SMT-LIB 3: Bringing higher-order logic to SMT Clark Barrett Pascal - PowerPoint PPT Presentation

SMT-LIB 3: Bringing higher-order logic to SMT Clark Barrett Pascal Fontaine Cesare Tinelli Stanford University, USA The University of Iowa, USA Universit´ e de Lorraine, CNRS, Inria, LORIA, France 1/22

Disclaimer Many things here ◮ are early work in progress ◮ are inconsistent with each other ◮ need to be concretely applied to reveal flaws ◮ have not been properly discussed with the SMT community ◮ will evolve 2/22

Credits Based on inputs from Nikolaj Bjørner, Jasmin Blanchette, Koen Claessen, Tobias Nipkow, . . . , [your name here!] 3/22

SMT-LIB 2 Standard ◮ Widely adopted I/O language for SMT solvers 4/22

SMT-LIB 2 Standard ◮ Widely adopted I/O language for SMT solvers ◮ around 300,000 benchmarks 4/22

SMT-LIB 2 Standard ◮ Widely adopted I/O language for SMT solvers ◮ around 300,000 benchmarks ◮ Command language ◮ Stack-based, tell-and-ask execution model ◮ Benchmarks are command scripts ◮ Same online and offline behavior 4/22

SMT-LIB 2 Standard ◮ Widely adopted I/O language for SMT solvers ◮ around 300,000 benchmarks ◮ Command language ◮ Stack-based, tell-and-ask execution model ◮ Benchmarks are command scripts ◮ Same online and offline behavior ◮ Simple syntax ◮ Sublanguage of Common Lisp S-expressions ◮ Easy to parse ◮ Few syntactic categories 4/22

SMT-LIB 2 Standard ◮ Widely adopted I/O language for SMT solvers ◮ around 300,000 benchmarks ◮ Command language ◮ Stack-based, tell-and-ask execution model ◮ Benchmarks are command scripts ◮ Same online and offline behavior ◮ Simple syntax ◮ Sublanguage of Common Lisp S-expressions ◮ Easy to parse ◮ Few syntactic categories ◮ Powerful underlying logic ◮ Many sorted FOL with (pseudo-)parametric types ◮ Schematic theory declarations ◮ Semantic definition of theories 4/22

SMT-LIB 2 Concrete Syntax Strict subset of Common Lisp S-expressions: � spec constant � ::= � numeral � | � decimal � | � hexadecimal � | � binary � | � string � � s expr � ::= � spec constant � | � symbol � ( � s expr � ∗ ) | 5/22

Example: Concrete Syntax ( declare − datatype L i s t ( par (X) ( ( n i l ) ( cons ( head X) ( t a i l ( L i s t X) ) ) ) ) ) ( declare − fun append (( L i s t I n t ) ( L i s t I n t ) ( L i s t I n t ) ) ) ( declare − const a I n t ) ( a s s e r t ( f o r a l l (( x ( L i s t I n t )) ( y ( L i s t I n t ) ) ) (= ( append x y ) ( i t e (= x ( as n i l ( L i s t I n t ) ) ) y ( l e t (( h ( head x )) ( t ( t a i l x ) ) ) ( cons h ( append t y )) ) ) ) ) ) ( a s s e r t (= ( append ( cons a ( as n i l ( L i s t I n t ) ) ) ( append ( cons 2 ( as n i l ( L i s t I n t ) ) ) n i l ) ) ) ( check − sat ) 6/22

Example: TIP vs. SMT-LIB ( declare − datatypes () (( Nat ( Zero ) ( Succ ( pred Nat ) ) ) ) ) ( define − fun − rec p l u s (( x Nat ) ( y Nat )) Nat ( match x ( case Zero y ) ( case ( Succ n ) ( Succ ( p l u s n y ) ) ) ) ) ( assert − not ( f o r a l l (( n Nat ) (m Nat )) (= ( p l u s n m) ( p l u s m n ) ) ) ) ( check − sat ) 7/22

