Towards Coinductive Theory Exploration Katya Komendantskaya (joint - PowerPoint PPT Presentation

Towards Coinductive Theory Exploration Katya Komendantskaya (joint work with Yue Li, Henning Basold, John Power et al.) Workshop WAIT’18, 29 June 2018

Outline Problem statement Solution Technical details

FOL, Coinductively ◮ Any theory expressed in FOL may be seen inductively or coinductively, ◮ Depending on the chosen semantics For example...

Given a theory in Horn Clause syntax: ::= ⊤ | A | G ∧ G | G ∨ G | ∃ Var G G ::= A | G ⊃ D | D ∧ D | ∀ Var D D

Given a theory in Horn Clause syntax: ::= ⊤ | A | G ∧ G | G ∨ G | ∃ Var G G ::= A | G ⊃ D | D ∧ D | ∀ Var D D Coinductive models of theories in Horn Clause logic ◮ Take the sets of (finite and/or infinite) ground terms ◮ The coinductive model is the largest set of such terms such that it satisfies the given theory ◮ (The Inductive model is the smallest such set) ◮ Usually these models are given by fixed point (Knaster-Tarski) construction

Given a theory in Horn Clause syntax: ::= ⊤ | A | G ∧ G | G ∨ G | ∃ Var G G ::= A | G ⊃ D | D ∧ D | ∀ Var D D Coinductive models of theories in Horn Clause logic ◮ Take the sets of (finite and/or infinite) ground terms ◮ The coinductive model is the largest set of such terms such that it satisfies the given theory ◮ (The Inductive model is the smallest such set) ◮ Usually these models are given by fixed point (Knaster-Tarski) construction least fixed point greatest fixed point finite terms Least Herbrand models Greatest Herbrand models finite and infi- Least Complete Herbrand Greatest Complete Herbrand nite terms models models

Example 1 ◮ Both inductive and coinductive semantics may suit Example κ 1 : ∀ x , nat x ⊃ nat ( s x ) κ 2 : nat 0 least fixed point greatest fixed point finite terms { nat 0 , nat ( s 0) ,... } { nat 0 , nat ( s 0) ,... } { nat 0 , nat ( s 0) ,..., s ω } finite and infinite { nat 0 , nat ( s 0) ,... } terms

Example 2 ◮ ... only coinductive semantics may suit Example κ 1 : ∀ x , streamZ x ⊃ streamZ ( scons 0 x ) least fixed greatest fixed point point finite terms 0 / 0 / finite and infinite 0 / { streamZ ( scons 0( scons 0 ... )) } terms

Example 3 ◮ Either semantics may work well for certain fragment of the theory Example κ 1 : ∀ x , nat x ⊃ nat ( s x ) κ 2 : nat 0 κ 3 : ∀ x , nat x ∧ streamN y ⊃ streamN ( scons x y ) least fixed point greatest fixed point finite terms { nat 0 , nat ( s 0) ,... } { nat 0 , nat ( s 0) ,... } 0) ,..., s ω , finite and infinite { nat 0 , nat ( s 0) ,... } { nat 0 , nat ( s terms streamN ( scons 0( scons 0 ... )), streamN ( scons 0( scons 1 ... )), streamN ( scons 1( scons 0 ... )), streamN ( scons 1( scons 1 ... )), ... }

Operational semantics: ◮ State of the art is automated invariant discovery by means of loop detection Example ∀ x , streamZ x ⊃ streamZ ( scons 0 x ) Resolution-based search: streamZ x � x / ( scons 0 x ′ ) streamZ x ′ � ◮ Terminate the loop with x = ( scons 0 x ). ◮ It is the coinductive invariant.

Operational semantics: ◮ State of the art is automated invariant discovery by means of loop detection Example ∀ x , streamZ x ⊃ streamZ ( scons 0 x ) Resolution-based search: streamZ x � x / ( scons 0 x ′ ) streamZ x ′ � ◮ Terminate the loop with x = ( scons 0 x ). ◮ It is the coinductive invariant. Recall: least fixed greatest fixed point point finite terms 0 / 0 / finite and infinite 0 / { streamZ ( scons 0( scons 0 ... )) } terms

However, loop detection ◮ ... is not a very satisfactory solution

Why unsatisfactory? 1 it fails too often Example ∀ x , from ( s x ) y ⊃ from x ( scons x y ) Resolution-based search: from 0 x � x / ( scons 0 x ′ ) from ( s 0) x ′ � ◮ No unifier exists, ◮ loop detection fails to find coinductive invariant

Why unsatisfactory? 1 it fails too often Example ∀ x , from ( s x ) y ⊃ from x ( scons x y ) Resolution-based search: from 0 x � x / ( scons 0 x ′ ) from ( s 0) x ′ � ◮ No unifier exists, ◮ loop detection fails to find coinductive invariant least fixed greatest fixed point point finite terms 0 / 0 / finite and infinite { from 0( scons 0( scons ( s 0) ... )) } 0 / terms

Why unsatisfactory? 2 it is a bad indicator for coinductive meaning of the theory (Works well with existential, but not universal coinductive models )

Universal Coinductive Models Example κ 1 : ∀ x , p ( f x ) ⊃ p x least fixed greatest fixed point point finite terms 0 / { p a , p ( f a ) , p ( f f a ) ,... } finite and infinite { p a , p ( f a ) , p ( f f a ) ,... 0 / p f ω } terms

Universal Coinductive Models Example κ 1 : ∀ x , p ( f x ) ⊃ p x least fixed greatest fixed point point finite terms 0 / { p a , p ( f a ) , p ( f f a ) ,... } finite and infinite { p a , p ( f a ) , p ( f f a ) ,... 0 / p f ω } terms Invariant search: p x → p ( f x ) → p ( f f x ) → ... ◮ The answer is: x = f x . ◮ However, f ω is not all that there is in the model!

