Constrained Horn Clauses ( and Refinement Types) Toby Cathcart Burn, - PowerPoint PPT Presentation

Higher-Order Constrained Horn Clauses ( and Refinement Types) Toby Cathcart Burn, Luke Ong and Steven Ramsay University of Oxford

l l e e t t add add x y = x + y l l e e t t r e c it iter er f m n = i i f f n ≤ 0 t t h h e e n m e n e l l s s e e f n ( iter ter f m ( n-1 )) i i n n f f u u n n n a s s e r t (n ≤ it iter er add add 0 n )

l l e e t t add add x y = x + y l l e e t t r e c it iter er f m n = i i f f n ≤ 0 t t h h e e n n m e e l l s s e e f n ( iter ter f m ( n-1 )) i i n n f f u u n n n a s s e r t (n ≤ it iter er add add 0 n ) ∀ 𝒚 𝒛 𝒜 . 𝑨 = 𝑦 + 𝑧 𝑩𝒆𝒆 𝑦 𝑧 𝑨 ∀ 𝒈 𝒏 𝒐 . 𝑜 ≤ 0 𝑱𝒖𝒇𝒔 𝑔 𝑛 𝑜 𝑛 ∀ 𝒈 𝒏 𝒐 𝒔 𝒒 . 𝑜 > 0 ∧ 𝑱𝒖𝒇𝒔 𝑔 𝑛 𝑜 − 1 𝑞 ∧ 𝑔 𝑜 𝑞 𝑠 𝑱𝒖𝒇𝒔 𝑔 𝑛 𝑜 𝑠 ∀ 𝒐 𝒔 . 𝑱𝒖𝒇𝒔 𝑩𝒆𝒆 0 𝑜 𝑠 𝑜 ≤ 𝑠

Higher- order “unknown” relations: 𝐽𝑢𝑓𝑠 ∶ int → int → int → bool → int → int → int → bool ∀ 𝒚 𝒛 𝒜 . 𝑨 = 𝑦 + 𝑧 𝑩𝒆𝒆 𝑦 𝑧 𝑨 ∀ 𝒈 𝒏 𝒐 . 𝑜 ≤ 0 𝑱𝒖𝒇𝒔 𝑔 𝑛 𝑜 𝑛 ∀ 𝒈 𝒏 𝒐 𝒔 𝒒 . 𝑜 > 0 ∧ 𝑱𝒖𝒇𝒔 𝑔 𝑛 𝑜 − 1 𝑞 ∧ 𝑔 𝑜 𝑞 𝑠 𝑱𝒖𝒇𝒔 𝑔 𝑛 𝑜 𝑠 ∀ 𝒐 𝒔 . 𝑱𝒖𝒇𝒔 𝑩𝒆𝒆 0 𝑜 𝑠 𝑜 ≤ 𝑠 Quantification at higher-sorts: Literals headed by variables: ∀ at sort int → int → int → bool 𝑔 𝑜 𝑞 𝑠 ∶ bool

Standard semantics of sorts 𝑇 int All of the integers 𝑇 bool Two truth values, 𝐺 ⊆ 𝑈 𝑇 𝜏 → 𝜐 All functions from 𝑇 𝜏 to 𝑇 𝜐 ℳ ⊨ 𝑇 ∃𝑦: int → bool → bool . 𝐻 There is some predicate on sets of integers that makes 𝐻 true in ℳ

Least models and the monotone semantics

Theorem Satisfiable systems of higher-order constrained Horn clauses do not necessarily possess least models. (Least with respect to inclusion of relations)

Theorem Satisfiable systems of higher-order constrained Horn clauses do not necessarily possess least models. (Least with respect to inclusion of relations) 𝑇 one = ⋆ 𝑹 ∶ one → bool 𝑸 ∶ one → bool → bool → bool ∀𝑦. 𝑦 𝑹 ⇒ 𝑸 𝑦

𝑇 one = ⋆ 0 1 (⋆ 𝐺) (⋆ 𝑈) 𝑇 one → bool = 𝑇 one → bool → bool = 𝟏 𝐺 𝟏 𝐺 𝟏 𝐺 𝟏 𝐺 𝟐 𝑈 𝟐 𝑈 𝟐 𝑈 𝟐 𝑈

