Answer Set Programming for
Synthesis, Inference, and Search

PhD Thesis Proposal

Ziyi Yang

School of Computing, National University of Singapore

Advisor: Ilya Sergey

Formal Methods — Widely Used

PL / Security / Hardware
Math / PL theory
Static analysis on C, Java, etc
SAT + first-order theories
Dependent types
Separation logic
All built upon → Formal Specification

Discovery Problem: Specs Are Hard to Write

Heap Verification (Separation Logic)

DLL segment predicate — 5 parameters:

dll(x, a, y, b, S)

a n₁ val=3 n₂ val=7 y next prev ↑ x n₂.next=y; n₁.prev=a b = n₂.next  ·  S = {3,7}

4 location params: x (head), a (x.prev), y (end sentinel), b (y.prev)  ·  1 pure param: S (payload set)
Requires dual expertise: SL syntax + data-structure invariants

Distributed Protocols (First-Order Logic)

Paxos inductive invariant (one of 4+ needed):

invariant
  forall R1:round, R2:round,
         V1:value, V2:value, Q:quorum.
    !le(R2,R1) & proposal(R2,V2)
    & V1 != V2 ->
      exists N:node.
        member(N,Q)
        & left_round(N,R1)
        & !vote(N,R1,V1)
Both require significant expert effort — for every new data structure or protocol

Modelling Problem: Intent → Spec Language

N-Queens (n=4)

Place n queens: no two share a
row, column, or diagonal

SAT — propositional CNF 

% at-least-one per row (n clauses):
(q(1,1)∨q(1,2)∨q(1,3)∨q(1,4)), (q(2,1)∨…), …
% at-most-one per row (n·C(n,2) clauses):
(¬q(1,1)∨¬q(1,2)), (¬q(1,1)∨¬q(1,3)), …
% col uniqueness + diagonal: similarly
…

ASP — requires auxiliary predicate 

{ queen(R,C) } :- row(R), col(C).
atrow(R) :- queen(R,C).      % ← not in the problem statement
:- row(R), not atrow(R).
…
:- queen(R,C1), queen(R,C2), C1 != C2.
:- queen(R1,C), queen(R2,C), R1 != R2.
:- queen(R1,C1), queen(R2,C2),
   R1 != R2, |R1-R2| == |C1-C2|.
Formal   Specification
Discovery problem
what is the correct specification?
Modelling problem
how to encode the specification?
Why hard (Discovery)
  • Requiring dual knowledge on logic and domain
  • Correct specification is obscure
Why hard (Modelling)
  • Distance between intent and modelling language
  • Efficiency of modelling requires solver expertise
Specification Bottleneck

Addressing the Bottleneck

Discovery → Inductive Synthesis

  • Learn predicates/invariants from examples

Modelling → Declarative Transformation

  • General specification language translated into solver-specific format
Unifying Theme: Answer Set Programming

ASP: both a Synthesis engine and a Compilation target

Background

Answer Set Programming (ASP) and its Relatives

SAT/Datalog

Propositional Satisfiability (SAT)

CNF form

$\phi = \bigwedge_i C_i, \; C_i = \bigvee_j l_{ij}$

Find a truth assignment $I$ such that $I \models \phi$.

Example

$a \leftrightarrow b$  ≡  $(\neg a \lor b) \land (\neg b \lor a)$

Models: $\{\}$ and $\{a,b\}$.

Low-level format, but highly optimised solvers can handle millions of variables and clauses.

Datalog (Grounded)

Rules (Horn clauses)

A :- B1, B2, ..., Bm.

Least model = least fixed point of $T_P$ (monotone derivation).

Example (reachability — grounded rules)

edge(a,b). edge(b,c). edge(c,d).
reach(b).
reach(c) :- edge(b,c), reach(b).
reach(d) :- edge(c,d), reach(c).

Model:
{ edge(a,b), edge(b,c), edge(c,d),
  reach(b), reach(c), reach(d) }

a b c d reach c reach ① reach(c) :- edge(b,c), reach(b). d reach ② reach(d) :- edge(c,d), reach(c).

