paper pdf - Lab for Automated Reasoning and Analysis - LARA

Structural Subtyping of Non-Recursive Types is DecidableViktor Kuncak and Martin RinardLaboratory for Computer ScienceMassachusetts Institute of TechnologyCambridge, MA 02139, USA{vkuncak, rinard}@lcs.mit.eduAbstractWe show that the first-order theory of structural subtypingof non-recursive types is decidable, as a consequence ofa more general result on the decidability of term powers ofdecidable theories.Let Σ be a language consisting of function symbols andlet C (with a finite or infinite domain C) be an L-structurewhere L is a language consisting of relation symbols. Weintroduce the notion of Σ-term-power of the structure C,denoted P Σ (C). The domain of P Σ (C) is the set of Σ-termsover the set C. P Σ (C) has one term algebra operation foreach f ∈ Σ, and one relation for each r ∈ L defined bylifting operations of C to terms over C.We extend quantifier elimination for term algebras andapply the Feferman-Vaught technique for quantifier eliminationin products to obtain the following result. Let K bea family of L-structures and K P the family of their Σ-termpowers.Then the validity of any closed formula F on K Pcan be effectively reduced to the validity of some closed formulaq(F) on K.Our result implies the decidability of the first-order theoryof structural subtyping of non-recursive types with covariantconstructors, and the construction generalizes tocontravariant constructors as well.1. IntroductionIn this paper we show that the first-order theory of structuralsubtyping constraints for non-recursive types is decidable.We show this result as a consequence of a more generalresult on the decidability of term powers of decidabletheories, which we show using quantifier elimination.Subtyping Constraints. Subtyping constraints are an importanttechnique for checking and inferring program prop-∗ Appears in the Proceedings of the Eighteenth Annual IEEE Symposiumon Logic in Computer Science, Ottawa, Canada, June 2003. Formore information, seewww.mit.edu/∼vkuncak/papers/SubtypingDecidableLICSerties, used both in type systems and program analyses. Thestudy of subtyping constraints is therefore important fordeveloping techniques that increase the reliability of programs.Subtyping was introduced through the subsumption rulein [29]. [4, 24, 21] treat subtyping in the presence of recursivetypes. [49] shows that terms typable in a system withstructural subtyping denote terminating computations. [12]treats intersection types in ML in the presence of computationaleffects. [15] presents an extension of ML that allowsa more precise typing of programs than the standard MLtype system. [34] shows the equivalence of non-structuralsubtyping and flow-analysis. Set constraints are related tothe subtyping constraints and form the basis of several programanalyses [2, 1, 7, 8, 5, 17].The applications of type systems with subtyping havemotivated the study of the complexity and the decidabilityof the subtyping constraints. [19] shows that typabilityis equivalent to the satisfiability of a conjunction of atomicformulas in the language of structural subtyping constraints.[16] shows that the satisfiability for structural subtypingover an arbitrary structure of base types is in PSPACE. [45]shows that if the ordering on primitive types has the form of“crowns”, then the satisfiability is PSPACE hard. The needfor efficient handling of constraints arising from type inference,and the need for presenting results of type inference inhuman-readable form led the researchers to ask more generalproblems about subtyping constraints [35, 39]. [18]studies the entailment problem for structural subtyping andshows that if the ordering on the primitive types is a lattice,then the entailment is coNP complete. Because themore complicated notions of subtyping involve quantifiers[47, 42], it is natural to consider the decidability and thecomplexity of the full first-order theory of subtyping constraints.[32] studies the complexity and decidability propertiesof feature tree constraints with subsumption, which correspondclosely to subtyping constraints and have applicationsin constraint logic programming [3] and computa-

tional linguistics [37]. [32] shows that the first-order theoryof subtyping constraints of feature trees is undecidableand that the existential entailment problem is PSPACEcomplete.The first-order theory of non-structural subtypingconstraints has been shown to be undecidable [42]. Inthis paper we show that the first-order theory of structuralsubtyping of non-recursive types is decidable.This problem was left open in [42]. [42] shows thedecidability of the first-order theory of non-structural subtypingfor the special cases of one unary constructor symbol(where the problem is solved using tree automata techniques),as well as for the special case of one constant symbol(where the problem reduces to the decidability of termalgebras).Contribution. The main contribution of this paper is aproof that a term power of a structure with a decidable firstordertheory is a structure with a decidable first-order theory.This result directly implies that the first-order theory ofstructural subtyping of non-recursive types is decidable. Inaddition, we believe that the decidability of term powers isof general interest and may be useful for constructing decisionprocedures in automated theorem proving. The complexityof the decidability problem for term powers is nonelementarybecause term powers extend term algebras. Thenon-elementary bound applies to term algebras as a consequenceof the lower bound on the theory of pairing functions[14], see also [11].Previous Quantifier Elimination Results. We show ourdecidability result using quantifier elimination. Quantifierelimination [20, Section 2.7] is a fruitful technique that hasbeen used to show decidability and classification of booleanalgebras [40, 44], Presburger arithmetic [36], decidability ofproducts [30, 13], [28, Chapter 12], and algebraically closedfields [43]. Directly relevant to our work are quantifiereliminationtechniques for term algebras [28, Chapter 23],[27, 41]. Several extensions of term algebras have beenshown decidable using quantifier elimination. [9] gives aterminating term rewriting system for quantifier eliminationin term algebras with membership constraints, [38] givesquantifier elimination for term algebras with queues, [6]presents quantifier elimination for the first-order theory offeature trees with arity predicates. [46] shows the decidabilityof any feature tree structure whose edge labels areelements of a decidable structure, and [48] shows the decidabilityof the monadic second-order theory of an infinitebinary tree whose edges come from a structure with a decidablemonadic second-order theory. Compared to structuresin [46], term powers allow the additional lifted relationsbetween trees, which perform a global comparison ofall leaves in a tree. It may be possible to combine our techniquewith [46] to obtain a family of decidable structuresparameterized by both the edge label theory and the leaf