𝑹 ∶ one → bool ∀𝑦. 𝑦 𝑹 ⇒ 𝑸 𝑦 𝑸 ∶ one → bool → bool → bool 𝛽 𝑹 = 𝟏 𝟏 𝐺 𝟏 𝐺 𝛽 𝑸 = 𝐺 𝛽 𝑸 = 𝑈 𝟐 𝑈 𝟐 𝑈 𝟏 𝐺 𝟏 𝐺 𝛽 𝑸 = 𝐺 𝛽 𝑸 = 𝑈 𝟐 𝑈 𝟐 𝑈

𝑹 ∶ one → bool ∀𝑦. 𝑦 𝑹 ⇒ 𝑸 𝑦 𝑸 ∶ one → bool → bool → bool 𝛾 𝑹 = 𝟐 𝟏 𝐺 𝟏 𝐺 𝛾 𝑸 = 𝑈 𝛾 𝑸 = 𝑈 𝟐 𝑈 𝟐 𝑈 𝟏 𝐺 𝟏 𝐺 𝛾 𝑸 = 𝐺 𝛾 𝑸 = 𝐺 𝟐 𝑈 𝟐 𝑈

∀𝑦. 𝑦 𝑹 ⇒ 𝑸 𝑦 𝛽 𝑹 = 𝟏 𝛾 𝑹 = 𝟐 𝟏 𝐺 𝟏 𝐺 𝛽 𝑸 = 𝐺 𝛾 𝑸 = 𝑈 𝟐 𝑈 𝟐 𝑈 𝟏 𝐺 𝟏 𝐺 𝛽 𝑸 = 𝐺 𝛾 𝑸 = 𝐺 𝟐 𝑈 𝟐 𝑈 𝟏 𝐺 𝟏 𝐺 𝛽 𝑸 = 𝑈 𝛾 𝑸 = 𝑈 𝟐 𝑈 𝟐 𝑈 𝟏 𝐺 𝟏 𝐺 𝛽 𝑸 = 𝑈 𝛾 𝑸 = 𝐺 𝟐 𝑈 𝟐 𝑈

𝑦 𝑅 𝟏 𝐺 𝟏 = 𝑈 𝟐 𝑈 ⊆ ⊈ 𝟏 𝐺 𝟐 = 𝐺 𝟐 𝑈

Monotone semantics of sorts 𝑁 int All of the integers, ordered discretely 𝑁 bool Two truth values, 𝐺 ⊆ 𝑈 𝑁 𝜏 → 𝜐 All monotone functions from 𝑁 𝜏 to 𝑁 𝜐 ℳ ⊨ 𝑁 ∃𝑦: int → bool → bool . 𝐻 There is some monotone predicate on sets of integers that makes 𝐻 true in ℳ

𝑁 int → bool All sets of integers All upward closed sets of 𝑁 int → bool → bool sets of integers All upward closed sets of 𝑁 int → bool → bool → bool upward closed sets of sets of integers ⊭ 𝑦 ↦ 1 ∃𝑧𝑨. 𝑦 𝑧 ∧ 𝑧 𝑨

Standard Monotone semantics semantics Completely standard Bespoke satisfiability satisfiability problem problem with highly (modulo background theory) restricted class of models. in higher-order logic. No least model Least model arising in the usual way

Theorem Given set of higher-order constrained horn clauses H: o For each (standard) model 𝛾 of the standard semantics of H there is a (monotone) model 𝑉(𝛾) of the monotone semantics of H . o For each (monotone) model 𝛽 of the monotone semantics of H , there is a (standard) model 𝐽(𝛽) of the standard semantics of H .

Mapping models means mapping relations: 𝑁 int → bool → bool → bool 𝑇 int → bool → bool → bool

Mapping models means mapping relations: 𝑁 int → bool → bool → bool 𝑇 int → bool → bool → bool From monotone to standard: inclusion? 𝛽 𝑸 = {𝑌 ∈ 𝒬 𝒬 ℤ ∶ X upward closed } 𝛽 ⊨ 𝑁 ∀𝑦: int → bool → bool . 𝑢𝑠𝑣𝑓 ⇒ 𝑸 𝑦 𝛽 ⊭ 𝑇 ∀𝑦: int → bool → bool . 𝑢𝑠𝑣𝑓 ⇒ 𝑸 𝑦

𝑁 int → bool → bool → bool 𝐾 𝑇 int → bool → bool → bool Inclusion: constructs relations that are typically too small 𝑇 int → bool → bool → bool 𝑢 = ቊ𝑠(𝑢) 𝑗𝑔 𝑢 ∈ 𝑁 int → bool → bool 𝐾 𝑠 𝐺 𝑝𝑢ℎ𝑓𝑠𝑥𝑗𝑡𝑓 𝑇 int → bool → bool