Contrast with implication

Datalog: a :- b. b :- a. ⇒ least model $\emptyset$.

Logic: $(b \rightarrow a) \land (a \rightarrow b)$ has models $\{a,b\}$ and $\emptyset$.

Answer Set Programming (ASP)

Normal logic programs

$H \;\texttt{:-}\; B_1,\dots,B_m,\; \texttt{not}\; C_1,\dots,\texttt{not}\; C_n.$

Unstratified default negation creates non-determinism.

Example

a :- not b.
b :- not a.

Stable models: {a} or {b}.

Integrity Constraints — Pruning Stable Models

Form

#false :- B1, B2, …, Bm.

Usually written with the head omitted: :- B1, …, Bm.

Constraint rule: remove any stable model where $B_1 \land \cdots \land B_m$ holds.

Intuition: "it must never be the case that …" — a hard pruning rule.

Example — adding a constraint

a :- not b.
b :- not a.
:- b.        % b must not hold

Without constraint: stable models {a} and {b}.

With :- b.: only {a} survives.

ASP Extensions

Choice rules

Generate: include atom or not

b.
{ a } :- b.

Stable models:

{b}       % a not chosen
{a, b}   % a chosen

Aggregates

Compact counting constraints

{p(1)}. {p(2)}.
:- #count{X : p(X)} != 2.

Grounded form:

:- #count{1:p(1); 2:p(2)} != 2.
% count = 2, constraint satisfied
% answer set: {p(1), p(2)}

First-Order Rules: Program → Grounding → Solving

① Program

dom(a). dom(b). dom(c).
edge(a,b). edge(b,c).
reach(a).
reach(Y) :-
  edge(X,Y),
  reach(X).

First-order rules with variables — concise and declarative

② Grounding

Instantiate variables over domain:

reach(a).
reach(b) :- edge(a,b), reach(a).
reach(b) :- edge(b,b), reach(b).
reach(c) :- edge(b,c), reach(b).
…  (dn rules for n vars, domain d)

Ground program: propositional — no variables left

③ Solving

CDCL finds stable models of ground program:

{ dom(a), dom(b), dom(c),
  edge(a,b), edge(b,c),
  reach(a), reach(b),
  reach(c) }

Answer set = solution

Grounding bottleneck: $n$ variables over domain size $d$ → $d^n$ ground rules. Different from SAT for grounding: SAT takes ground clauses directly; ASP lifts to first-order and grounds automatically.

Thesis Roadmap: An ASP-Centric Approach

"This thesis addresses both dimensions of the Specification Bottleneck: it uses Answer Set Programming (ASP) to tackle the Discovery Problem (Part I) in formal methods, and resolves the Modelling Problem of ASP itself (Part II)."

Part I.1 · OOPSLA'25

Sippy

ASP as Synthesis Engine

Discovery Problem: synthesise Separation Logic (SL) heap predicates from positive memory graphs — no negative examples required.

Part I.2 · ICLP'25

FORCE

ASP as Inference Engine

Discovery Problem: infer First-Order Logic invariants for distributed protocols via ASP-driven top-down enumeration and pruning.

Part II · Submitted

SetLah!

Resolving ASP's Bottleneck

Modelling Problem: a semi-declarative language bridging arbitrary FOL constraints and efficient ASP solvers via automated compilation.

Part I.1

Sippy

Synthesising Separation Logic Predicates

Inductive Synthesis of Inductive Heap Predicates
with Ilya Sergey  ·  OOPSLA 2025

Separation Logic in Formal Methods

Verification

GRASShopper, Verifast
verify heap-manipulating programs

Analysis

Facebook Infer, Pulse
find memory bugs at scale

Synthesis

SuSLik, Fiat
synthesise provably-correct programs

An essential ingredient: inductive predicates

Every SL tool requires you to supply predicates that describe recursive heap structures — linked lists, trees, their payload constraints. These are the specifications that make SL work.

Inductive Predicates: What and Why

list: heap sequence of values ending at nil — base + inductive case, separating conjunction *

We want more: a sorted list tracking its payload set $S$
→ predicate srtl(x, S)

Why hard to write?