theory.The main difficulty in applying the result of [48] to thedecidability of the full first-order theory of structural subtypingstems from the need to simultaneously represent 1)selector operations on trees (which require operations thatmanipulate the initial segments of paths in a tree) and 2) theprefix-closure property of the tree domain (which requiresoperations that manipulate the terminal segment of paths ina tree), see [31], [25, Section 7].Preliminaries. If A is a set, write |A| to denote the cardinalityof A. An L-structure (model) is a set together withfunctions and relations interpreting the language L. If Sis an L-structure and r ∈ L a function or relation symbol,write ar(r) to denote the arity of r. (Arity is a nonnegativeinteger.) Write r S to denote the interpretation ofr in structure S. An L-formula is a first-order formula in thelanguage L. A sentence is a closed formula. If K is a familyof L-structures, the theory of K is the set of all L-sentencesthat are true in all structures S ∈ K. If F is a sentence, thenF K = true if F is in the theory of K and F K = falseotherwise. The notation 〈E i 〉 k i denotes the list E 1, . . . , E k(if k is omitted, it is understood from the context).1.1. Structural Subtyping and Σ-Term-PowerWe introduce the notion of the Σ-term-power of somestructure C as a generalization of the structure that arises instructural subtyping.We represent primitive types in structural subtyping asan L C -structure C with the carrier C. We call C the basestructure. We assume that L C contains only relation symbolsbecause functions and constants can be represented asrelations.We represent type constructors as free operations in theterm algebra with a finite signature Σ. Because we representthe primitive types as elements of C, we do not needconstants in Σ, so we assume ar(f) ≥ 1 for each f ∈ Σ.Before defining term powers, we review the notion of afinite power of a C structure, which is a special case of directproducts of structures [20, Section 9.1, Page 413].Definition 1 (Finite Power) Let m > 0 be a positive integerand I m = {0, . . .,m − 1}. The structure C m is definedas follows. The domain of C m is the set C Im of all totalfunctions from I m to C. Each relation r ∈ L C is interpretedbyr Cm (〈t j 〉 j ) = ({i | r C (〈t j (i)〉 j )} = I m )The notion of term power is the central notion of this paper.Definition 2 (Term Power) The Σ-term-power of C is astructure P = P Σ (C), defined as follows. Let Σ ′ = Σ ∪ C.2

The domain of P is the set P of finite ground Σ ′ -terms,where we let ar(c) = 0 for c ∈ C.The structure P has the language L P = Σ ∪ L C ∪{Is PRI }. A constructor f ∈ Σ is interpreted in P as in thefree term algebra:f P (〈t j 〉 j ) = f(〈t j 〉 j )If r ∈ L C with ar(r) = n then r P is the least relation ρsuch that:1. if r C (〈c j 〉 n j ) then ρ(〈c j〉 n j )2. if ρ(〈t ij 〉 n j ) for all i where 1 ≤ i ≤ k, and ar(f) = kthenρ(〈f(〈t ij 〉 k i ) n j 〉)Is PRI is a unary relation symbol interpreted byfor all p ∈ P .Is PRI P (p) ⇐⇒ p ∈ CThe reason for introducing Is PRI is that we allow C to beinfinite, but we keep L P finite. If there is a need to identifyexplicitly some elements of C as constants, we representthem as some of the unary relations r ∈ L C . Note furtherthat if F is a L C -formula and F ′ results from F by replacingquantifiers with quantifiers bounded by the Is PRI predicate,then F C η = F ′ P η for every valuation η of C.2. The Decidability ResultThe main result of this paper is the following Theorem 3,which states the existence of a quantifier-elimination algorithmfor term powers that is uniform with respect to thestructure C.Theorem 3 Let L C be a language consisting of relationsymbols, Σ a language consisting of function symbols, andL P the language of Σ-term-powers of L C -structures. Thereexists a quantifier-elimination algorithm q mapping L P -sentences to L C -sentences such that for every structure Cin the language L C and for every L P -sentence FF PΣ(C) = q(F) CProposition 4 follows directly from Theorem 3.Proposition 4 Let L C be a language consisting of relationsymbols, Σ a language consisting of function symbols, andL P the language of Σ-term-powers of L-structures. Thereexists a quantifier-elimination algorithm q mapping L P -sentences to L C -sentences with the following property. LetK be a family of L C structures andK P = {P Σ (C) | C ∈ K}the family of Σ-term-powers of structures in K.F KP = q(F) K for every L P -sentence F .ThenThe following Corollary 5 captures the consequence of Theorem3 for the theory of structural subtyping, it follows fromthe fact that the structure C = 〈C, ≤〉 for finite C and anybinary relation ≤ ⊆ C 2 is decidable.Corollary 5 Let C be a finite set of primitive types and≤ a binary relation on C representing an order on primitivetypes. Let Σ be a finite set of covariant constructors.Then the first-order theory of structural subtyping of nonrecursivetypes built from elements of C as constants usingconstructors in Σ is decidable.Our technique can be generalized to handle contravariantconstructors as well, see [25, Section 5.5]. The remainderof this paper sketches the proof of Theorem 3. Whenreading the proof the reader may find it useful to comparehow our technique works in two special cases: termalgebras [25, Section 3.4] and structural subtyping withtwo primitive types [25, Section 4]. In the case of structuralsubtyping with two primitive types it suffices to usequantifier-elimination for Boolean algebras [40] instead ofthe Feferman-Vaught theorem [30, 13].2.1. Proof PlanOur proof uses two main ideas.The first idea is to extend P into the extended termpower structure P E . The domain of the new structure P Eis inspired by the observation that if r is a partial orderwith a least element, then the relation t 1 ∼ t 2 definedby ∃t 0 .r P (t 0 , t 1 ) ∧ r P (t 0 , t 2 ) is a congruence relationon P with respect to the constructor operations f P forf ∈ Σ. Like [45, Page 313], we call the ∼ equivalenceclasses shapes. A shape is an abstraction of a term obtainedby throwing away the information about the constants occurringwithin the term, e.g. f(a, f(a, a)) and f(a, f(b, a))both have the shape f s (c s , f s (c s , c s )). We introduce shapesas explicit elements of P E , and introduce into the languageof P E the homomorphism sh mapping terms to theirshapes. Our next observation is that elements of the same∼-equivalence class s together with the operations r P forr ∈ L C form a finite power structure C m where m is thenumber of constants occurring in the shape s. This allowsus to use the Feferman-Vaught theorem [13, 30] as a stepin our quantifier elimination algorithm. To enable the applicationof the Feferman-Vaught technique, we introducefor every n and for every L C -formula φ(〈x i 〉 n i ) whose variablesare among 〈x i 〉 n i relations (|φ(〈x i 〉 n i )|=k)(s, 〈t i〉 n i )and (|φ(〈x i 〉 n i )|≥k)(s, 〈t i〉 n i ) of arity n + 1. We call theserelations cardinality constraints. Our cardinality constraintsgeneralize the relations in [30] by introducing an additionalshape argument s.The second idea of our proof is the choice of canonicalformulas, which we call structural base formulas. Structuralbase formulas are existentially quantified conjunctions3

