- NUMERALS (+ Int Int Int))) (import-funs Arrays ((par (X) (store Int (Array Int X) X)))) Effect: Import all instances of function symbols f1 · · · fn in theory T over imported sorts

(deport-funs T (f1 · · · fn))

Example: (deport-fun Reals Int (/ div mod *)) (deport-fun Arrays (store)) Effect: disable all instances of function symbols f1 · · · fn in theory T over imported sorts

21/22

SMT-LIB 3: set-logic replacements

(enable (l1 · · · ln))

Example: (enable (order-1 user-declarations datatypes)) (enable (order-1 closures quantifiers)) (enable (order-2 quantifiers)) Effect: enable the listed syntactic features

(disable (l1 · · · ln))

Example: (disable (closures choice)) (disable (recursive-definitions quantifiers)))) Effect: disable the listed syntactic features

22/22

Conclusion

◮ Most TIP features are or will be included in SMT-LIB ◮ A more modular presentation of the format (extensions) ◮ Better handling of combination of theories ◮ What next?