Example: TIP vs. SMT-LIB ( declare − datatype Nat (( Zero ) ( Succ ( Pred Nat ) ) ) ) ( define − fun − rec p l u s (( x Nat ) ( y Nat )) Nat ( match x ( Zero y ) (( Succ n ) ( Succ ( p l u s n y ) ) ) ) ) ( a s s e r t ( not ( f o r a l l (( n Nat ) (m Nat )) (= ( p l u s n m) ( p l u s m n ) ) ) ) ) ( check − sat ) 8/22

SMT-LIB vs. TIP Many TIP features have been integrated into the SMT-LIB ◮ declare-datatypes : similar semantics, simplified syntax ◮ match (Section 3.5.1) ◮ No case keyword ◮ No default keyword: use variable (usable inside term) ◮ define-fun-rec was already in SMT-LIB 2.5 (Section 4.2.3) ◮ assert-not : Tagging a goal can be done with :named annotation ◮ par : parametric functions are not yet supported TIP This document does not yet cover mutual recursion (over data types or over functions), or partial branches and partiality. ◮ SMT-LIB does cover mutual recursion, over functions and data-types: define-funs-rec and declare-datatypes ◮ partiality is not covered 9/22

From Many-sorted FOL to HOL Motivation: ◮ Several hammers for ITP systems use SMT solvers ◮ New communities are extending SMT-LIB with HOL features (for synthesis, inductive reasoning, symbolic computation, . . . ) Goals: ◮ Serve these new users and other non-traditional users ◮ Maintain backward compatibility as much as possible 10/22

From Many-sorted FOL to HOL Plan: ◮ Adopt (Gordon’s) HOL with parametric types, rank-1 polymorphism, and extensional equality ◮ Extend syntax by introducing → type, λ and ε binders ◮ Make all function symbols Curried ◮ Enable higher-order quantification ◮ Keep SMT-LIB 2 constructs/notions but define them in terms of HOL 11/22

SMT-LIB 3: Basic Concrete Syntax for Sorts (Types) � symbol � � label � + ) � indentifier � ::= � symbol � | ( σ � sort � ::= � identifier � ( -> � sort � + � sort � ) | ( � identifier � � sort � + ) | τ � par sort � ::= � sort � ( par ( � symbol � + ) � sort � ) | -> predefined right-associative type constructor 12/22

SMT-LIB 3: Basic Concrete Syntax for Terms � sorted var � ::= ( � symbol � � sort � ) � term � ::= � spec constant � | � identifier � | ( � term � � term � ) | ( lambda ( � sorted var � ) � term � ) | ( choose ( � sorted var � ) � term � ) ( ! � term � � attribute � + ) | 13/22

SMT-LIB 3: Extended Concrete Syntax for Terms ◮ ( t 1 t 2 t 3 · · · t n ) := (( t 1 t 2 ) t 3 · · · t n ) 14/22

SMT-LIB 3: Extended Concrete Syntax for Terms ◮ ( t 1 t 2 t 3 · · · t n ) := (( t 1 t 2 ) t 3 · · · t n ) ◮ (lambda (( x σ ) ( x 1 σ 1 ) · · · ( x n σ n )) ϕ ) := (lambda (( x σ )) (lambda (( y 1 σ 1 ) · · · ( y n σ n )) ϕ [ y i / x i ] )) with y i fresh 14/22

SMT-LIB 3: Extended Concrete Syntax for Terms ◮ ( t 1 t 2 t 3 · · · t n ) := (( t 1 t 2 ) t 3 · · · t n ) ◮ (lambda (( x σ ) ( x 1 σ 1 ) · · · ( x n σ n )) ϕ ) := (lambda (( x σ )) (lambda (( y 1 σ 1 ) · · · ( y n σ n )) ϕ [ y i / x i ] )) with y i fresh ◮ (let (( x 1 t 1 ) · · · ( x n t n )) t ) := ((lambda (( x 1 σ 1 ) · · · ( x n σ n )) t ) t 1 · · · t n ) where σ i is the sort of t i 14/22