  • Separating conjunction *: non-trivial disjoint-heap reasoning
  • Recursion + existentials: base case, inductive case, pointer ∃j
  • Pure payload constraint: min_set(V, S) embedded in recursion
Can we synthesise them automatically from examples?

Goal: Learn SL Predicates from Memory Graphs

Input: Memory Graphs (positive examples)

Output: SL Predicate

Includes min_set — the pure constraint enforcing sortedness

Inductive Logic Programming (Popper)

The ILP setting

Given positive examples $E^+$ and negative examples $E^-$, find the smallest logic program $H$ s.t. $H \cup B \models E^+$ and $H \cup B \not\models E^-$

Popper's generate–test–prune loop:

Generate candidate H via ASP Test against E⁺, E⁻ if fail Prune search space via ASP ↩ repeat until solved
Works well for relational domains. But for heap memory… what is a negative example?

Sippy: Why We Need Positive-Only Learning

Positive examples (sorted lists): E₁ key=3 key=7 nil E₂ key=1 key=4 key=9 nil What predicate covers both E₁ and E₂? ⊤ (true) sll(x, s) srtl(x, s) ⊥ (overfitted) gen / spec lattice ✓ E₁,E₂ ✓ E₁,E₂ Without negatives: ILP finds sll(x,s) first — shortest that covers E₁,E₂ But we want srtl(x,s) — more specific, with sorted order constraint E₃ (neg) key=7 key=3 unsorted! ✗ E₃ ✓ rejects E₃ E₃ discriminates sll(x,s) from srtl — but what is "not a sorted list" as a heap? Without negatives — ILP returns: ✗ missing min_set — sortedness not enforced Sippy (POL) — correct predicate: ✓ min_set: head value is minimum of payload set
ILP conditions (formal):   Positive: $\forall e^+ \in \mathit{Pos},\ P(e^+)$  ·  Negative: $\forall P' \subsetneq P,\ \exists e^- \in \mathit{Neg},\ P'(e^-) \land \lnot P(e^-)$
POL: what's the good predicate without Neg?

Positive-Only Learning (POL)

Without negatives: most general hypothesis covering $p_1, p_2$ (top dot).
With $n_1$: pushed down to the intersection excluding $n_1$ (middle dot).
POL: SL entailment plays the role of $n_1$ — narrows to the most specific consistent hypothesis.

Specificity order on candidate predicates:

f2 is strictly more specific than f1f1 is redundant and pruned.

Candidate search space normalised by entailment:
each equivalence class under $\models_{SL}$ contains only one representative — the most specific member. ILP then searches over these classes, not raw predicates.

Expressing SL Knowledge as Pruning

Separating conjunction
x :-> 1 * x :-> 2
Restricted null pointernull(x) * x :-> 1 is unsatisfiable
~200
lines of ASP
Pruning happens before expensive Prolog validity testing. Dramatically reduces the number of candidates evaluated.

The Sippy System

Grippy (GGen): annotate program with assert; ASP generates valid memory graphs automatically
Sippy: Popper extended with POL + SL knowledge (~200 lines ASP); outputs heap predicates for verification, synthesis, and other applications

Sippy: Results

Downstream: using predicates in synthesiser and verifier

Sippy: Takeaways

(Project) Positive-Only Learning

  • Logical entailment for predicate specificity
  • SL knowledge for pruning

(ASP) Flexible Pruning Language

  • Integrity constraints encode domain knowledge
  • Incremental ASP solving handles dynamic updates
Part I.2

FORCE

First-Order inductive invariant synthesis via Orthogonal sliCEs

Inductive Synthesis of First-Order Formulas
with George Pîrlea and Ilya Sergey  ·  ICLP 2025

Transition Systems Verification

A transition system $\mathcal{T} = \langle S, I, T \rangle$:

  • $S$: set of FO states over vocabulary $\Sigma$ (nodes, quorums, messages, …)
  • $I(V) \subseteq S$: initial states
  • $T(V,V') \subseteq S \times S$: transition relation (protocol actions)
Safety: every reachable state must lie in $P$.
Cannot be proved by simulation (a.k.a. model checking) alone, via inductive invariant $\mathit{Inv}$ instead.

