Superpositionwith DatatypesandCodatatypes Jasmin Blanchette Vrije - - PowerPoint PPT Presentation

Superpositionwith DatatypesandCodatatypes

Jasmin Blanchette

Vrije Universiteit Amsterdam MPI-INF Saarbrücken

Nicolas Peltier

Université Grenoble Alpes

Simon Robillard

Chalmers University of Technology

Superposition with Datatypes and Codatatypes Introduction

(co)datatypes everywhere!

program verification metatheory of programming languages formalization of mathematics . . .

Typical application of ATPs

1 / 28

Superposition with Datatypes and Codatatypes Introduction

Partial axiomatization?

2 / 28

Superposition with Datatypes and Codatatypes Introduction

Partial axiomatization? ✗ Inconvenient

2 / 28

Superposition with Datatypes and Codatatypes Introduction

Partial axiomatization? ✗ Inconvenient ✗ Inefficient

2 / 28

Superposition with Datatypes and Codatatypes Introduction

Partial axiomatization? ✗ Inconvenient ✗ Inefficient ✗ Incomplete

2 / 28

Superposition with Datatypes and Codatatypes Introduction

Example (co)datatype τ = E : τ | F : τ → τ | G : α × τ → τ

3 / 28

Superposition with Datatypes and Codatatypes Introduction

Axioms for freely generated (co)datatypes

Distinctness

∀x, E ≈ F(x) ∀¯ x, F(x1) ≈ G(x2, x3) ∀¯ x, G(x1, x2) ≈ E

4 / 28

Superposition with Datatypes and Codatatypes Introduction

Axioms for freely generated (co)datatypes

Distinctness

∀x, E ≈ F(x) ∀¯ x, F(x1) ≈ G(x2, x3) ∀¯ x, G(x1, x2) ≈ E

Injectivity

∀¯ x, F(x1) ≈ F(x2) → x1 ≈ x2 ∀¯ x, G(x1, x′

1) ≈ G(x2, x′ 2) → x1 ≈ x2 ∧ x′ 1 ≈ x′ 2

4 / 28

Superposition with Datatypes and Codatatypes Introduction

Axioms for freely generated (co)datatypes

Distinctness

∀x, E ≈ F(x) ∀¯ x, F(x1) ≈ G(x2, x3) ∀¯ x, G(x1, x2) ≈ E

Injectivity

∀¯ x, F(x1) ≈ F(x2) → x1 ≈ x2 ∀¯ x, G(x1, x′

1) ≈ G(x2, x′ 2) → x1 ≈ x2 ∧ x′ 1 ≈ x′ 2

Exhaustivity

∀x ∃¯ y, x ≈ E ∨ x ≈ F(y1) ∨ x ≈ G(y2, y3)

4 / 28

Superposition with Datatypes and Codatatypes Introduction

Acyclicity

∀x, x ≈ F(x) ∀x y, x ≈ G(y, x)

5 / 28

Superposition with Datatypes and Codatatypes Introduction

Acyclicity

∀x, x ≈ F(x) ∀x y, x ≈ G(y, x) ∀x, x ≈ F(F(x)) ∀x y, x ≈ F(G(y, x)) ∀x y, x ≈ G(y, F(x)) ∀x ¯ y, x ≈ G(y1, G(y2, x))

5 / 28

Superposition with Datatypes and Codatatypes Introduction

Acyclicity

∀x, x ≈ F(x) ∀x y, x ≈ G(y, x) ∀x, x ≈ F(F(x)) ∀x y, x ≈ F(G(y, x)) ∀x y, x ≈ G(y, F(x)) ∀x ¯ y, x ≈ G(y1, G(y2, x)) ∀x, x ≈ F(F(F(x))) ∀x y, x ≈ F(F(G(y, x))) ∀x y, x ≈ F(G(y, F(x))) ∀x ¯ y, x ≈ F(G(y1, G(y2, x))) ∀x y, x ≈ G(y, F(F(F(x)))) ∀x ¯ y, x ≈ G(y1, F(F(G(y2, x)))) ∀x ¯ y, x ≈ G(y1, F(G(y2, F(x)))) ∀x ¯ y, x ≈ G(y1, F(G(y2, G(y3, x)))) ∀x, x ≈ F(F(F(F(x)))) ∀x y, x ≈ F(F(F(G(y, x))))

