Verified Decision Procedures for Monadic Second-Order Logic on - - PowerPoint PPT Presentation

Verified Decision Procedures

for

Monadic Second-Order Logic on Strings

Functional Pearl

Dmitriy Traytel Tobias Nipkow

λ → ∀

=

Isabelle

β α

Overview

MSO

Overview

MSO LMSO(ϕ) = LMSO(ψ)?

Overview

MSO LMSO(ϕ) = LMSO(ψ)? Finite Automata

Overview

MSO LMSO(ϕ) = LMSO(ψ)? Finite Automata

MONA (> 40 kLOC of C/C++)

Overview

MSO LMSO(ϕ) = LMSO(ψ)? Regular Expressions Finite Automata

MONA (> 40 kLOC of C/C++)

Overview

MSO LMSO(ϕ) = LMSO(ψ)? Regular Expressions L (α) = L (β)? Finite Automata

MONA (> 40 kLOC of C/C++)

Overview

MSO LMSO(ϕ) = LMSO(ψ)? Regular Expressions L (α) = L (β)? LMSO(ϕ) = L (mkRE ϕ) Finite Automata

MONA (> 40 kLOC of C/C++)

Overview

M2L WS1S LM2L(ϕ) = LM2L(ψ)? LWS1S(ϕ) = LWS1S(ψ)? Regular Expressions L (α) = L (β)? LM2L(ϕ) = L (mkREM2L ϕ) LWS1S(ϕ) = L (mkREWS1S ϕ) Finite Automata MONA

Overview

M2L WS1S LM2L(ϕ) = LM2L(ψ)? LWS1S(ϕ) = LWS1S(ψ)? Regular Expressions L (α) = L (β)? LM2L(ϕ) = L (mkREM2L ϕ) LWS1S(ϕ) = L (mkREWS1S ϕ) Finite Automata MONA

I s a b e l l e

Overview

M2L WS1S LM2L(ϕ) = LM2L(ψ)? LWS1S(ϕ) = LWS1S(ψ)? Regular Expressions L (α) = L (β)? LM2L(ϕ) = L (mkREM2L ϕ) LWS1S(ϕ) = L (mkREWS1S ϕ) Finite Automata MONA

I s a b e l l e

Outline

Regular Expressions Equivalence MSO

Outline

Regular Expressions Equivalence MSO

Regular Expressions

L (∅) = {} L (ε) = {[]} L (a) = {[a ]}

a ∈ Σ

L (α+β) = L (α)∪L (β) L (α·β) = L (α)·L (β) L (α∗) = L (α)∗

Extended Regular Expressions

L (∅) = {} L (ε) = {[]} L (a) = {[a ]}

a ∈ Σ

L (α+β) = L (α)∪L (β) L (α·β) = L (α)·L (β) L (α∗) = L (α)∗ L (α∩β) = L (α)∩L (β) L (¬ α) = Σ∗ \L (α)

Π-Extended Regular Expressions

L (∅) = {} L (ε) = {[]} L (a) = {[a ]}

a ∈ Σ

L (α+β) = L (α)∪L (β) L (α·β) = L (α)·L (β) L (α∗) = L (α)∗ L (α∩β) = L (α)∩L (β) L (¬ α) = Σ∗ \L (α) L (Π α) = {

w | w ∈ L

(α)}

Π-Extended Regular Expressions

Ln(∅) = {} Ln(ε) = {[]} Ln(a) = {[a ]}

a ∈ Σn

Ln(α+β) = Ln(α)∪Ln(β) Ln(α·β) = Ln(α)·Ln(β) Ln(α∗) = Ln(α)∗ Ln(α∩β) = Ln(α)∩Ln(β) Ln(¬ α) = Σ∗

n \Ln(α)

Ln(Π α) = {

w | w ∈ Ln+1(α)}

Π-Extended Regular Expressions

Ln(∅) = {} Ln(ε) = {[]} Ln(a) = {[a ]}

a ∈ Σn

Ln(α+β) = Ln(α)∪Ln(β) Ln(α·β) = Ln(α)·Ln(β) Ln(α∗) = Ln(α)∗ Ln(α∩β) = Ln(α)∩Ln(β) Ln(¬ α) = Σ∗

n \Ln(α)