Example: Paxos in Ivy (relations, actions, safety property)

Inductive Invariants: Hard to Write, Essential to Have

$\mathit{Inv}$ must satisfy three conditions simultaneously:

Initiation: $\forall V.\ I(V) \rightarrow \mathit{Inv}(V)$
holds in all initial states
Consecution: $\forall V,V'.\ \mathit{Inv}(V) \land T(V,V') \rightarrow \mathit{Inv}(V')$
preserved across every transition
Safety: $\forall V.\ \mathit{Inv}(V) \rightarrow P(V)$
implies the safety property
For Paxos, the invariant is a conjunction of 6+ FOL formulas over 5 relations — non-trivial to find manually.

The manual Paxos inductive invariant (Ivy syntax):

State of the Art: DuoAI

DuoAI (OSDI '22)

  • Enumerate all FOL formulas satisfied by protocol traces
  • Houdini: iteratively prune to strongest consistent subset
  • Implication graph: avoid re-testing formulas implied by checked ones
  • Handles Paxos, FlexiblePaxos, Multi-Paxos, …
Scalability gap: Paxos 60.4 s  ·  MultiPaxos 1549 s
Enumeration dominates — each root formula prunes very few leaves.

DuoAI invariant output for Paxos:

FORCE targets the synthesis sub-routine inside DuoAI (and similar tools) — a faster enumeration engine with stronger pruning improves every framework that calls it.

Invariant Synthesis: A Common Sub-Routine

Traces (one-shot) or counter-examples (multi-shot) both feed into the same synthesis core.

State of the art: DuoAI

  • Enumerate + Houdini: finds all FOL formulas satisfied by example traces
  • Implication graph: pruning satisfied roots skips implied leaves
  • Successfully handles Paxos, FlexPaxos, and more
Scalability limit: enumeration dominates at scale
Paxos: 60.4 s  |  MultiPaxos: 1549 s
FORCE: improve the synthesis sub-routine itself — applicable to both one-shot and multi-shot inference frameworks.

The FO Synthesis Problem

Definition

Given: bounded search space $\Omega_0$ + a set of FO structures $\sigma = \{M_1,\ldots,M_k\}$

Find: $\Phi \subseteq \Omega_0$ s.t. every $\phi \in \Phi$:

  1. $\forall M \in \sigma.\ M \models \phi$   (satisfies all structures)
  2. is closed (no free variables)
  3. is non-tautological
  4. no formula in $\Phi$ entails another   (most precise set)
Instantiated for invariant synthesis: $\sigma$ = protocol traces; $\Omega_0$ = prenex-DNF formulas over the protocol vocabulary. The conjunction of $\Phi$ is the candidate invariant.

Tiny example

$\Sigma$: monadic predicates $\{p, q, r\}$, variable $X$

$\Omega_0$: $\forall X.\ \mathit{lit}_1$ or $\forall X.\ \mathit{lit}_1 \lor \mathit{lit}_2$ — 42 formulas

Structures:

  • $M_1$: $p{=}\{x_0,x_1\}$, $q{=}\{x_1,x_2\}$, $r{=}\{x_0,x_1\}$
  • $M_2$: $p{=}\{x_0,x_1\}$, $q{=}\{x_0,x_2\}$, $r{=}\{x_0\}$

Output $\Phi$:

$\forall X.\ p(X) \lor q(X)$

$\forall X.\ p(X) \lor \neg r(X)$

Both satisfied by $M_1$ and $M_2$; neither entails the other.

ASP Encoding: The Synthesis–ASP Correspondence

Each ASP answer set = one candidate FOL formula, making ASP the natural choice for enumeration + pruning.

Core ASP encoding:

{ holds(I,J) } :- clause(I), lit(J).   % choose literals
:- holds(I,J), holds(I,K), neg(J,K).   % no P and ¬P in same clause
Static pruning via constraints:
  • Symmetry: permute quantifier variables to canonical form
  • Decomposability: if $A \equiv B \land C$, prune $A$ (search $B$ and $C$ separately)
250 + 80 lines of ASP encoding the entire search space and pruning rules.