SMT-LIB 3: Extended Concrete Syntax for Terms ◮ ( t 1 t 2 t 3 · · · t n ) := (( t 1 t 2 ) t 3 · · · t n ) ◮ (lambda (( x σ ) ( x 1 σ 1 ) · · · ( x n σ n )) ϕ ) := (lambda (( x σ )) (lambda (( y 1 σ 1 ) · · · ( y n σ n )) ϕ [ y i / x i ] )) with y i fresh ◮ (let (( x 1 t 1 ) · · · ( x n t n )) t ) := ((lambda (( x 1 σ 1 ) · · · ( x n σ n )) t ) t 1 · · · t n ) where σ i is the sort of t i ◮ (forall (( x σ )) ϕ ) := (= (lambda (( x σ )) ϕ ) (lambda (( x σ )) true)) (forall (( x 1 σ 1 ) ( x 2 σ 2 ) · · · ( x n σ n )) ϕ ) := (forall (( x 1 σ 1 )) (forall (( x 2 σ 2 ) · · · ( x n σ n )) ϕ )) 14/22

SMT-LIB 3: Extended Concrete Syntax for Terms ◮ ( t 1 t 2 t 3 · · · t n ) := (( t 1 t 2 ) t 3 · · · t n ) ◮ (lambda (( x σ ) ( x 1 σ 1 ) · · · ( x n σ n )) ϕ ) := (lambda (( x σ )) (lambda (( y 1 σ 1 ) · · · ( y n σ n )) ϕ [ y i / x i ] )) with y i fresh ◮ (let (( x 1 t 1 ) · · · ( x n t n )) t ) := ((lambda (( x 1 σ 1 ) · · · ( x n σ n )) t ) t 1 · · · t n ) where σ i is the sort of t i ◮ (forall (( x σ )) ϕ ) := (= (lambda (( x σ )) ϕ ) (lambda (( x σ )) true)) (forall (( x 1 σ 1 ) ( x 2 σ 2 ) · · · ( x n σ n )) ϕ ) := (forall (( x 1 σ 1 )) (forall (( x 2 σ 2 ) · · · ( x n σ n )) ϕ )) ◮ (choose (( x 1 σ 1 ) · · · ( x n σ n )) ϕ ) := . . . 14/22

SMT-LIB 3: Extended Concrete Syntax for Terms ◮ ( t 1 t 2 t 3 · · · t n ) := (( t 1 t 2 ) t 3 · · · t n ) ◮ (lambda (( x σ ) ( x 1 σ 1 ) · · · ( x n σ n )) ϕ ) := (lambda (( x σ )) (lambda (( y 1 σ 1 ) · · · ( y n σ n )) ϕ [ y i / x i ] )) with y i fresh ◮ (let (( x 1 t 1 ) · · · ( x n t n )) t ) := ((lambda (( x 1 σ 1 ) · · · ( x n σ n )) t ) t 1 · · · t n ) where σ i is the sort of t i ◮ (forall (( x σ )) ϕ ) := (= (lambda (( x σ )) ϕ ) (lambda (( x σ )) true)) (forall (( x 1 σ 1 ) ( x 2 σ 2 ) · · · ( x n σ n )) ϕ ) := (forall (( x 1 σ 1 )) (forall (( x 2 σ 2 ) · · · ( x n σ n )) ϕ )) ◮ (choose (( x 1 σ 1 ) · · · ( x n σ n )) ϕ ) := . . . ◮ (exists (( x 1 σ 1 ) · · · ( x n σ n )) ϕ ) := . . . 14/22

SMT-LIB 3: Commands ◮ As in SMT-LIB 2 ◮ Fed to the solver’s standard input channel or stored in a file ◮ Look like Lisp function calls: ( � comm name � � arg � ∗ ) ◮ Operate on an stack of assertion sets ◮ Cause solver to outputs an S-expression to the standard output/error channel ◮ Four categories: ◮ assertion-set commands, modify the assertion set stack ◮ post-check commands, query about the assertion sets ◮ option commands, set solver parameters ◮ diagnostic commands, get solver diagnostics 15/22

SMT-LIB 3: Assertion-Set Commands (declare-sort s n ) Example: (declare-sort Elem 0) (declare-sort Set 1) Effect: declares sort symbol s with arity n (define-sort s ( u 1 · · · u n ) σ ) Example: (define-sort MyArray (u) (Array Int u)) Effect: enables the use of (MyArray Real) as a shorthand for (Array Int Real) 16/22