Abstract
We present techniques for applying a finite relational model finder to logical specifications that involve high-level definitional principles such as (co)inductive predicates, (co)algebraic datatypes, and (co)recursive functions. In contrast to previous work, which focused on algebraic datatypes and restricted occurrences of unbounded quantifiers in formulas, we can handle arbitrary formulas by means of a three-valued Kleene logic. The techniques form the basis of the counterexample generator Nitpick for Isabelle/HOL. As case studies, we consider formulas about an inductively defined context-free grammar, a functional implementation of AA trees, and a coalgebraic list datatype.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
The use of the word “scope” for a domain specification is consistent with Jackson (2006).
Other authors formulate corecursion in terms of selectors instead of constructors (Jacobs and Rutten 1997).
Because of bound declarations, which refer to atoms by name, FORL atoms are generally not interchangeable. Kodkod’s symmetry breaker infers symmetries (classes of atoms that can be permuted with each other) from the bound declarations and generates additional constraints to rule out needless permutations (Torlak and Jackson 2007). This usually speeds up model finding, especially for higher cardinalities.
Metatheoretic functions here and elsewhere are defined using sequential pattern matching.
We could gain some precision by returning \(\mathsf{if}\,\mathsf{T}\langle{\hskip-2pt}\langle u_1\rangle{\hskip-2pt}\rangle \simeq\mathsf{T}\langle{\hskip-2pt}\langle u_2\rangle{\hskip-2pt}\rangle\,\mathsf{then\,T}\langle{\hskip-2pt}\langle u_1\rangle{\hskip-2pt}\rangle\,\mathsf{else\,none}\) instead.
These names were chosen for readability; any fresh names would do.
References
Ahrendt, W. (2002). Deductive search for errors in free data type specifications using model generation. In A. Voronkov (Ed.), CADE-18 (Vol. 2392 of LNAI, pp. 211–225). Springer.
Andersson, A. (1993). Balanced search trees made simple. In F. K. H. A. Dehne, N. Santoro, & S. Whitesides (Eds.), WADS 1993 (Vol. 709 of LNCS, pp. 61–70). Springer.
Balser, M., Reif, W., Schellhorn, G., Stenzel, K., & Thums, A. (2000). Formal system development with KIV. In T. Maibaum (Ed.), FASE 2000 (number 1783 in LNCS). Springer.
Berghofer, S., & Nipkow, T. (2004). Random testing in Isabelle/HOL. In J. Cuellar, & Z. Liu, (Eds.), SEFM 2004, (pp. 230–239). IEEE C.S.
Berghofer, S., & Wenzel, M. (1999). Inductive datatypes in HOL—lessons learned in formal-logic engineering. In Y. Bertot, G. Dowek, A. Hirschowitz, C. Paulin, & L. Théry, (Eds.), TPHOLs ’99 (Vol. 1690 of LNCS, pp. 19–36).
Biere, A., Cimatti, A., Clarke, E. M., & Zhu, Y. (1999). Symbolic model checking without BDDs. In R. Cleaveland (Ed.), TACAS ’99 (Vol. 1579 of LNCS, pp. 193–207). Springer.
Blanchette, J. C., & Krauss, A. (2010). Monotonicity inference for higher-order formulas. In J. Giesl, & R. Hähnle, (Eds.), IJCAR 2010 (Vol. 6173 of LNCS, pp. 91–106). Springer.
Blanchette, J. C., & Nipkow, T. (2010). Nitpick: A counterexample generator for higher-order logic based on a relational model finder. In M. Kaufmann, & L. Paulson (Eds.), ITP-10 (Vol. 6172 of LNCS, pp. 131–146). Springer.
Bulwahn, L., Krauss, A., & Nipkow, T. (2007). Finding lexicographic orders for termination proofs in Isabelle/HOL. In K. Schneider, & J. Brandt (Eds.), TPHOLs 2007 (Vol. 4732 of LNCS, pp. 38–53). Springer.
Church, A. (1940). A formulation of the simple theory of types. The Journal of Symbolic Logic, 5, 56–68.
Claessen, K., & Lillieström, A. (2009). Automated inference of finite unsatisfiability. In R. A. Schmidt (ed.), CADE-22 (Vol. 5663 of LNAI, pp. 388–403). Springer.
Claessen, K., & Sörensson, N. (2003). New techniques that improve MACE-style model finding. In MODEL.
Dunets, A., Schellhorn, G., & Reif, W. (2008). Bounded relational analysis of free datatypes. In B. Beckert, & R. Hähnle (Eds.), TAP 2008 (Vol. 4966 of LNCS, pp. 99–115). Springer.