5 / 28

Superposition with Datatypes and Codatatypes Introduction

Acyclicity

∀x, x ≈ F(x) ∀x y, x ≈ G(y, x) ∀x, x ≈ F(F(x)) ∀x y, x ≈ F(G(y, x)) ∀x y, x ≈ G(y, F(x)) ∀x ¯ y, x ≈ G(y1, G(y2, x)) ∀x, x ≈ F(F(F(x))) ∀x y, x ≈ F(F(G(y, x))) ∀x y, x ≈ F(G(y, F(x))) ∀x ¯ y, x ≈ F(G(y1, G(y2, x))) ∀x y, x ≈ G(y, F(F(F(x)))) ∀x ¯ y, x ≈ G(y1, F(F(G(y2, x)))) ∀x ¯ y, x ≈ G(y1, F(G(y2, F(x)))) ∀x ¯ y, x ≈ G(y1, F(G(y2, G(y3, x)))) ∀x, x ≈ F(F(F(F(x)))) ∀x y, x ≈ F(F(F(G(y, x))))

∀x, x ≈ Γ[x]

5 / 28

Superposition with Datatypes and Codatatypes Introduction

Codatatype fixpoints

∃!x, x ≈ Γ[x]

6 / 28

Superposition with Datatypes and Codatatypes Introduction

Codatatype fixpoints

∃!x, x ≈ Γ[x]

Example

s ≈ F(G(a, F(s))) ∧ t ≈ F(G(a, F(t))) implies s ≈ t

6 / 28

Superposition with Datatypes and Codatatypes Axiomatic approach

Solution 1

Conservative extension of the theory

7 / 28

Superposition with Datatypes and Codatatypes Axiomatic approach

Acyclicity

Extra predicate

sub(s, t)

“s is a subterm of t”

Recursive definition

∀x, sub(x, x) ∀xy, sub(x, y) → sub(x, F(y))

Acyclicity

∀x, ¬sub(F(x), x)

8 / 28

Superposition with Datatypes and Codatatypes Axiomatic approach

Fixpoints

Extra sort

G (•, E )

context = term with hole(s)

Application function

app : context × term → term

Example

app( G (•, E ), F(E)) ≈ G(F(E), E)

9 / 28

Superposition with Datatypes and Codatatypes Axiomatic approach

Existence of fixpoints

Extra function cyc : context → term ∀x, cyc(x) ≈ app(x, cyc(x))

10 / 28

Superposition with Datatypes and Codatatypes Axiomatic approach

Existence of fixpoints

Extra function cyc : context → term ∀x, cyc(x) ≈ app(x, cyc(x))

Example with x := G (•, E )

cyc( G (•, E )) ≈ app( G (•, E ), cyc( G (•, E ))) ≈ G(cyc( G (•, E )), E) cyc(Γ) is the solution of y ≈ Γ[y]

10 / 28

Superposition with Datatypes and Codatatypes Axiomatic approach

Existence of fixpoints

Extra function cyc : context → term ∀x, cyc(x) ≈ app(x, cyc(x))

Example with x := G (•, E )

cyc( G (•, E )) ≈ app( G (•, E ), cyc( G (•, E ))) ≈ G(cyc( G (•, E )), E) cyc(Γ) is the solution of y ≈ Γ[y]

Uniqueness

∀xy, y ≈ • ∧ x ≈ app(y, x) → x ≈ cyc(y)

10 / 28

Superposition with Datatypes and Codatatypes Axiomatic approach

Mutually recursive types

(co)datatype α = E : α | F : β → α and β = G : α → β

Solution

Datatypes subαα subαβ subβα subββ Codatatypes

α β -contexts with holes for α β -terms

11 / 28

Superposition with Datatypes and Codatatypes Axiomatic approach

Completeness

First-order theory

≈ No uninterpreted functions Complete, but not finitely axiomatizable

Conservative extension

Extra symbols ✓ Encode cyclicity properties ✗ Shouldn’t be used in conjecture

12 / 28

Superposition with Datatypes and Codatatypes Axiomatic approach

Conservative extension of the theory ✓ Complete ✓ Easy to implement But can we improve proof search?

13 / 28

Superposition with Datatypes and Codatatypes Inference rules

Solution 2

Dedicated inference rules

14 / 28

Superposition with Datatypes and Codatatypes Inference rules

Chains and cycles

a ≈ F(b)

15 / 28

Superposition with Datatypes and Codatatypes Inference rules

Chains and cycles

a ≈ F(b) b ≈ G(F(c), d)

15 / 28

Superposition with Datatypes and Codatatypes Inference rules

Chains and cycles

a ≈ F(b) b ≈ G(F(c), d) c ≈ F(h(e))

15 / 28

Superposition with Datatypes and Codatatypes Inference rules

Chains and cycles

a ≈ F(b) b ≈ G(F(c), d) c ≈ F(h(e)) h(x) ≈ G(a, e)