¬, ∧, ∨✲quantifier-freeformulaProposition 13✲✛Proposition 25disjunction ofstruct. base formulasFigure 1. Scheme of Quantifier Eliminationof unnested literals that satisfy certain consistency rules.These consistency rules help justify the elimination of aquantified variable u because they ensure that the remainingconjuncts in the structural base formula entail all the relationshipsbetween the remaining variables that are a consequenceof the existence of u.Figure 1 gives a schematic view of our quantifier eliminationalgorithm for term powers. On the one hand, existentiallyquantifying a structural base formula yields a structuralbase formula because structural base formulas are existentiallyquantified conjunctions. On the other hand, theconjunction, disjunction, and most importantly, negation,of a quantifier-free formula yields a quantifier-free formula.Quantifier elimination therefore reduces to finding an effectivetransformation from quantifier-free formulas to disjunctionof structural base formulas (Proposition 13), and fromstructural base formulas to quantifier-free formulas (Proposition25).Applying Proposition 13, then applying existential quantificationand then applying Proposition 25 to obtain a quantifierfree formula corresponds to the usual method of eliminatingquantifiers from conjunctions of literals [20, Lemma2.7.4, Page 70]. Dually, applying Proposition 25, negatingthe resulting quantifier-free formula and then applyingProposition 13 corresponds to the elimination of quantifieralternations [10, 46], [28, Chapter 23].Several operations in the extended structure P E are naturallyviewed as partial operations. We use Kleene’s threevaluedlogic [23, Page 334], [22] to give a systematic accountof partial functions in quantifier elimination, see [25,Section 2.3]. The use of partial functions and the threevaluedlogic in quantifier elimination can be avoided, butwe find that it naturally captures the ideas of our quantifierelimination algorithm.2.2. Extended Term Power StructureFor the purpose of quantifier elimination we define thestructure P E by extending the domain and the set of operationsof the term power structure P.The domain of P E is P E = P ∪ P S where P S is the setof shapes defined as follows. Let Σ s = {c s } ∪ {f s | f ∈ Σ}be a set of function symbols such that c s is a fresh constantsymbol with ar(c s ) = 0 and f s are fresh distinct constant✛∃symbols with ar(f s ) = ar(f) for each f ∈ Σ. The set ofshapes P S is the set of ground Σ s -terms. When referringto elements of P E by term we mean an element of P ; byshape we mean an element of P S . We write X s to denotean entity pertaining to shapes as opposed to terms, so x s , u sdenote variables ranging over shapes, and t s denotes termsthat evaluate to shapes.To specify the semantics of cardinality constraints, wedefine the sets φ(x 1 , . . . , x k ) PE (s, t 1 , . . . , t k ). We makea parallel with finite direct products [13, Definition 2.1,Page 63], [20, Section 9.6, Page 458].Definition 6 (Index Sets for Products) If φ(〈x j 〉 n j ) is anL C -formula whose variables are among 〈x j 〉 n j and〈t j 〉 n j : I m → C, thenφ(〈x j 〉 n j ) Cm (〈t j 〉 n j ) = {i ∈ I m | φ〈x j 〉 n j C (〈t j (i)〉 n j )}Define |φ(〈x j 〉 n j )|=kCm (〈t j 〉 n j ) as|φ(〈x j 〉 n j ) Cm (〈t j 〉 n j )| = k,similarly for |φ(〈x j 〉 n j )|≥kCm (〈t j 〉 n j ).In the case of term powers, we replace the notion of an indexi ∈ I m by the notion of a leaf of the tree representing a term,as follows.Definition 7 (Leaf Sets for Term Powers) If s is a shape,we call the set of positions of constant c s in s leaves of s,and denote this set by leaves(s). We represent each leaf asa sequence of pairs 〈f, i〉 where f is a constructor of arityk and 1 ≤ i ≤ k. If l ∈ leaves(s) and sh(t) = s, thent[l] denotes the element c ∈ C at position l in term t i.e. ifl = 〈f 1 , i 1 〉...〈f n , i n 〉 thenDefine:t[l] = f n i n(. . . f2 i 2(f1 i 1(t))...)φ(〈x j 〉 n j )PE (s, 〈t j 〉 n j ) ={l ∈ leaves(s) | φ(〈x j 〉 n j )C (〈t j [l]〉 n j ) }Definition 8 (Extended Term Power) The extended termpower structure P E contains term algebra operations onterms and shapes (including selector operations and testsas in [20, Page 61]), the homomorphism sh, and cardinalityconstraint relations |φ|=k and |φ|≥k, defined as follows:1. constructors in the term algebra of terms, f ∈ Σf PE (〈t j 〉 k j )=f(〈t j〉 k j );2. selectors in the term algebra of terms,f i PE (f(〈t j 〉 k j )) = t i;3. constructor tests in the term algebra of terms,Is f PE (t) = ∃〈t j 〉 k j . t = f(〈t j〉 k j ),Is PRI PE (t) = (t ∈ C);4

4. constructors in the term algebra of shapes, f s ∈ Σ sf s PE (〈t s j 〉k j ) = fs (〈t s j 〉k j );5. selectors in the term algebra of shapes,f s i PE (f s (〈t s j 〉k j )) = ts i ;6. constructor tests in the term algebra of shapes,Is f s PE (t s ) = ∃〈t s j 〉k j . ts = f s (〈t s j 〉k j );7. the homomorphism mapping terms to shapes suchthat:sh PE (f(〈t j 〉 k j )) =shapified(f)(〈sh PE (t j )〉 k j )where shapified(x)=c s if x ∈ C and shapified(f)=f sif f ∈ Σ;8. cardinality constraint relationsand|φ(〈x j 〉 n j )|=kPE (s, 〈t j 〉 n j ) =|φ(〈x j 〉 n j )PE (s, 〈t j 〉 n j )| = k|φ(〈x j 〉 n j )|≥kPE (s, 〈t j 〉 n j ) =|φ(〈x j 〉 n j )PE (s, 〈t j 〉 n j )|≥kwhere φ(〈x j 〉 n j ) is is a first-order formula over thebase-structure language L C with free variables〈x j 〉 n j , argument s is a shape, arguments 〈t j〉 n j areterms, and k is a nonnegative integer constant.The following equations follow from Definition 8 and Definition7 and can be used as an equivalent alternative definitionof cardinality constraints:|φ(〈x j 〉 n j )PE (c s , 〈c j 〉 n j )| ={ 1, φ(〈xj 〉 n j )C (〈c j 〉 n j )0, ¬φ(〈x j 〉 n j )C (〈c j 〉 n j )|φ(〈x j 〉 n j (f s (〈s )PE i 〉 k i ), 〈f(〈t ij〉 k i )〉n j )|= ∑ ki=1 |φ(〈x j〉 n j (s )PE i , 〈t ij 〉 n j )| (1)We write |φ(〈t j 〉 n j )| s=k as a shorthand for the atomicformula (|φ(〈x j 〉 n j )|=k)(s, 〈t j〉 n j ), similarly for|φ(〈t j 〉 n j )| s≥k. This is more than a notational convenience,see [25] for an approach which introduces sets ofleaves as elements of the domain of P E and defines a cylindricalgebra interpreted over sets of leaves. The approachin the present paper follows [30] in merging the quantifierelimination for products and quantifier elimination forboolean algebras.Some of the operations in P E are partial. f i (t) is definediff Is f (t) holds, fi s(ts ) is defined iff Is f s(t s ) holds.Cardinality constraints |φ(〈t j 〉 n j )| t s=k and |φ(〈t j〉 n j )| t s≥kare defined iff ∧ n i=1 sh(t i)=t s holds. We assume that a termevaluates to ⊥ if some term operation is undefined. Partialand total operations are strict in ⊥; when a value of atomicformula is undefined it evaluates to undef. Logical operationsand quantifiers are interpreted as in Kleene’s threevaluedlogic with truth values {false, undef, true}. We saythat a formula is well-defined iff it evaluates to true or false(as opposed to undef) for every valuation assigning valuesto