Giesl, J., Schneider-Kamp, P., & Thiemann, R. (2006). AProVE 1.2: Automatic termination proofs in the dependency pair framework. In IJCAR 2006 (Vol. 4130 of LNAI, pp. 281–286).
Gordon, M. J. C., & Melham, T. F. (Eds.) (1993). Introduction to HOL: A theorem proving environment for higher order logic. Cambridge: Cambridge University Press.
Gunter E. L. (1993). Why we can’t have SML-style datatype declarations in HOL. In L. J. M. Claesen, & M. J. C. Gordon (Eds.), TPHOLs 1992, IFIP transactions (pp. 561–568). North-Holland/Elsevier.
Harrison, J. (1995). Inductive definitions: Automation and application. In E. T. Schubert, P. J. Windley, & J. Alves-Foss (Eds.), TPHOLs 1995 (Vol. 971 of LNCS, pp. 200–213). Springer.
Harrison, J. (1996). HOL Light: A tutorial introduction. In FMCAD ’96 (Vol. 1166 of LNCS, pp. 265–269). Springer.
Jackson, D. (2006). Software abstractions: Logic, language, and analysis. Cambridge: MIT Press.
Jacobs, B., & Rutten, J. (1997). A tutorial on (co)algebras and (co)induction. Bulletin of EATCS, 62, 222–259.
Kleene, S. C. (1938). On notation for ordinal numbers. The Journal of Symbolic Logic, 3(4), 150–155.
Kleene, S. C. (1956). Representation of events in nerve nets and finite automata. In J. McCarthy, & C. Shannon (Eds.), Automata ltudies (pp. 3–42). Princeton University Press.
Kozen, D. C. (1997). Automata and computability. Undergrad. Texts in C.S. Springer.
Krauss, A. (2009). Partial and nested recursive function definitions in higher-order logic. Journal of Automated Reasoning, 44(4), 303–336.
Kuncak, V., & Jackson, D. (2005). Relational analysis of algebraic datatypes. In H. C. Gall (Ed.), ESEC/FSE 2005.
Lochbihler, A. (2009). Private communication.
Lochbihler, A. (2010, February). Coinduction. In G. Klein, T. Nipkow, & L. C. Paulson (Eds.), The archive of formal proofs. http://www.afp.sourceforge.net/entries/Coinductive.shtml.
McCune, W. (1994). A Davis–Putnam program and its application to finite first-order model search: Quasigroup existence problems. Technical report, ANL.
Nipkow, T., Paulson, L. C., & Wenzel, M. (2002). Isabelle/HOL: A proof assistant for higher-order logic (Vol. 2283 of LNCS). Springer.
Paulson, L. C. (1994). A fixedpoint approach to implementing (co)inductive definitions. In A. Bundy (Ed.), CADE-12 (Vol. 814 of LNAI, pp. 148–161). Springer.
Jones, S. P. (Ed.) (2003). Haskell 98 language and libraries: The revised report. Cambridge: Cambridge University Press.
Ramananandro, T. (2008). Mondex, an electronic purse: Specification and refinement checks with the Alloy model-finding method. Formal Aspects of Computing, 20(1), 21–39.
Schumann, J. M. (2001). Automated theorem proving in software engineering. Berlin: Springer.
Slind, K., & Norrish, M. (2008). A brief overview of HOL4. In O. A. Mohamed, C. M. Noz, & S. Tahar (Eds.), TPHOLs 2008 (Vol. 5170 of LNCS, pp. 28–32).
Torlak, E., & Jackson, D. (2007). Kodkod: A relational model finder. In O. Grumberg, & M. Huth (Eds.), TACAS 2007 (Vol. 4424 of LNCS, pp. 632–647). Springer.
Weber, T. (2008). SAT-based finite model generation for higher-order logic. Ph.D. thesis, Dept. of Informatics, T.U. München.
Wenzel, M. (1997). Type classes and overloading in higher-order logic. In E. L. Gunter, & A. Felty (Eds.), TPHOLs 1997 (Vol. 1275 of LNCS, pp. 307–322). Springer.
Acknowledgments
I want to thank Sascha Böhme, Lukas Bulwahn, Andreas Lochbihler, Tobias Nipkow, Mark Summerfield, and the anonymous reviewers for suggesting many improvements to this article, and Alexander Krauss for helping to structure it. This work is supported by the Deutsche Forschungsgemeinschaft grant Ni 491/11-1.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Blanchette, J.C. Relational analysis of (co)inductive predicates, (co)algebraic datatypes, and (co)recursive functions. Software Qual J 21, 101–126 (2013). https://doi.org/10.1007/s11219-011-9148-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11219-011-9148-5