Ln(Π α) = {

w | w ∈ Ln+1(α)} Example Σn = {⊤, ⊥}n

  ⊤ ⊥ ⊥ ⊥ ⊤ ⊤ ⊥ ⊥ ⊤   ∈ Σ∗

3

Π-Extended Regular Expressions

Ln(∅) = {} Ln(ε) = {[]} Ln(a) = {[a ]}

a ∈ Σn

Ln(α+β) = Ln(α)∪Ln(β) Ln(α·β) = Ln(α)·Ln(β) Ln(α∗) = Ln(α)∗ Ln(α∩β) = Ln(α)∩Ln(β) Ln(¬ α) = Σ∗

n \Ln(α)

Ln(Π α) = {

w | w ∈ Ln+1(α)} Example Σn = {⊤, ⊥}n

  ⊤ ⊥ ⊥ ⊥ ⊤ ⊤ ⊥ ⊥ ⊤   ∈ Σ∗

2

Π-Extended Regular Expressions

Ln(∅) = {} Ln(ε) = {[]} Ln(a) = {[a ]}

a ∈ Σn

Ln(α+β) = Ln(α)∪Ln(β) Ln(α·β) = Ln(α)·Ln(β) Ln(α∗) = Ln(α)∗ Ln(α∩β) = Ln(α)∩Ln(β) Ln(¬ α) = Σ∗

n \Ln(α)

Ln(Π α) = {map π w | w ∈ Ln+1(α)} π : Σn+1 → Σn

Example Σn = {⊤, ⊥}n

  ⊤ ⊥ ⊥ ⊥ ⊤ ⊤ ⊥ ⊥ ⊤   ∈ Σ∗

2

π = tail π−1a = {⊤a, ⊥a}

Derivatives of Regular Expressions

Characteristic property Ln(Da(α)) = {w | aw ∈ Ln(α)}

Derivatives of Regular Expressions

Characteristic property Ln(Da(α)) = {w | aw ∈ Ln(α)}

Da(∅) = ∅ Da(ε) = ∅ Da(b) = if a = b then ε else ∅ Da(α+β) = Da(α)+Da(β) Da(α·β) = if ε ∈ L (α) then Da(α)·β+Da(β) else Da(α)·β Da(α∗) = Da(α)·α∗ Da(α∩β) = Da(α)∩Da(β) Da(¬ α) = ¬ Da(α)

Derivatives of Regular Expressions

Characteristic property Ln(Da(α)) = {w | aw ∈ Ln(α)}

Da(∅) = ∅ Da(ε) = ∅ Da(b) = if a = b then ε else ∅ Da(α+β) = Da(α)+Da(β) Da(α·β) = if ε ∈ L (α) then Da(α)·β+Da(β) else Da(α)·β Da(α∗) = Da(α)·α∗ Da(α∩β) = Da(α)∩Da(β) Da(¬ α) = ¬ Da(α) Da(Π α) = Π

• b∈π−1a

Db(α)

DP by Example: a∗ ?

≡ ε+ a· a∗ for Σ = {a,b}

a∗

ε+ a· a∗

DP by Example: a∗ ?

≡ ε+ a· a∗ for Σ = {a,b}

a∗

ε+ a· a∗ ε· a∗ ∅+ε· a∗ Da

DP by Example: a∗ ?

≡ ε+ a· a∗ for Σ = {a,b}

a∗

ε+ a· a∗ ε· a∗ ∅+ε· a∗ ∅· a∗ ∅+∅· a∗ Da Db

DP by Example: a∗ ?

≡ ε+ a· a∗ for Σ = {a,b}

a∗

ε+ a· a∗ ε· a∗ ∅+ε· a∗ ∅· a∗ +ε· a∗ ∅+∅· a∗ +ε· a∗ ∅· a∗ ∅+∅· a∗ Da Da Db

DP by Example: a∗ ?

≡ ε+ a· a∗ for Σ = {a,b}

a∗

ε+ a· a∗ ε· a∗ ∅+ε· a∗ ∅· a∗ +ε· a∗ ∅+∅· a∗ +ε· a∗ ∅· a∗ +∅· a∗ +ε· a∗ ∅+∅· a∗ +∅· a∗ +ε· a∗ ∅· a∗ ∅+∅· a∗ Da Da Da Db

DP by Example: a∗ ?