free variables. The structure P E has the property thatthe domain of every partial function is expressible as a conjunctionof atomic formulas. This property enables transformationof each well-defined quantifier-free formula to adisjunction of well-defined conjunctions in Proposition 13,see also [25, Section 2.3].The structure P E is at least as expressive as P becausethe only operations or relations present in P but not in P Eare r P for r ∈ L C , and we can express r P (t 1 , . . . , t k )ask∧|¬r(〈t j 〉 n j )| sh(t 1)=0 ∧ sh(t i ) = sh(t 1 ) (2)i=2By a quantifier-free formula we mean a formula withoutquantifiers outside cardinality constraints, e.g. the formula|∀x.x ≤ t| x s = k is quantifier-free.We define a subclass of quantifier-free cardinality constraintscalled primitive formulas, denoted prim(φ) for everyL C -sentence φ: prim(φ) ≡ |φ| c s = 1. Note thatprim(φ) PΣ(C) = φ C (3)so for a given concrete structure C we may replace primitiveformulas with true and false. We nevertheless retainprimitive formulas throughout the quantifier elimination algorithm.This ensures that our quantifier elimination algorithmis uniform with respect to the base structure C. In thesequel we therefore assume some fixed structure C and proceedto give a quantifier elimination algorithm that performsequivalence-preserving transformations with respect to theextended term power P E corresponding to P Σ (C).2.3. Structural Base FormulasOur quantifier-elimination algorithm is centered aroundcertain existentially quantified unnested conjunctions of literals.We call these conjunctions structural base formulas.We first introduce several auxiliary definitions. Letdistinct(u 1 , . . . , u n ) be a shorthand for ∧ 1≤i

Definition 9 (Base Formula) A base formula with• free term variables x 1 , . . .,x m ;• internal non-parameter term variables u 1 , . . . , u p ;• internal parameter term variables u p+1 , . . . , u p+q ;is a formula of the form:base(u 1 , . . .,u n , x 1 , . . . , x m ) =p∧u i = t i (u 1 , . . . , u n ) ∧i=1∧ distinct(u 1 , . . . , u n )m ∧i=1x i = u jiwhere n = p + q, each t i is a term of the formf(u i1 , . . . , u ik ) for some f ∈ Σ, k = ar(f), and j :{1, . . ., m} → {1, . . .,n} is a function mapping indicesof free term variables to indices of internal term variables.We require each base formula to satisfy the followingconditions:C1) base does not violate the occur-check [26, 10]:¬(u + baseu) for every variable u occurring in base;C2) congruence closure property: there are no two distinctvariables u i and u j such that both u i =f(u l1 , . . .,u lk ) and u j = f(u l1 , . . .,u lk ) occur asconjuncts in base.The following Lemma 10 is important for quantifierelimination in term algebras and term powers.Lemma 10 Let β be a base formula of the form∃u 1 , . . .,u p , u p+1 , . . . , u p+q . β 0where u p+1 , . . .,u p+q are parameter variables of β, andβ 0 is quantifier-free. Let S p+1 , . . . , S p+q be infinite sets ofterms. Then there exists a valuation σ such that β 0 σ =true and u i σ ∈ S i for p + 1 ≤ i ≤ p + q.The notion of base formula and Lemma 10 apply to termsP as well as shapes P S in the structure P E because shapesare also terms over the alphabet Σ s . For brevity we write u ∗for an internal shape or term variable, and similarly x ∗ for afree shape or term variable, t ∗ for terms, f ∗ for a constructorin the term algebra of terms or shapes, and fi ∗ for a selectorin the term algebra of terms or shapes.Definition 11 below introduces structural base formulas.The disjunction of structural base formulas can bethought of as a normal form for existential formulas interpretedover P E . A structural base formula contains a copyof a base formula for shapes (shapeBase), a base formulafor terms but without term disequalities (termBase), a formulaexpressing mapping of term variables to shape variables(termHom), and cardinality constraints on term parameterand primitive non-parameter variables of the termbase formula (cardin). A structural base formula containsseveral kinds of variables, classified according to the positionsin which they appear within the structural base formula.Free variables are the free variables of the structuralbase formula; internal variables are the existentially quantifiedvariables. Parameter variables are variables whosetop-level constructor is not specified by the structural baseformula, in contrast to non-parameter variables. Primitivenon-parameter term variables denote terms in C, composednon-parameter term variables denote terms in P \ C.Definition 11 (Structural Base Formula)A structural base formula with:• free term variables x 1 , . . . , x m ;• internal composed non-parameter term variablesu 1 , . . .,u r ;• internal primitive non-parameter term variablesu r+1 , . . . , u p ;• internal parameter term variables u p+1 , . . .,u p+q ;• free shape variables x s 1 , . . .,xs m s;• internal non-parameter shape variables u s 1, . . . , u s p s;• internal parameter shape variables u s p s, . . . , us p s +q sis a formula of the form:∃u 1 , . . .,u n , u s 1, . . . , u s n s.shapeBase(u s 1 , . . . , us n s, xs 1 , . . .,xs m s) ∧termBase(u 1 , . . . , u n , x 1 , . . . , x m ) ∧termHom(u 1 , . . .,u n , u s 1 , . . .,us n s) ∧cardin(u r+1 , . . . , u n , u s p s +1 , . . . , us n s)where n = p + q, n s = p s + q s , and formulas shapeBase,termBase, termHom, cardin are defined as follows.shapeBase(u s 1 , . . . , us n s, xs 1 , . . . , xs m s) =∧p si=1u s i = t i(u s 1, . . .,u s ms∧ns) ∧ x s i = us j i∧ distinct(u s 1 , . . . , us n )i=1where each t i is a shape term of the form f s (u s i 1, . . . , u s i k)for some f ∈ Σ 0 , k = ar(f), andj : {1, . . .,m s } → {1, . . ., n s } is a function mappingindices of free shape variables to indices of internal shapevariables.termBase(u 1 , . . . , u n , x 1 , . . . , x m ) =r∧p∧u i = t i (u 1 , . . . , u n ) ∧ Is PRI (u i ) ∧i=1m∧x i = u jii=1i=r+1where each t i is a term of the form f(u i1 , . . . , u ik ) forsome f ∈ Σ, k = ar(f), and j : {1, . . .,m} → {1, . . ., n}6

