Relational semantics of linear logic and higher-order model-checking

In this article, we develop a new and somewhat unexpected connection between higher-order model-checking and linear logic. Our starting point is the observation that once embedded in the relational semantics of linear logic, the Church encoding of any higher-order recursion scheme (HORS) comes together with a dual Church encoding of an alternating tree automata (ATA) of the same signature. Moreover, the interaction between the relational interpretations of the HORS and of the ATA identifies the set of accepting states of the tree automaton against the infinite tree generated by the recursion scheme. We show how to extend this result to alternating parity automata (APT) by introducing a parametric version of the exponential modality of linear logic, capturing the formal properties of colors (or priorities) in higher-order model-checking. We show in particular how to reunderstand in this way the type-theoretic approach to higher-order model-checking developed by Kobayashi and Ong. We briefly explain in the end of the paper how his analysis driven by linear logic results in a new and purely semantic proof of decidability of the formulas of the monadic second-order logic for higher-order recursion schemes.Comment: 24 pages. Submitte

Using models to model-check recursive schemes

We propose a model-based approach to the model checking problem for recursive schemes. Since simply typed lambda calculus with the fixpoint operator, lambda-Y-calculus, is equivalent to schemes, we propose the use of a model of lambda-Y-calculus to discriminate the terms that satisfy a given property. If a model is finite in every type, this gives a decision procedure. We provide a construction of such a model for every property expressed by automata with trivial acceptance conditions and divergence testing. Such properties pose already interesting challenges for model construction. Moreover, we argue that having models capturing some class of properties has several other virtues in addition to providing decidability of the model-checking problem. As an illustration, we show a very simple construction transforming a scheme to a scheme reflecting a property captured by a given model.Comment: Long version of a paper presented at TLCA 201

Indexed linear logic and higher-order model checking

In recent work, Kobayashi observed that the acceptance by an alternating tree automaton A of an infinite tree T generated by a higher-order recursion scheme G may be formulated as the typability of the recursion scheme G in an appropriate intersection type system associated to the automaton A. The purpose of this article is to establish a clean connection between this line of work and Bucciarelli and Ehrhard's indexed linear logic. This is achieved in two steps. First, we recast Kobayashi's result in an equivalent infinitary intersection type system where intersection is not idempotent anymore. Then, we show that the resulting type system is a fragment of an infinitary version of Bucciarelli and Ehrhard's indexed linear logic. While this work is very preliminary and does not integrate key ingredients of higher-order model-checking like priorities, it reveals an interesting and promising connection between higher-order model-checking and linear logic.Comment: In Proceedings ITRS 2014, arXiv:1503.0437

A Type-Directed Negation Elimination

In the modal mu-calculus, a formula is well-formed if each recursive variable occurs underneath an even number of negations. By means of De Morgan's laws, it is easy to transform any well-formed formula into an equivalent formula without negations -- its negation normal form. Moreover, if the formula is of size n, its negation normal form of is of the same size O(n). The full modal mu-calculus and the negation normal form fragment are thus equally expressive and concise. In this paper we extend this result to the higher-order modal fixed point logic (HFL), an extension of the modal mu-calculus with higher-order recursive predicate transformers. We present a procedure that converts a formula into an equivalent formula without negations of quadratic size in the worst case and of linear size when the number of variables of the formula is fixed.Comment: In Proceedings FICS 2015, arXiv:1509.0282

Recursive Schemes, Krivine Machines, and Collapsible Pushdown Automata

Higher-order recursive schemes offer an interesting method of approximating program semantics. The semantics of a scheme is an infinite tree labeled with built-in constants. This tree represents the meaning of the program up to the meaning of built-in constants. It is much easier to reason about properties of such trees than properties of interpreted programs. Moreover some interesting properties of programs are already expressible on the level of these trees. Collapsible pushdown automata (CPDA) give another way of generating the same class of trees as the schemes do. We present two relatively simple translations from recursive schemes to CPDA using Krivine machines as an intermediate step. The later are general machines for describing computation of the weak head normal form in the lambda- calculus. They provide the notions of closure and environment that facilitate reasoning about computation