≡ ε+ a· a∗ for Σ = {a,b}

a∗

ε+ a· a∗ ε· a∗ ∅+ε· a∗ ∅· a∗ +ε· a∗ ∅+∅· a∗ +ε· a∗ ∅· a∗ +∅· a∗ +ε· a∗ ∅+∅· a∗ +∅· a∗ +ε· a∗ ∅· a∗ ∅+∅· a∗ Da Da Da

ACI

Db

DP by Example: a∗ ?

≡ ε+ a· a∗ for Σ = {a,b}

a∗

ε+ a· a∗ ε· a∗ ∅+ε· a∗ ∅· a∗ +ε· a∗ ∅+∅· a∗ +ε· a∗ ∅· a∗ +∅· a∗ +ε· a∗ ∅+∅· a∗ +∅· a∗ +ε· a∗ ∅· a∗ ∅+∅· a∗ ∅· a∗ +∅· a∗ ∅+∅· a∗ +∅· a∗ Da Da Da

ACI

Db Db

DP by Example: a∗ ?

≡ ε+ a· a∗ for Σ = {a,b}

a∗

ε+ a· a∗ ε· a∗ ∅+ε· a∗ ∅· a∗ +ε· a∗ ∅+∅· a∗ +ε· a∗ ∅· a∗ +∅· a∗ +ε· a∗ ∅+∅· a∗ +∅· a∗ +ε· a∗ ∅· a∗ ∅+∅· a∗ ∅· a∗ +∅· a∗ ∅+∅· a∗ +∅· a∗ Da Da Da

ACI

Db Db

ACI

DP by Example: a∗ ?

≡ ε+ a· a∗ for Σ = {a,b}

a∗

ε+ a· a∗ ε· a∗ ∅+ε· a∗ ∅· a∗ +ε· a∗ ∅+∅· a∗ +ε· a∗ ∅· a∗ +∅· a∗ +ε· a∗ ∅+∅· a∗ +∅· a∗ +ε· a∗ ∅· a∗ ∅+∅· a∗ ∅· a∗ +∅· a∗ ∅+∅· a∗ +∅· a∗ Da Da Da

ACI

Db Db

ACI

Da Db

DP by Example: a∗ ?

≡ ε+ a· a∗ for Σ = {a,b}

a∗

ε+ a· a∗ ε· a∗ ∅+ε· a∗ ∅· a∗ +ε· a∗ ∅+∅· a∗ +ε· a∗ ∅· a∗ +∅· a∗ +ε· a∗ ∅+∅· a∗ +∅· a∗ +ε· a∗ ∅· a∗ ∅+∅· a∗ ∅· a∗ +∅· a∗ ∅+∅· a∗ +∅· a∗ ∅· a∗ +∅· a∗ +∅· a∗ ∅+∅· a∗ +∅· a∗ +∅· a∗ Da Da Da

ACI

Db Db Db

ACI

Da Db

DP by Example: a∗ ?

≡ ε+ a· a∗ for Σ = {a,b}

a∗

ε+ a· a∗ ε· a∗ ∅+ε· a∗ ∅· a∗ +ε· a∗ ∅+∅· a∗ +ε· a∗ ∅· a∗ +∅· a∗ +ε· a∗ ∅+∅· a∗ +∅· a∗ +ε· a∗ ∅· a∗ ∅+∅· a∗ ∅· a∗ +∅· a∗ ∅+∅· a∗ +∅· a∗ ∅· a∗ +∅· a∗ +∅· a∗ ∅+∅· a∗ +∅· a∗ +∅· a∗ Da Da Da

ACI

Db Db Db

ACI ACI

Da Db

DP by Example: a∗ ?