is a function mapping indices of free term variables toindices of internal term variables.termHom(u 1 , . . .,u n , u s 1 , . . .,us n s) =n ∧i=1sh(u i ) = u s j iwhere j : {1, . . .,n} → {1, . . .,n s } is a function such that{j 1 , . . .,j p } ⊆ {1, . . ., p s } and{j p+1 , . . .,j p+q } ⊆ {p s + 1, . . . , p s + q s } (a term variableis a parameter variable iff its shape is a parameter shapevariable).cardin(u r+1 , . . .,u n , u s p s +1 , . . .,us n s) = ψ 1 ∧ · · · ∧ ψ dwhere each ψ i is a cardinality constraint of the formor|φ(u j1 , . . . , u jl )| u s = k|φ(u j1 , . . . , u jl )| u s ≥ kwhere {j 1 , . . . , j l } ⊆ {r + 1, . . .,n} and the conjunctsh(u jd ) = u s occurs in termHom for 1 ≤ d ≤ l. Werequire each structural base formula to satisfy thefollowing conditions:P0) shapeBase does not violate the occur-check:¬(u s + shapeBase us ) for every shape variable u soccurring in shapeBase;P1) congruence closure property for shapeBasesubformula: there are no two distinct variables u s i andu s j such that both us i = f(us l 1, . . .,u s l k) andu s j = f(us l 1, . . .,u s l k) occur as conjuncts in formulashapeBase;P2) congruence closure property for termBasesubformula: there are no two distinct variables u i andu j such that both u i = f(u l1 , . . .,u lk ) andu j = f(u l1 , . . .,u lk ) occur as conjuncts in formulatermBase;P3) homomorphism property of sh: for every composednon-parameter term variable u such thatu = f(u i1 , . . . , u ik ) occurs in termBase, if conjunctsh(u) = u s occurs in termHom, then for some shapevariables u s j 1, . . . , u s j kterm u s = f s (u s j 1, . . .,u s j k)occurs in shapeBase where f s = shapified(f) and forevery r where 1 ≤ r ≤ k, conjunct sh(u ir ) = u s j roccurs in termHom; furthermore:for every primitive non-parameter variable u (i.e. us.t. Is PRI (u) occurs in termBase), conjunct sh(u) = u soccurs in termHom where u s is the shape variablesuch that u s = c s occurs in shapeBase.As a special case, we allow quantifier-free formulas prim(φ)in cardin. Note that ¬(u + termBaseu) for each term variableu follows from P0) and P3). An immediate consequenceof Definition 11 is the following Proposition 12.Proposition 12 (Quantification of Structural Base) If βis a structural base formula and x a free shape or termvariable in β, then there exists a structural structural baseformula β 1 equivalent to ∃x.β.For example, if β ≡ ∃u, u s . sh(u)=u s ∧ x=u then ∃x.βis equivalent to ∃u, u s . sh(u)=u s where x=u conjunct wasremoved.We proceed to show that a quantifier-free formula can bewritten as a disjunction of structural base formulas, and astructural base formula can be written as a quantifier-freeformula.2.4. Conversion to Structural Base FormulasThe conversion to structural base formulas builds on theconversion to disjunctions of well-defined conjunctions ofunnested literals [25, Section 2.3], congruence closure algorithms[33], and the equality (1).Proposition 13 (Quantifier-Free to Structural Base)Every well-defined quantifier-free formula φ is equivalenton P E to true, false, or a disjunction of structural baseformulas.Proof Sketch. We outline an algorithm for converting φinto a disjunction of structural base formulas. Rules for performingthe transformation are presented in the Appendix.First convert φ into the disjunctive normal form (DNF)using rules DNF. These rules are valid in three-valued logicbecause the three-valued domain is a distributive lattice,¬ is idempotent and DeMorgan’s laws hold. For example,¬(Is f (x) ∧ y=f 1 (x)) gets transformed into ¬Is f (x) ∨y≠f 1 (x). The resulting DNF is well-defined, but the individualconjunctions (e.g. y≠f 1 (x)) need not be welldefined.Applying rules WDNF to all conjuncts yields adisjunction of well-defined conjunctions (e.g. y ≠ f 1 (x)becomes Is f (x) ∧ y ≠ f 1 (x)). This transformation preservesthe equivalence because the starting disjunction waswell-defined, see [25, Section 2.3].The next step converts the formula into the unnested(flat) form by introducing existentially quantified variablesfor subterms and free variables, using rules UNF (e.g.x=f(f(y, z), y) becomes ∃u. u=f(y, z) ∧ x=f(u, y)whereas y≠f 1 (x) becomes ∃u.u=f 1 (x) ∧ y≠u). Theresult is a disjunction of well-defined existentially quantifiedconjunctions of unnested literals. Apply rules ELNGto eliminate negations of all atomic formulas except fordisequalities (e.g. if Σ = {f} then ¬Is f (x) becomesIs PRI (x)). ELNG rules may violate DNF; use DNF rulesagain to reestablish the normal form (this also applies toall subsequent rules that may violate DNF). Eliminateselector functions and constructor tests using rules SelEl(e.g. if f is a binary constructor, then ∃u. Is f (x) ∧ u=f 1 (x)7

ecomes ∃u, v 1 , v 2 . x=f(v 1 , v 2 ) ∧ u=v 1 ). The resultcontains only the relation and function symbols thatoccur in structural base formulas. Make sure each termvariable has a corresponding shape variable by applyingrules ShpInt. For example, ∃v 1 , v 2 . x=f(v 1 , v 2 )becomes ∃v 1 , v 2 , x s , v1 s, vs 2 . sh(v 1)=v1 s ∧ sh(v 2)=v2 s ∧sh(x)=x s ∧ x=f(v 1 , v 2 ). Next, apply congruenceclosure (CongCl) and occur check (OccChk). For example,∃x, u, v 1 , v 2 . x=f(v 1 , v 2 ) ∧ y=f(u, v 2 ) ∧ u=v 1becomes ∃x, u, v 2 . x=f(u, v 2 ) ∧ y=x, whereasx=f(u, v) ∧ u=f(x, v) becomes false. Use HomExprules to ensure that parameter term variables are mapped toparameter shape variables, non-parameter term variablesare mapped to non-parameter shape variables, and thatthe homomorphism property P3) of Definition 11 holds.Repeat CongCl and OccChk rules if needed. For example,∃v 1 , v 2 , x s , v1 s, vs 2 . sh(v 1)=v1 s ∧ sh(v 2)=v2 s ∧ sh(x)=xs ∧x=f(v 1 , v 2 ) becomes ∃v 1 , v 2 , x s , v1, s v2. s sh(v 1 )=v1 s ∧sh(v 2 )=v2 s ∧ sh(x)=xs ∧ x=f(v 1 , v 2 ) ∧ x s =f s (v1 s, vs 2 ).Eliminate all disequalities between term variables usingthe NEQEl rule, which is justified by the negation of theequivalence:t 1 = t 2 ⇐⇒ sh(t 1 ) = sh(t 2 ) ∧ |t 1 = t 2 | sh(t1) = 0 (4)For example, u≠x ∧ sh(u)=u s ∧ sh(x)=x s becomes((u s ≠x s )∨(u s =x s ∧|u≠x| u s≥1))∧sh(u)=u s ∧sh(x)=x s .Repeat previous stages (e.g. DNF, CongCl, OccChk) ifneeded. Convert all cardinality constraints into constraintson parameter term variables, using CCD rules justifiedby (1), e.g. |u≠v| u s=1 becomes (|u 1 ≠v 1 | u s1=0 ∧|u 2 ≠v 2 | u s2=1) ∨ (|u 1 ≠v 1 | u s1=1 ∧ |u 2 ≠v 2 | u s2=0)in the context of u=f(u 1 , v 1 ) ∧ v=f(v 1 , v 2 ) ∧u s =f s (u s 1 , us 2 ) ∧ sh(u)=sh(v)=us ∧ sh(u 1 )=sh(v 1 )=u s 1 ∧sh(u 2 )=sh(v 2 )=u s 2. Finally, to produce the formuladistinct(u s 1 , . . .,us n ) use ShDis to ensure that for every twoshape variables x s 1 and xs 2 occurring in the conjunctionexactly one of the conjuncts x s 1=x s 2 or x s 1≠x s 2 is present.2.5. Conversion to Quantifier-Free FormulasThe conversion from structural base formulas toquantifier-free formulas is the main phase of our quantifiereliminationalgorithm. We split this conversion into severalstages; Proposition 25 below summarizes the overall conversionprocess.Consider a structural base formula β ≡ ∃ū ∗ . C(¯x ∗ , ū ∗ )with free variables ¯x ∗ and internal variables ū ∗ , whereC(¯x ∗ , ū ∗ ) is quantifier-free. C(¯x ∗ , ū ∗ ) defines a relationbetween variables ¯x ∗ , ū ∗ . If this relation has a functionaldependence from the free variables ¯x ∗ to some internal variableu, with a term t(¯x ∗ ) such that C(¯x ∗ , ū ∗ ) |= u = t(¯x ∗ ),then the internal variable u can be replaced by t(¯x ∗ ) andthe quantification over u can be eliminated. This leads tothe notion of determinations.Definition 14 The set dets of variable determinations of astructural base formula β is the least set S of pairs 〈u ∗ , t ∗ 〉where u ∗ is an internal term or shape variable and t ∗ is aterm over the free variables of β, such such that:1. if x ∗ = u ∗ occurs in termBase or shapeBase for afree variable x ∗ , then 〈u ∗ , x ∗ 〉 ∈ S;2. if 〈u ∗ , t ∗ 〉 ∈ S and u ∗ = f ∗ (u ∗ 1 , . . . , u∗ k) occurs inshapeBase or termBase then{〈u ∗ 1, f1 ∗ (t ∗ )〉, . . . , 〈u ∗ k , f k ∗(t∗ )〉} ⊆ S;3. if {〈u ∗ 1 , t∗ 1 〉, . . . , 〈u∗ k , t∗ k 〉} ⊆ S andu ∗ = f ∗ (u ∗ 1, . . . , u ∗ k ) occurs in shapeBase ortermBase