15 / 28

Superposition with Datatypes and Codatatypes Inference rules

Chains and cycles

a ≈ F(b) b ≈ G(F(c), d) c ≈ F(h(e)) h(x) ≈ G(a, e)

a ≈ F(G(F(F(G(a, e))), d)

under unifier {x ← e}

15 / 28

Superposition with Datatypes and Codatatypes Inference rules

The acyclicity rule

s1 ≈ Γ1[s′

2] ∨ C1

s2 ≈ Γ2[s′

3] ∨ C2

. . . sn ≈ Γn[s′

1] ∨ Cn

(C1 ∨ C2 ∨ · · · ∨ Cn)θ

16 / 28

Superposition with Datatypes and Codatatypes Inference rules

The acyclicity rule

s1 ≈ Γ1[s′

2] ∨ C1

s2 ≈ Γ2[s′

3] ∨ C2

. . . sn ≈ Γn[s′

1] ∨ Cn

(C1 ∨ C2 ∨ · · · ∨ Cn)θ mgu {s1 ≈ s′

1, . . . , sn ≈ s′ n}

16 / 28

Superposition with Datatypes and Codatatypes Inference rules

The acyclicity rule

maximal literals s1 ≈ Γ1[s′

2] ∨ C1

s2 ≈ Γ2[s′

3] ∨ C2

. . . sn ≈ Γn[s′

1] ∨ Cn

(C1 ∨ C2 ∨ · · · ∨ Cn)θ mgu {s1 ≈ s′

1, . . . , sn ≈ s′ n}

16 / 28

Superposition with Datatypes and Codatatypes Inference rules

The acyclicity rule

maximal literals s1 ≈ Γ1[s′

2] ∨ C1

s2 ≈ Γ2[s′

3] ∨ C2

. . . sn ≈ Γn[s′

1] ∨ Cn

(C1 ∨ C2 ∨ · · · ∨ Cn)θ

• rientation of equalities

si Γi[si+1] mgu {s1 ≈ s′

1, . . . , sn ≈ s′ n}

16 / 28

Superposition with Datatypes and Codatatypes Inference rules

Trouble with the variables

{ t ≈ F(x) ∨ p(x) ???

17 / 28

Superposition with Datatypes and Codatatypes Inference rules

Trouble with the variables

unifier = {x ← t} t ≈ F(x) ∨ p(x) p(t)

17 / 28

Superposition with Datatypes and Codatatypes Inference rules

Trouble with the variables

unifier = {x ← Γ[t]} t ≈ F(x) ∨ p(x) p(Γ[t])

17 / 28

Superposition with Datatypes and Codatatypes Inference rules

More trouble with the variables a ≈ F(b(0)) b(x) ≈ F(b(x + 1)) b(2) ≈ F(a) ???

18 / 28

Superposition with Datatypes and Codatatypes Inference rules

More trouble with the variables a ≈ F(b(0)) b(x) ≈ F(b(x + 1)) b(2) ≈ F(a) ⊥ b(0) ≈ F(b(1)) b(1) ≈ F(b(2))

18 / 28

Superposition with Datatypes and Codatatypes Inference rules

The acyclicity rule (special case)

t is a variable OR unifiable with s1, . . . , sn s1 ≈ Γ1[s′

2] ∨ C1

s2 ≈ Γ2[s′

3] ∨ C2

. . . sn ≈ Γn[t] ∨ Cn (¬sub(s1, t) ∨ C1 ∨ C2 ∨ · · · ∨ Cn)θ Axioms for sub are included in the clauses to saturate

19 / 28

Superposition with Datatypes and Codatatypes Inference rules

t ≈ F(x) ∨ p(x) ¬sub(t, x) ∨ p(x) sub(y, F(z)) ∨ ¬sub(y, z) ¬sub(t, z) ∨ p(F(z)) sub(x, x) p(F(z))

20 / 28

Superposition with Datatypes and Codatatypes Inference rules

hypothesis

t ≈ F(x) ∨ p(x) ¬sub(t, x) ∨ p(x) sub(y, F(z)) ∨ ¬sub(y, z) ¬sub(t, z) ∨ p(F(z)) sub(x, x) p(F(z))

20 / 28

Superposition with Datatypes and Codatatypes Inference rules

hypothesis acyclicity

t ≈ F(x) ∨ p(x) ¬sub(t, x) ∨ p(x) sub(y, F(z)) ∨ ¬sub(y, z) ¬sub(t, z) ∨ p(F(z)) sub(x, x) p(F(z))

20 / 28

Superposition with Datatypes and Codatatypes Inference rules

hypothesis acyclicity axioms

t ≈ F(x) ∨ p(x) ¬sub(t, x) ∨ p(x) sub(y, F(z)) ∨ ¬sub(y, z) ¬sub(t, z) ∨ p(F(z)) sub(x, x) p(F(z))

20 / 28

Superposition with Datatypes and Codatatypes Inference rules

hypothesis acyclicity axioms

t ≈ F(x) ∨ p(x) ¬sub(t, x) ∨ p(x) sub(y, F(z)) ∨ ¬sub(y, z) ¬sub(t, z) ∨ p(F(z)) sub(x, x) p(F(z))