≡ ε+ a· a∗ for Σ = {a,b}

a∗

ε+ a· a∗ ε· a∗ ∅+ε· a∗ ∅· a∗ +ε· a∗ ∅+∅· a∗ +ε· a∗ ∅· a∗ +∅· a∗ +ε· a∗ ∅+∅· a∗ +∅· a∗ +ε· a∗ ∅· a∗ ∅+∅· a∗ ∅· a∗ +∅· a∗ ∅+∅· a∗ +∅· a∗ ∅· a∗ +∅· a∗ +∅· a∗ ∅+∅· a∗ +∅· a∗ +∅· a∗ Da Da Da

ACI

Db Db Db

ACI ACI

Da Db

DP by Example: a∗ ?

≡ ε+ a· a∗ for Σ = {a,b}

a∗

ε+ a· a∗ ε· a∗ ∅+ε· a∗ ∅· a∗ +ε· a∗ ∅+∅· a∗ +ε· a∗ ∅· a∗ ∅+∅· a∗ ∅· a∗ +∅· a∗ ∅+∅· a∗ +∅· a∗ Da Da Db Db Da Db

a∗ a∗

∅ ∅

EQ EQ EQ EQ

Related Work

• Theoretical groundwork

JACM 1964 Brzozowski CONCUR 1998 Rutten

Related Work

• Theoretical groundwork

JACM 1964 Brzozowski CONCUR 1998 Rutten

• FP community

JFP 2009 Owens, Reppy, and Turon ICFP 2010 Fischer, Huch, and Wilke ICFP 2010 Danielsson ICFP 2011 Might, Darais, and Spiewak

Related Work

• Theoretical groundwork

JACM 1964 Brzozowski CONCUR 1998 Rutten

• FP community

JFP 2009 Owens, Reppy, and Turon ICFP 2010 Fischer, Huch, and Wilke ICFP 2010 Danielsson ICFP 2011 Might, Darais, and Spiewak

• ITP community

ITP 2010 Braibant and Pous JAR 2011 Krauss and Nipkow CPP 2011 Coquand and Siles ITP 2012 Asperti RAMiCS 2012 Moreira, Pereira, and de Sousa

Outline

Regular Expressions Equivalence MSO

MSO Formulas

formula

=

Qa(x)

|

x < y

|

x ∈ X

| ¬ formula |

formula ∨ formula

|

formula ∧ formula

| ∃x.formula | ∃X.formula

MSO Formulas

formula

=

Qa(x)

|

x < y

|

x ∈ X

| ¬ formula |

formula ∨ formula

|

formula ∧ formula

| ∃x.formula | ∃X.formula (w,I) Qa(x) ⇔ w !! I x = a

MSO Formulas

formula

=

Qa(x)

|

x < y

|

x ∈ X

| ¬ formula |

formula ∨ formula

|

formula ∧ formula

| ∃x.formula | ∃X.formula (w,I) Qa(x) ⇔ w !! I x = a LM2L(ϕ) = {enc(w,I) | (w,I) ϕ}

Representation of Interpretations as Words

(w = aba, I = {x → 0, X → {1,2}, y → 2})

Representation of Interpretations as Words

(w = aba, I = {x → 0, X → {1,2}, y → 2})

x X y

   

a b a

⊤ ⊥ ⊥ ⊥ ⊤ ⊤ ⊥ ⊥ ⊤    

enc

Σn =Σ×{⊤, ⊥}n

Representation of Interpretations as Words

(w = aba, I = {x → 0, X → {1,2}, y → 2})

x X y

   

a b a

⊤ ⊥ ⊥ ⊥ ⊤ ⊤ ⊥ ⊥ ⊤    

enc

Σn =Σ×{⊤, ⊥}n π (a, bs) = (a, tail bs) π−1(a, bs) = {(a, ⊤bs), (a, ⊥bs)}

From MSO Formulas to Regular Expressions

mkRE n (Qa(m)) =

Σ∗

n ·

   

a

⊤/⊥

⊤

⊤/⊥

   ·Σ∗

n ∩ WF n {m}

From MSO Formulas to Regular Expressions

mkRE n (Qa(m)) =

Σ∗

n ·

   

a

⊤/⊥

⊤

⊤/⊥

   ·Σ∗

n ∩ WF n {m}

. . .

mkRE n (ϕ1 ∨ϕ2) = (mkRE n ϕ1 + mkRE n ϕ2) ∩ WF n (FV (ϕ1 ∨ϕ2))