then 〈u ∗ , f ∗ (t ∗ 1 , . . .,t∗ k)〉 ∈ S;4. if 〈u, t〉 ∈ S and sh(u) = u s occurs in termHom then〈u s , sh(t)〉 ∈ S.Definition 15 An internal variable u ∗ is determined if〈u ∗ , t ∗ 〉 ∈ dets for some term t s . An internal variable isundetermined if it is not determined.Lemma 16 follows by induction using Definition 14.Lemma 16 Let β ≡ ∃ū. C(¯x ∗ , ū ∗ ) be a structural baseformula. If 〈u ∗ , t ∗ 〉 ∈ dets(β) then C(¯x ∗ , ū ∗ ) |= u ∗ = t ∗ .Corollary 17 Let β ≡ ∃〈u ∗ i 〉 i. C(¯x ∗ , 〈u ∗ i 〉 i) be a structuralbase formula such that each internal variable u ∗ i isdetermined by some term t ∗ i , that is, 〈u∗ i , t∗ i 〉 ∈ dets(β).Then β is equivalent to the well-defined quantifier-free formulaβ ′ ≡ C(¯x ∗ , 〈t ∗ i 〉 i).Proof. By Lemma 16 using the rule∃u.u = t ∧ φ(u) ⇐⇒ φ(t) (5)which holds when the term t is well-defined. If t is notwell-defined, then both β and β ′ evaluate to false.Our goal thus reduces to eliminating all undeterminedvariables from a structural base formula. We first show howto eliminate undetermined composed non-parameter termvariables.Lemma 18 Let u be an undetermined composed nonparameterterm variable in a structural base formula βsuch that u is a source i.e. no conjunct of the formu ′ =f(u 1 , . . .,u, . . .,u k ) occurs in termBase. Let β ′ be theresult of removing from β the variable u and all conjunctscontaining u. Then β is equivalent to β ′ .8

Proof. The conjunct containing sh(u) = u s in termHomis a consequence of the remaining conjuncts in β, so wemay drop it. The only remaining occurrence of u is in theatomic formula u=f(¯v) of termBase subformula. Applying(5) therefore makes u disappear from β.Corollary 19 (Composed Term Variable Elimination)Dropping all undetermined composed non-parameter termvariables from a structural base formula together with theconjuncts that contain them yields an equivalent structuralbase formula.Proof. If a structural base formula has an undeterminednon-parameter composed term variable, then it has an undeterminednon-parameter composed term variable that is asource. Repeatedly apply Lemma 18 to eliminate all undeterminednon-parameter term variables.Our next goal is to eliminate undetermined primitivenon-parameter term variables and undetermined parameterterm variables. The key insight is that these variables arerelated to the determined variables of a structural base formulaonly through the relations that are expressible in theproduct structure of the terms of the same shape. To clarifythe connection with the product-structure, let s ∈ P Sbe a shape and P (s) = {t ∈ P | sh(t) = s}. Defineη : P S → C ∗ where C ∗ is the set of finite sequencesof elements from C, as follows: η(c) = c if c ∈ C;η(f(t 1 , . . . , t k )) = η(t 1 ) · . . . · η(t k ) where l 1 · l 2 denotesthe concatenation of sequences l 1 and l 2 . Let η s = η| P (s)be the restriction of η to the set P (s) . Let m = |leaves(s)|.Observation 20 The map η s is an isomorphism of the substructureof P with the domain P (s) and the finite powerC m . Moreover,|φ(〈x j 〉 n j ) PE (s, 〈t j 〉 n j )| = |φ(〈x j 〉 n j ) Cm (〈η s (t j )〉 n j )|The following is the quantifier-elimination property that impliesFeferman-Vaught theorem [13, 30], [20, Section 9.6,Page 460] for the case of finite products.Lemma 21 Let k ≥ 0. Consider a formula α of the formα ≡ ∃u. ∧ pi=1 ψ i where each ψ i is a cardinality constraintof the form (|φ i |=k)(u, 〈u j 〉 n j ) or (|φ i|≥k)(u, 〈u j 〉 n j ). Thenα can be effectively transformed into α ′ where α ′ is a disjunctionof conjunctions of cardinality constraints of theform (|φ ′ i |=k)(〈u j〉 n j ) and (|φ′ i |≥k)(〈u j〉 n j ). The result α′is equivalent to α on each finite power C m .Lemma 22 is a direct consequence of Lemma 21 and Observation20.Lemma 22 Let k ≥ 0. Consider a formula α of the formα ≡ ∃u. sh(u) = u s ∧ ∧ ni=1 sh(u i) = u s ∧ ∧ pi=1 ψ ifor some shape variable u s where each ψ i is a cardinalityconstraint of the form (|φ i |=k)(u s , u, 〈u j 〉 n j ) or of the form(|φ i |≥k)(u s , u, 〈u j 〉 n j ). Then α can be effectively transformedinto the formula α ′ which is a disjunction of formulasof the formα ′ j ≡ ∧ ni=1 sh(u i) = u s ∧ ∧ qi=1 ψ′ i,jwhere each ψ ′ i,j is of the form (|φ′ i,j |=k)(us , 〈u j 〉 n j ) or(|φ ′ i,j |≥k)(us , 〈u j 〉 n j ). The resulting formula α′ is equivalentto α on all term powers P E .Lemma 23 (Term Parameter Elimination) Every structuralbase formula β without undetermined composed nonparameterterm variables can be effectively transformedinto an equivalent disjunction of structural base formulaswithout undetermined term variables.Proof. We show how to eliminate undetermined parameterterm variables and undetermined primitive non-parameterterm variables from β.Let u be an undetermined parameter term variable or anundetermined primitive non-parameter term variable. If uis a parameter variable then u does not occur in termBasebecause ¬(u + u ′ ) for all u ′ , and ¬(u ′′ + u) for all u ′′since there are no undetermined composed non-parameterterm variables. Therefore, u occurs only in termHom andcardin. If u is a primitive non-parameter term variable, thentermBase contains only one occurrence of u, namely theconjunct Is PRI (u), which is a consequence of the conjunctssh(u) = u s in termHom and u s = c s in shapeBase, so wedrop Is PRI (u). In both cases, the resulting formula containsu only in termHom and cardin.Let u s be the shape variable such that u s = sh(u) occursin termHom. Let ψ 1 , . . . , ψ p be all conjuncts of cardin thatcontain u. Each ψ i is of the form |φ| u s ≥ k i or |φ| u s = k iand for each variable u ′ free in φ the conjunct sh(u) = u soccurs in termHom. The structural base formula can thereforebe written in the form ∃ū ∗ . φ ∧α where α has the formas in Lemma 22. Applying Lemma 22 we eliminate u. Applyingrules DNF results in a disjunction of structural baseformulas. By repeating this process we eliminate all undeterminedparameter term variables and undetermined primitivenon-parameter term variables from a structural baseformula. Each of the resulting structural base formulas containsno undetermined term variables.Finally, we show how to eliminate the undetermined shapevariables.Lemma 24 (Shape Variable Elimination) Every structuralbase formula β without undetermined term variablescan be effectively transformed into an equivalent disjunctionof structural base formulas without undeterminedvariables.9