Typing weak MSOL properties

International audienceWe consider non-interpreted functional programs: the result of the execution of a program is its normal form, that can be seen as the tree of calls to built-in operations. Weak monadic second-order logic (wMSO) is well suited to express properties of such trees. This is an extension of first order logic with quantification over finite sets. Many behavioral properties of programs can be expressed in wMSO. We use the simply typed lambda calculus with the fixpoint operator, $\lambda Y$-calculus, as an abstraction of functional programs that faithfully represents the higher-order control flow. We give a type system for ensuring that the result of the execution of a $\lambda Y$-program satisfies a given wMSO property. The type system is an extension of a standard intersection type system with both: the least-fixpoint rule, and a restricted version of the greatest-fixpoint rule. In order to prove soundness and completeness of the system we construct a denotational semantics of $\lambda Y$-calculus that is capable of computing properties expressed in wMSO. The model presents many symmetries reflecting dualities in the logic and has also other applications on its own. The type system is obtained from the model following the domain in logical form approach

LambdaY-Calculus With Priorities

International audienceThe lambdaY-calculus with priorities is a variant of the simply-typed lambda calculus designed for higher-order model-checking. The higher-order model-checking problem asks if a given parity tree automaton accepts the Böhm tree of a given term of the simply-typed lambda calculus with recursion. We show that this problem can be reduced to the same question but for terms of lambdaY-calculus with priorities and visibly parity automata; a subclass of parity automata. The latter question can be answered by evaluating terms in a simple powerset model with least and greatest fixpoints. We prove that the recognizing power of powerset models and visibly parity automata are the same. So, up to conversion to the lambdaY-calculus with priorities, powerset models with least and greatest fixpoints are indeed the right semantic framework for the model-checking problem. The reduction to lambdaY-calculus with priorities is also efficient algorithmically: it gives an algorithm of the same complexity as direct approaches to the higher-order model-checking problem. This indicates that the task of calculating the value of a term in a powerset model is a central algo-rithmic problem for higher-order model-checking

Homogeneity Without Loss of Generality

We consider higher-order recursion schemes as generators of infinite trees. A sort (simple type) is called homogeneous when all arguments of higher order are taken before any arguments of lower order. We prove that every scheme can be converted into an equivalent one (i.e, generating the same tree) that is homogeneous, that is, uses only homogeneous sorts. Then, we prove the same for safe schemes: every safe scheme can be converted into an equivalent safe homogeneous scheme. Furthermore, we compare two definition of safe schemes: the original definition of Damm, and the modern one. Finally, we prove a lemma which illustrates usefulness of the homogeneity assumption. The results are known, but we prove them in a novel way: by directly manipulating considered schemes

Recursion Schemes and the WMSO+U Logic

We study the weak MSO logic extended by the unbounding quantifier (WMSO+U), expressing the fact that there exist arbitrarily large finite sets satisfying a given property. We prove that it is decidable whether the tree generated by a given higher-order recursion scheme satisfies a given sentence of WMSO+U

On the Termination Problem for Probabilistic Higher-Order Recursive Programs

In the last two decades, there has been much progress on model checking of both probabilistic systems and higher-order programs. In spite of the emergence of higher-order probabilistic programming languages, not much has been done to combine those two approaches. In this paper, we initiate a study on the probabilistic higher-order model checking problem, by giving some first theoretical and experimental results. As a first step towards our goal, we introduce PHORS, a probabilistic extension of higher-order recursion schemes (HORS), as a model of probabilistic higher-order programs. The model of PHORS may alternatively be viewed as a higher-order extension of recursive Markov chains. We then investigate the probabilistic termination problem -- or, equivalently, the probabilistic reachability problem. We prove that almost sure termination of order-2 PHORS is undecidable. We also provide a fixpoint characterization of the termination probability of PHORS, and develop a sound (but possibly incomplete) procedure for approximately computing the termination probability. We have implemented the procedure for order-2 PHORSs, and confirmed that the procedure works well through preliminary experiments that are reported at the end of the article