From MSO Formulas to Regular Expressions

mkRE n (Qa(m)) =

Σ∗

n ·

   

a

⊤/⊥

⊤

⊤/⊥

   ·Σ∗

n ∩ WF n {m}

. . .

mkRE n (ϕ1 ∨ϕ2) = (mkRE n ϕ1 + mkRE n ϕ2) ∩ WF n (FV (ϕ1 ∨ϕ2))

. . .

mkRE n (∃x.ϕ) =

Π (mkRE (n + 1) ϕ)

mkRE n (∃X.ϕ) =

Π (mkRE (n + 1) ϕ)

From MSO Formulas to Regular Expressions

mkRE n (Qa(m)) =

Σ∗

n ·

   

a

⊤/⊥

⊤

⊤/⊥

   ·Σ∗

n

. . .

mkRE n (ϕ1 ∨ϕ2) = mkRE n ϕ1 + mkRE n ϕ2

. . .

mkRE n (∃x.ϕ) =

Π (mkRE (n + 1) ϕ ∩ WF (n + 1) {x})

mkRE n (∃X.ϕ) =

Π (mkRE (n + 1) ϕ)

From MSO Formulas to Regular Expressions

mkRE n (Qa(m)) =

Σ∗

n ·

   

a

⊤/⊥

⊤

⊤/⊥

   ·Σ∗

n

. . .

mkRE n (ϕ1 ∨ϕ2) = mkRE n ϕ1 + mkRE n ϕ2

. . .

mkRE n (∃x.ϕ) =

Π (mkRE (n + 1) ϕ ∩ WF (n + 1) {x})

mkRE n (∃X.ϕ) =

Π (mkRE (n + 1) ϕ)

Theorem

LM2L(ϕ) = Ln(mkRE n ϕ ∩ WF n (FV ϕ))−{ε}

Head to Head

M2L WS1S Regular Expressions Finite Automata MONA

λ → ∀

=

Isabelle

β α

Head to Head

M2L WS1S Regular Expressions Finite Automata MONA

λ → ∀

=

Isabelle

β α

efficient

Head to Head

M2L WS1S Regular Expressions Finite Automata MONA

λ → ∀

=

Isabelle

β α

efficient unverified

Head to Head

M2L WS1S Regular Expressions Finite Automata MONA

λ → ∀

=

Isabelle

β α

efficient unverified 40 kLOC

Head to Head

M2L WS1S Regular Expressions Finite Automata MONA

λ → ∀

=

Isabelle

β α

efficient unverified 40 kLOC 40 kLOC of C/C++

Head to Head

M2L WS1S Regular Expressions Finite Automata MONA

λ → ∀

=

Isabelle

β α

efficient unverified 40 kLOC 40 kLOC of C/C++ inefficient

Head to Head

M2L WS1S Regular Expressions Finite Automata MONA

λ → ∀

=

Isabelle

β α

efficient unverified 40 kLOC 40 kLOC of C/C++ inefficient simple: 350 LOC of

Isabelle/HOL

Head to Head

M2L WS1S Regular Expressions Finite Automata MONA

λ → ∀

=

Isabelle

β α

efficient unverified 40 kLOC 40 kLOC of C/C++ inefficient simple: 350 LOC of

Isabelle/HOL

functional: 2,5 kLOC of

generated Haskell

Head to Head

M2L WS1S Regular Expressions Finite Automata MONA

λ → ∀

=

Isabelle

β α

efficient unverified 40 kLOC 40 kLOC of C/C++ inefficient simple: 350 LOC of

Isabelle/HOL

functional: 2,5 kLOC of

generated Haskell

sound, complete, and

terminating: 5 kLOP

Head to Head

M2L WS1S Regular Expressions Finite Automata MONA

λ → ∀

=

Isabelle

β α

efficient unverified 40 kLOC 40 kLOC of C/C++ inefficient simple: 350 LOC of

Isabelle/HOL

functional: 2,5 kLOC of

generated Haskell

sound, complete, and

terminating: 5 kLOP

Thanks for listening!

Verified Decision Procedures

for

Monadic Second-Order Logic on Strings

Functional Pearl

Dmitriy Traytel Tobias Nipkow

λ → ∀

=

Isabelle

β α