Universal Coinductive Models Example κ 1 : ∀ x , p ( f x ) ⊃ p x least fixed greatest fixed point point finite terms 0 / { p a , p ( f a ) , p ( f f a ) ,... } finite and infinite { p a , p ( f a ) , p ( f f a ) ,... 0 / p f ω } terms Invariant search: p x → p ( f x ) → p ( f f x ) → ... ◮ The answer is: x = f x . ◮ However, f ω is not all that there is in the model! p a → p ( f a ) → p ( f f a ) → ... ◮ fails to find a loop

Outline Problem statement Solution Technical details

Solution? ◮ Recast the problem of invariant search as a problem of coinductive theory exploration

Example 1 Example ∀ x , streamZ x ⊃ streamZ ( scons 0 x ) Resolution-based search: streamZ x � x / ( scons 0 x ′ ) streamZ x ′ � ✭ ✭✭✭✭✭✭✭✭✭✭✭✭✭✭✭✭✭✭ Terminate the loop with x = ( scons 0 x ) . ◮ ✭✭✭✭✭✭✭✭✭✭✭✭✭ ✭ It is the coinductive invariant. ◮ ◮ Find and prove streamZ ( zstream ) ◮ for zstream = fix λ x . scons 0 x

Example 2 Example κ 1 : ∀ x , p ( f x ) ⊃ p x p a → p ( f a ) → ... ✭ ◮ ✭✭✭✭✭✭✭✭ fails to find a loop ◮ Find and prove ∀ x , p x ◮ Get p a as a corollary

Outline Problem statement Solution Technical details

Uniform proofs [Miller et al.] ◮ give proof-theoretic interpretation to goal-oriented proof search ◮ Uniform: – one rule applies at every stage of the proof ◮ Proven to be a fragment of intuitionistic logic

Uniform proofs [Miller et al.] ◮ give proof-theoretic interpretation to goal-oriented proof search ◮ Uniform: – one rule applies at every stage of the proof ◮ Proven to be a fragment of intuitionistic logic FOHH and HOHH G ::= ⊤ | A | G ∧ G | G ∨ G | ∃ Var G | D ⊃ G | ∀ Var G D ::= A | G ⊃ D | D ∧ D | ∀ Var D FOHC and HOHC ::= ⊤ | A | G ∧ G | G ∨ G | ∃ Var G G ::= A | G ⊃ D | D ∧ D | ∀ Var D D

Logical rules Σ; P − → G 1 Σ; P − → G 2 → ⊤ ⊤ R ∧ R Σ; P − Σ; P − → G 1 ∧ G 2 Σ; P − → G 1 Σ; P − → G 2 → G 1 ∨ G 2 ∨ R → G 1 ∨ G 2 ∨ R Σ; P − Σ; P − Σ; P , D − → G → D ⊃ G ⊃ R Σ; P − c : τ , Σ; P − → G [ x := c ] ∀ R Σ; P − → ∀ τ x G Σ; P − → G [ x := N ] ∃ R Σ; P − → ∃ τ x G

Backchaining (resolution) rules . . . D Σ; P − → A → A Decide Σ; P − D Σ; P − → A Σ; P − → G ⊃ L Σ; P G ⊃ D − → A D [ x := N ] Σ; P − → Σ , / 0 ⊢ N : τ A ∀ L Σ; P ∀ τ x D − → A

COFIX rule for uniform proofs Σ; P , M − → � M � cofix Σ; P � M

COFIX rule for uniform proofs Σ; P , M − → � M � cofix Σ; P � M the guarding modality � M � must be discharged to get M (this can be done if � M � is resolved (= pattern matched) against a clause in P ). The successful proof ends with Σ; P , M − → M .

Lucky case: trivial coinductive invariant Example κ 1 : ∀ x , p x ⊃ p x Find invariant for: p a − → p a − → ... ?

Lucky case: trivial coinductive invariant Example κ 1 : ∀ x , p x ⊃ p x Find invariant for: p a − → p a − → ... ? least fixed point greatest fixed point finite terms { p a } 0 / finite and infinite 0 / { p a } terms

Lucky case: trivial coinductive invariant Example κ 1 : ∀ x , p x ⊃ p x Find invariant for: p a − → p a − → ... ? Initial Initial p a p a P ; p a − → p a P ; p a − → p a ⊃ L p a ⊃ p a P ; p a − → � p a � ∀ L ∀ x , p x ⊃ p x P ; p a − → � p a � DECIDE P ; p a − → � p a � COFIX P � p a

Lucky case: trivial coinductive invariant Example κ 1 : ∀ x , p x ⊃ p x Find invariant for: p a − → p a − → ... ? Initial Initial p a p a P ; p a − → p a P ; p a − → p a ⊃ L p a ⊃ p a P ; p a − → � p a � ∀ L ∀ x , p x ⊃ p x P ; p a − → � p a � DECIDE P ; p a − → � p a � COFIX P � p a QUIZ: which logic does this coinductive hypothesis and prove live in?

Not so lucky case: universal coinductive invariant Example κ 1 : ∀ x , p ( f x ) ⊃ p x Find invariant for: p ( a ) − → p ( f a ) − → p ( f f a ) − → ... ?