20 / 28

Superposition with Datatypes and Codatatypes Inference rules

Codatatype fixpoints

Existence

Function cyc and its axiom

Uniqueness

Rule based on chains (shown here simplified) s1 ≈ Γ1[s′

2] ∨ C1

s2 ≈ Γ2[s′

3] ∨ C2

. . . sn ≈ Γn[t] ∨ Cn (x ≈ Γ[t] ∨ x ≈ s1 ∨ C1 ∨ C2 ∨ · · · ∨ Cn)θ fresh variable Γ = Γ1[Γ2[. . . Γn . . . ]] Not shown: extra conditions about occurences of s1 in Γ

21 / 28

Superposition with Datatypes and Codatatypes Inference rules

Relaxing the superposition rule F(t) ≈ s

Superposition can rewrite s even if F(t) ≻ s

Effect on rewrite system

F(t′) → s′ irreducible

Effect on proof search

✗ More applications of superposition ✓ Can be mitigated with good term ordering

22 / 28

Superposition with Datatypes and Codatatypes Inference rules

Replacing the remaining axioms

Distinctness rules

F(¯ s) ≈ G(¯ t) ∨ C C F(¯ s) ≈ x ∨ C C[x ← G(¯ y)] F(¯ s) ≈ u ∨ C1 G(¯ t) ≈ u′ ∨ C2 (C1 ∨ C2)σ σ = mgu(u, u′) Similar rules for injectivity Exhaustivity still requires axiom

23 / 28

Superposition with Datatypes and Codatatypes Experiments

Implementation

Both approaches implemented in Vampire

Challenges

n-ary rules mgu over set of equations

Indexing technique

Re-use existing indexes for retrieval of unifiable terms Build chains and mgu incrementally

24 / 28

Superposition with Datatypes and Codatatypes Experiments

Benchmarks

Isabelle problems

4130 problems translated by Sledgehammer Almost no difference between configurations Nothing lost vs partial axiomatization Acyclicity & fixpoints rarely used here

Synthetic problems

500 problems Focus on acyclicity & fixpoints

25 / 28

Superposition with Datatypes and Codatatypes Experiments

Synthetic problems AC AC U U EX

ground ∀ ground ∀

Axioms 100% 65% 10% 14% 40% Rules 100% 82% 13% 14% 35%

26 / 28

Superposition with Datatypes and Codatatypes Experiments

Synthetic problems

∃x, x ≈ Γ[x]

AC AC U U EX

ground ∀ ground ∀

Axioms 100% 65% 10% 14% 40% Rules 100% 82% 13% 14% 35%

26 / 28

Superposition with Datatypes and Codatatypes Experiments

Synthetic problems

∃xy, x ≈ Γ[x] ∧ y ≈ Γ[y] ∧ x ≈ y

AC AC U U EX

ground ∀ ground ∀

Axioms 100% 65% 10% 14% 40% Rules 100% 82% 13% 14% 35%

26 / 28

Superposition with Datatypes and Codatatypes Experiments

Synthetic problems

∀x, x ≈ Γ[x]

AC AC U U EX

ground ∀ ground ∀

Axioms 100% 65% 10% 14% 40% Rules 100% 82% 13% 14% 35%

26 / 28

Superposition with Datatypes and Codatatypes Experiments

Synthetic problems AC AC U U EX

ground ∀ ground ∀

Axioms 100% 65% 10% 14% 40% Rules 100% 82% 13% 14% 35% Z3 100% 59% CVC4 100% 100% 100% 12% 0%

26 / 28

Superposition with Datatypes and Codatatypes Conclusion

Induction and co-induction

First-order theory

Complete without (co)induction Acyclicity Fp uniqueness

• is a special case of

induction co-induction

27 / 28

Superposition with Datatypes and Codatatypes Conclusion

Summary

Two solutions

1 Conservative extension of the theory 2 Inference rules + axioms

✓ Complete (with restriction for unicity rule) ✓ Efficient acyclicity rule ✓ Implementation in Vampire http://github.com/vprover

28 / 28

Superposition with Datatypes and Codatatypes

Conservative extension: acyclicity

Sub

sub(x, x) sub(x, y) → sub(x, F(¯ z, y, ¯ z′))

Acyclicity

¬sub(F(¯ y, x, ¯ y′), x)

1 / 2

Superposition with Datatypes and Codatatypes

Conservative extension: fixpoints

App

app(cst(x), y) ≈ x app(•, x) ≈ x app( F (¯ x), y) ≈ F(app(xi, y))

Hole

• ≈ cst(x)
• ≈ F (¯

x)

Existence & uniqueness

cyc(x) ≈ app(x, cyc(x)) x ≈ • ∧ y ≈ app(x, y) → y ≈ cyc(x)

2 / 2