Proof Sketch. It remains to eliminate undetermined shapevariables from β. This process is similar to term algebraquantifier elimination [25, Section 3.4]; the key ingredientis Lemma 10, which relies on the fact that undeterminedparameter variables may take on infinitely many values. Wetherefore ensure that the conjuncts outside shapeBase donot constrain the undetermined parameter shape variablesto denote the values from a finite set.Consider an undetermined parameter shape variable u s .u s does not occur in termHom, because all term variablesare determined and a conjunct u s =sh(u) would implythat u s is determined as well. u s can thus occur onlyin cardin within some cardinality constraint |φ| u s=k or|φ| u s≥k. Moreover, formula φ in each such cardinality constraintis closed: otherwise φ would contain some free termvariable u and since all term variables are determined, u swould be determined as well.Let u s denote some shape s. Because φ is a closed formula,|φ| is equal to 0 if φ C =false and to the shape sizem = |leaves(s)| if φ C =true. (The fact that closed formulasreduce to the constraints on the domain size appears in[30, Theorem 3.36, Page 13]. In term powers, these constraintsbecome constraints on the size of the shape.) Wetransform β into the disjunction β 1 ∨ β 2 of base formulaswhere β 1 ≡ β ∧ prim(φ) and β 2 ≡ β ∧ prim(¬φ). Constraintsof the form prim(¬φ) ∧ |φ| u s=k reduce to 0=k,we replace them by true if k≡0 and false if k≢0. Onthe other hand, prim(φ) ∧ |φ| u s=k denotes the constraintm = k and prim(φ) ∧ |φ| u s≥k denotes m≥k. Hence,by repeating this process for every formula φ which appearsin some cardinality constraint |φ| u s=k or |φ| u s≥k,we obtain a conjunction of linear constraints of the formm = k and m ≥ k. These constraints specify a finiteor infinite set S ⊆ {0, 1, . . .} of possible sizes m. LetA = {s | |leaves(s)| ∈ S}. By nature of our constraints,if the set S is infinite then it contains an infinite intervalof form {m 0 , m 0 + 1, . . .}, so the set A is infinite. If Σcontains a unary constructor and S is nonempty, then A isalso infinite. If Σ contains no unary constructors and S isfinite then A is finite and we can effectively compute A.The cardinality constraints containing u s are thus equivalentto ∨ pi=1 us = t s i where A = {ts 1 , . . . , ts p }. Transform∨the structural base formula β into a disjunction of formulaspi=1 β i where β i results from β by replacing the cardinalityconstraints containing u s with u s = t s i . Convert each β ito a structural base formula by labelling the subterms of t s iwith internal shape variables using UNF rules, and by doingcase analysis on the equality between the new internalshape variables, using ShDis rule. By repeating this processfor all shape variables u s where the set S is finite, we obtainbase formulas where the set A is infinite for every undeterminedparameter shape variable u s . We may then eliminateall undetermined parameter and non-parameter shape variablesalong with the conjuncts that contain them. The resultis an equivalent formula because Lemma 10 implies that itis always possible to find the values of eliminated parametervariables, so their existence is a redundant condition. Wetherefore eliminate all undetermined shape variables and theresulting structural base formulas contain only determinedvariables.Proposition 25 (Struct. Base to Quantifier-Free) Everystructural base formula β can be effectively transformed toan equivalent well-defined quantifier-free formula φ.Proof. Apply Corollary 19, then Lemma 23, and thenLemma 24. All variables in the resulting disjunction ofstructural base formulas are determined, so each of themis equivalent to some quantifier free formula φ i by Corollary17. The disjunction ∨ i φ i is the desired quantifier-freeformula φ.Summary of Our Quantifier Elimination Algorithm.Consider a closed L P -formula φ. Convert φ to an extendedterm-powerformula φ 1 using (2). Convert φ 1 to prenexform φ 2 . Eliminate all quantifiers from φ 2 starting from theinnermost one, as follows. If φ 2 ≡ 〈Q i u ∗ i 〉 i∃v ∗ . ψ where ψis quantifier-free then apply Proposition 13, Proposition 12and then Proposition 25. If φ 2 ≡ 〈Q i u ∗ i 〉∀v∗ . ψ then consider〈Q i u ∗ i 〉.¬∃v∗ . ¬ψ and proceed as in the previous case.By applying Proposition 13 and Proposition 25 to the resultingvariable-free formula we obtain a propositional combinationof prim(φ) formulas. Theorem 3 then follows by (3).Acknowledgements We thank Albert Meyer, Jens Palsberg,Tim Priesnitz, Stefan Ratschan, Jakob Rehof, ZhendongSu, and anonymous reviewers for useful comments.References[1] A. Aiken, D. Kozen, and E. Wimmers. Decidability ofsystems of set constraints with negative constraints.Information and Computation, 122, 1995.[2] A. Aiken, E. L. Wimmers, and T. K. Lakshman. Soft typingwith conditional types. In Proc. 21st ACM POPL, pages163–173, New York, NY, 1994.[3] H. Ait-Kaci, A. Podelski, and G. Smolka. A featureconstraint system for logic programming with entailment.In Theoretical Computer Science, volume 122, pages263–283, January 1994.[4] R. M. Amadio and L. Cardelli. Subtyping recursive types.Transactions on Programming Languages and Systems,15(4):575–631, 1993.[5] L. O. Andersen. Program Analysis and Specialization ofthe C Programming Language. PhD thesis, DIKU,University of Copenhagen, 1994.[6] R. Backofen. A complete axiomatization of a theory withfeature and arity constraints. Journal of LogicProgramming, 24:37–72, 1995.10

[7] W. Charatonik and L. Pacholski. Set constraints withprojections are in NEXPTIME. In Proc. 35th AnnualSymposium on Foundations of Computer Science (FOCS),pages 642–653, 1994.[8] W. Charatonik and A. Podelski. Set constraints withintersection. In Proc. 12th IEEE LICS, pages 362–372,1997.[9] H. Comon and C. Delor. Equational formulae withmembership constraints. Information and Computation,112(2):167–216, 1994.[10] H. Comon and P. Lescanne. Equational problems anddisunification. Journal of Symbolic Computation, 7(3):371,1989.[11] K. J. Compton and C. W. Henson. A uniform method forproving lower bounds on the computational complexity oflogical theories. Annals of Pure and Applied Logic,48(1):1–79, July 1990.[12] R. Davies and F. Pfenning. Intersection types andcomputational effects. In Proc. ICFP, pages 198–208,2000.[13] S. Feferman and R. L. Vaught. The first order properties ofproducts of algebraic systems. Fundamenta Mathematicae,47:57–103, 1959.[14] J. Ferrante and C. W. Rackoff. The ComputationalComplexity of Logical Theories, volume 718 of LectureNotes in Mathematics. Springer-Verlag, 1979.[15] T. Freeman and F. Pfenning. Refinement types for ML. InProc. ACM PLDI, 1991.[16] A. Frey. Satisfying subtype inequalities in polynomialspace. Theoretical Computer Science, 277:105–117, 2002.[17] N. Heintze and O. Tardieu. Ultra-fast aliasing analysisusing CLA: A million lines of C code in a second. In Proc.ACM PLDI, 2001.[18] F. Henglein and J. Rehof. The complexity of subtypeentailment for simple types. In Proc. 12th IEEE LICS,pages 352–361, 1997.[19] M. Hoang and J. C. Mitchell. Lower bounds on typeinference with subtypes. In Proc. 22rd ACM POPL, pages176–185, 1995.[20] W. Hodges. Model Theory, volume 42 of Encyclopedia ofMathematics and its Applications. Cambridge UniversityPress, 1993.[21] T. Jim and J. Palsberg. Type inference in systems ofrecursive types with subtyping. http://www.cs.purdue.edu/homes/palsberg/, 1999.[22] M. Kerber and M. Kohlhase. A mechanization of strongKleene logic for partial functions. In A. Bundy, editor,Proc. 12th CADE, pages 371–385, Nancy, France, 1994.Springer Verlag, Berlin, Germany. LNAI 814.[23] S. C. Kleene. Introduction to Metamathematics. D. VanNostrand Company, Inc., Princeton, New Jersey, 1952. fifthreprint, 1967.