𝑁 int → bool → bool → bool 𝐾 𝑑 𝑇 int → bool → bool → bool Complementary inclusion: constructs relations that are typically too large 𝑇 int → bool → bool → bool 𝑢 = ቊ 𝑠(𝑢) 𝑗𝑔 𝑢 ∈ 𝑁 int → bool → bool 𝐾 𝑑 𝑠 𝑈 𝑝𝑢ℎ𝑓𝑠𝑥𝑗𝑡𝑓 𝑇 int → bool → bool

Determine the value of standard relation 𝐾(𝑠) on non-(hereditarily) monotone input 𝑢 by considering the value of 𝑠 on: The largest (hereditarily) monotone relation of at most 𝑢 𝐾 𝑠 1 = 𝑠 ∅ The smallest (hereditarily) monotone relation of at least 𝑢 𝐽 𝑠 1 = 𝑠 1 , 1,2 , 1,2,3 , …

For each sort of relations 𝜍 : The uniquely determined upper adjoint of 𝐾 𝜍 𝐽 𝜍 𝑉 𝜍 𝑇 𝜍 𝑁 𝜍 𝑇 𝜍 𝑀 𝜍 𝐾 𝜍 The uniquely determined lower adjoint of 𝐽 𝜍 𝑐 𝑐 𝐾 𝑐𝑝𝑝𝑚 (𝑐) 𝐽 𝑐𝑝𝑝𝑚 (𝑐) = = 𝐾 𝑗𝑜𝑢→𝜍 (𝑠) 𝐽 𝑗𝑜𝑢→𝜍 (𝑠) 𝐽 𝜍 ∘ 𝑠 𝐾 𝜍 ∘ 𝑠 = = 𝐾 𝜍 2 ∘ 𝑠 ∘ 𝑉 𝜍 1 𝐽 𝜍 2 ∘ 𝑠 ∘ 𝑀 𝜍 1 𝐾 𝜍 1 →𝜍 2 (𝑠) 𝐽 𝜍 1 →𝜍 2 (𝑠) = =

𝐽 𝜍 𝑉 𝜍 𝑇 𝜍 𝑁 𝜍 𝑇 𝜍 𝑀 𝜍 𝐾 𝜍 Theorem Given set of higher-order constrained horn clauses H: o For each (standard) model 𝛾 of the standard interpretation of H there is a (monotone) model 𝑉(𝛾) of the monotone interpretation of H . o For each (monotone) model 𝛽 of the monotone interpretation of H , there is a (standard) model 𝐽(𝛽) of the standard interpretation of H .

Refinement Types in the rest of the paper

A refinement type system for solving the monotone satisfiability problem: Γ ⊢ 𝐻 ∶ 𝑐𝑝𝑝𝑚 𝜚 In models … is bounded above satisfying Γ … … the truth of goal 𝐻 … by constraint 𝜚 Typability reduces to first-order constrained Horn clause solving Given any refinement type 𝑈 and any goal term 𝐻 , 𝐻 ∶ 𝑈 can be expressed as a higher-order constrained Horn clause.

Future work

relative completeness? problem reduction? Higher-order program Higher-order First-order constrained safety problem constrained Horn Horn clause problem clause problem Refinements of type constructors: 𝑗𝑜𝑢 refined by 𝑄 ∶ 𝑗𝑜𝑢 → 𝑐𝑝𝑝𝑚 𝑀𝑗𝑡𝑢 refined by 𝑄 ∶ 𝛽 → 𝑐𝑝𝑝𝑚 → 𝑀𝑗𝑡𝑢 𝛽 → 𝑐𝑝𝑝𝑚

Thanks.

Atom Constraint e.g. Iter f m (n-1) p e.g. x > 3 e.g. f n p r 𝐻 ∷= 𝐵 𝐻 ∧ 𝐻 𝐻 ∨ 𝐻 𝜚 ∃𝑦: 𝜏. 𝐻 𝐸 ∷= 𝑢𝑠𝑣𝑓 𝐻 ⇒ 𝑌𝑧 1 … 𝑧 𝑙 𝐸 ∧ 𝐸 | ∀𝑦: 𝜏. 𝐸 Relational “unknown” e.g. Iter