[24] D. Kozen, J. Palsberg, and M. I. Schwartzbach. Efficientrecursive subtyping. Mathematical Structures in ComputerScience, 5(1):113–125, 1995.[25] V. Kuncak and M. Rinard. On the theory of structuralsubtyping. Technical Report 879, Laboratory for ComputerScience, Massachusetts Institute of Technology, 2003.[26] J. W. Lloyd. Foundations of Logic Programming.Springer-Verlag, 2nd edition, 1987.[27] M. J. Maher. Complete axiomatizations of the algebras ofthe finite, rational, and infinite trees. IEEE Symposium onLogic in Computer Science, 1988.[28] A. I. Mal’cev. The Metamathematics of Algebraic Systems,volume 66 of Studies in Logic and The Foundations ofMathematics. North Holland, 1971.[29] J. C. Mitchell. Type inference with simple types. Journal ofFunctional Programming, 1(3):245–285, 1991.[30] A. Mostowski. On direct products of theories. Journal ofSymbolic Logic, 17(1):1–31, March 1952.[31] M. Mueller and J. Niehren. Ordering constraints overfeature trees expressed in second-order monadic logic.Information and Computation, 159(1/2):22–58, 2000.[32] M. Mueller, J. Niehren, and R. Treinen. The first-ordertheory of ordering constraints over feature trees. DiscreteMathematics and Theoretical Computer Science,4(2):193–234, September 2001.[33] G. Nelson and D. C. Oppen. Fast decision proceduresbased on congruence closure. Journal of the ACM (JACM),27(2):356–364, 1980.[34] J. Palsberg and P. M. O’Keefe. A type system equivalent toflow analysis. Transactions on Programming Languagesand Systems, 17(4):576–599, July 1995.[35] F. Pottier. Simplifying subtyping constraints: A theory.Information and Computation, 170(2):153–183, Nov. 2001.[36] M. Presburger. über die vollständigkeit eines gewissensystems der aritmethik ganzer zahlen, in welchem dieaddition als einzige operation hervortritt. In ComptesRendus du premier Congrès des Mathématiciens des Paysslaves, Warsawa, pages 92–101, 1929.[37] W. C. Rounds. Feature logics. In J. v. Benthem and A. terMeulen, editors, Handbook of Logic and Language.Elsevier, 1997.[38] T. Rybina and A. Voronkov. A decision procedure for termalgebras with queues. ACM Transactions on ComputationalLogic (TOCL), 2(2):155–181, 2001.[39] V. Simonet. Type inference with structural subtyping: Afaithful formalization of an efficient constraint solver.Submitted for publication, Mar. 2003.[40] T. Skolem. Untersuchungen über die Axiome desKlassenkalküls and über “Produktations- undSummationsprobleme”, welche gewisse Klassen vonAussagen betreffen. Skrifter utgit av Vidnskapsselskapet iKristiania, I. klasse, no. 3, Oslo, 1919.[41] T. Sturm and V. Weispfenning. Quantifier elimination interm algebras: The case of finite languages. In V. G.Ganzha, E. W. Mayr, and E. V. Vorozhtsov, editors,Computer Algebra in Scientific Computing (CASC), TUMMuenchen, 2002.[42] Z. Su, A. Aiken, J. Niehren, T. Priesnitz, and R. Treinen.First-order theory of subtyping constraints. In Proc. 29thACM POPL, 2002.[43] A. Tarski. Arithmetical classes and types of algebraicallyclosed and real-closed fields. Bull. Amer. Math. Soc., 55,64, 1192, 1949.[44] A. Tarski. Arithmetical classes and types of booleanalgebras. Bull. Amer. Math. Soc., 55, 64, 1192, 1949.11

[45] J. Tiuryn. Subtype inequalities. In Proc. 7th IEEE LICS, SelEl: Selector and Test Elimination1992.C 1 ∨ (∃ȳ ∗ .C 2 ∧ Is f ∗(y ∗ )) →[46] R. Treinen. Feature trees over arbitrary structures. InC 1 ∨ (∃ȳ ∗ ∃¯z ∗ .C 2 ∧ y ∗ = f ∗ (¯z ∗ ))P. Blackburn and M. de Rijke, editors, Specifying SyntacticC 1 ∨ (∃ȳ ∗ .C 2 ∧ u ∗ =f ∗ (〈u ∗ i 〉 i) ∧ v ∗ =fj ∗ (u ∗ )) →Structures, chapter 7, pages 185–211. CSLI PublicationsC 1 ∨ (∃ȳ ∗ .C 2 ∧ u ∗ =f ∗ (〈u ∗ i 〉 i) ∧ v ∗ =u ∗ j)and FoLLI, 1997.[47] V. Trifonov and S. Smith. Subtyping constrained types. In ShpInt: Shape IntroductionProc. 3rd International Static Analysis Symposium, volumeC 1 ∨ (∃ū ∗ . C 2) → C 1 ∨ (∃ū ∗ , u s . sh(u)=u s ∧ C 2)1145 of LNCS, 1996.u occurs in C 2[48] I. Walukiewicz. Monadic second-order logic on tree-likeu s fresh shape variablestructures. Theoretical Computer Science,C 2 contains no sh(u) = u s′275(1–2):311–346, Mar. 2002.[49] M. Wand, P. M. O’Keefe, and J. Palsberg. StrongCongCl: Congruence Closurenormalization with non-structural subtyping. MathematicalC 1 ∨ (∃ȳ ∗ ∃u ∗Structures in Computer Science, 5(3):419–430, 1995.1∃u ∗ 2. u ∗ 1=u ∗ 2 ∧ C 2) →C 1 ∨ (∃ȳ ∗ ∃u ∗ 1. C 2(u ∗ 2 ↦→ u ∗ 1))C[u ∗ 1=f ∗ (¯z ∗ ) ∧ u ∗ 2=f ∗ (¯z ∗ )] → C[u ∗ 1=f ∗ (¯z ∗ ) ∧ u ∗ 2=u ∗ 1]Appendix: Transforming Quantifier Free FormulasC[u ∗ =f ∗ (¯z ∗ ) ∧ u ∗ =g ∗ (¯x ∗ )] → C[false], f ∗ ≢ g ∗to Structural Base FormulasC[u ∗ =f ∗ (ū ∗ ) ∧ u ∗ =f ∗ (¯v ∗ )] →C[u ∗ =f ∗ (ū ∗ ) ∧ u ∗ =f ∗ (¯v ∗ ) ∧ ∧ iu ∗ i =vi ∗ ]Rules are applied modulo associativity and commutativity of ∧, ∨C[u ∗ ≠u ∗ ] → C[false]and symmetry of equality =. Ē denotes a sequence of expressionsC[u ∗ =u ∗ ] → C[true]〈E i〉 i. The result of substituting term t for variable x in formulaC[P ∧ false] → C[false]C is denoted C(x ↦→ t).C[P ∨ false] → C[P]DNF: Disjunctive Normal FormC[P ∧ true] → C[P]C[P ∨ true] → C[true]C[¬(P ∧ Q)] → C[¬P ∨ ¬Q]C[¬(P ∨ Q)] → C[¬P ∧ ¬Q]OccChk: Occur CheckC[¬¬P] → C[P]C 1 ∨ β → C 1 whereC[P ∧ (Q ∨ R)] → C[(P ∧ Q) ∨ (P ∧ R)]β ≡ ∃ū.C 2 for C 2 conjunction of literalsu +WDNF: Disjunction of Well-Defined Conjunctionsβu for some variable uHomExp: Homomorphism Property and ExpansionF → DomCl(F) where F in DNFDomCl(∨ iC i) = ∨ iDomCl(C i)C[sh(u)=u s 1 ∧ sh(u)=u s 2] →DomCl(∧ iL i) = ∧ iDomCl(L i)C[sh(u)=u s 1 ∧ sh(u)=u s 2 ∧ u s 1 = u s 2]DomCl(R(¯t)) = R(¯t) ∧ DefCl(¯t)C 1 ∨ (∃ȳ ∗ .C 2 ∧ v=f(ū) ∧ sh(v)=v s ) →DomCl(¬R(¯t)) = ¬R(¯t) ∧ DefCl(¯t)DefCl(¯t) = V C 1 ∨ (∃ȳ ∗ ∃ū s .C 2 ∧ v=f(ū) ∧ sh(v)=v s{D f (¯s) |∧ v s =f s (ū s ) ∧ ∧ ish(u i) = u s i)f a partial function symbol of arity nC 1 ∨ (∃ȳ ∗ .C 2 ∧ v s =f s (ū s ) ∧ sh(v)=v s ) →D f the relation specifying the domain of fC 1 ∨ (∃ȳ ∗ ∃ū.C 2 ∧ v s =f s (ū s ) ∧ sh(v)=v sf(¯s) a subterm occuring in ¯t }∧ v=f(ū) ∧ ∧ ish(u i) = u s i)NEQEl: Term Disequality EliminationUNF: Unnested FormC[u 1≠u 2 ∧ sh(u 1)=u s 1 ∧ sh(u 2)=u s 2] →C 1 ∨ (∃ȳ.C 2[f(¯x)]) → C 1 ∨ (∃ȳ∃z.z=f(¯x) ∧ C 2[z]) whereC[(u s 1 ≠ u s 2 ∨ (u s 1 ≠ u s 2 ∧ |u 1 ≠ u 2| u sC 2[f(¯x)] a conjunction of literals1≥ 1)) ∧sh(u 1)=u s 1 ∧ sh(u 2)=u s 2]occurence C 2[ ] not in a literal of form w = f(¯x)C 1 ∨ (∃ȳ.C 2) → C 1 ∨ (∃ȳ∃u.u=x ∧ C 2(x ↦→ u)) where CCD: Cardinality Constraint Decompositionu a fresh variablex a free variable s.t. C 2 contains no u ′ =x for u ′ C 1[|φ(〈f(〈u ij〉 j)〉 i)| u s=k] →boundC W 1[ {∧ j|φ(〈u ij〉 i)| u sj=k j | Σ jk j = k } ∧ C 2]ELNG: Negative Literal EliminationC 1[|φ(〈f(〈u ij〉 j)〉 i)| u s≥k] →C[¬Is f (y)] → C[Is PRI (y) ∨ W C W 1[ {∧ j|φ(〈u ij〉 i)| u sj≥k j | Σ jk j = k } ∧ C 2]{Is g(y) | g ∈ Σ \ {f} }]C[¬Is PRI (y)] → C[ W where C 2 contains{Is g(y) | g ∈ Σ }]C[¬Is f s(y s )] → C[Is c s(y s ) ∨ W u s = f(〈u s j〉 j) ∧ V{Is g s(y s i,j sh(uij)=us j) | g ∈ Σ \ {f} }]C[¬Is c s(y s )] → C[ W {Is g s(y s ShDis: Shape Distinction) | g ∈ Σ }]C[¬|φ| u s=k] → C[|φ| u s≥k+1 ∨ W k−1i=0 |φ|us=i]C[¬|φ| u s≥k] → C[ W C 1 ∨ (∃ū ∗ .C 2) → C 1 ∨ (∃ū ∗ .(u s i = u s j ∨ u s i ≠ u s j) ∧ C 2)k−1i=0 |φ|us=i]12