Prior Work on Dynamic Pruning: DuoAI's Implication Graph

Example: invariant search over {P, Q, R, S}, prefix ∀X ∀X. P(X) ∨ (R(X) ∧ S(X)) F₃ — more specific (root) ∀X. P(X) ∨ R(X) F₁ — more general ∀X. P(X) ∨ S(X) F₂ — more general F₃ ⊨ F₁ and F₃ ⊨ F₂ ∀X. P(X) ∨ (R(X) ∧ S(X)) F₃ ✓ satisfied by examples ∀X. P(X) ∨ R(X) F₁ — implied by F₃ ✓ → skip ∀X. P(X) ∨ S(X) F₂ — implied by F₃ ✓ → skip DuoAI: prune by satisfied formulas — satisfied root ✓ → skip all implied leaves Bottleneck: O(n⁵) root nodes to enumerate — each prunes only O(n²) leaves

FORCE: DNF Modulo Clauses

FORCE reversal of DuoAI — same search space, now bottom-up: test clauses (C₁, C₂, …) first, then build DNF candidates Phase 1 — Enumerate Clauses (disjunctions of literals only — O(n²) total) ∀X. P(X) ∨ R(X) C₁ ∀X. P(X) ∨ S(X) C₂ ∀X. Q(X) ∨ R(X) C₃ ··· ∀X. P(X) ∨ R(X) C₁ ∀X. P(X) ∨ S(X) C₂ ∀X. Q(X) ∨ R(X) C₃ Phase 2 — DNF Modulo Clauses candidate only if ALL (pick-one-literal-per-cube) clauses are in Φ_c ∀X. P(X) ∨ (R(X) ∧ S(X)) cubes {P} and {R,S} → entails P∨R and P∨S C₁ ✓ and C₂ ✓ → candidate (= F₃ from previous slide) ∀X. (P(X) ∧ Q(X)) ∨ R(X) cubes {P,Q} and {R} → entails Q∨R C₃ (Q∨R) ✗ → excluded, never tested Key insight: using the results of small search spaces (clauses) to build larger ones (DNF other than clauses)

FORCE: Why "Orthogonal"?

Full prenex-DNF candidate space (exponential — all possible DNF formulas over n atoms) complex root simple leaf DuoAI: ↓ per column large small DuoAI's implication graph Φ_c : satisfied clauses — SplitDNF boundary Phase 2 Phase 2 DNF formulas
Orthogonal: SplitTem (vertical, DuoAI) and SplitDNF (horizontal, FORCE) act on independent axes — combined, surviving space is exponential only in |Φc| ≪ n.

FORCE: Results

FORCE: Takeaways

(Project) Novel FOL Search Pruning

  • DNF modulo clauses
  • Partial order for slicing the search space
  • Orthogonal partial orders make pruning by satisfied and unsatisfied formulas work together

(ASP) The Correspondence to Set Operations

  • Choice rules generate literals; constraints prune
  • Effective static and dynamic pruning
Part II

SetLah!

A FOL-based Modelling Language for Combinatorial Search via ASP

Semi-Declarative Language for Combinatorial Search
with Ilya Sergey  ·  In submission

The Irony: ASP Has a Modelling Problem

ASP ≥ SAT + Datalog

  • SAT: hard combinatorial search via CDCL solvers
  • Datalog: recursive derivation, structured rules
  • ASP: both — generate & prune with stable model semantics

Clingo: parallelism, multishot, optimisation, propagators

13+ equivalent definitions of stable model — grounded in Circumscription, Default Logic, Autoepistemic Logic, … all uncommon formalisms. Semantics is non-trivial.

But ASP is hard to write

Real ASP encoding far from "normal logic programs".

Running Example: Latin Square

n×n array filled with 1..n,
each value exactly once per row
and per column.

1 2 3
2 3 1
3 1 2

n=3 shown

SAT — CNF

% each cell exactly one number:
∧R,C(∨A l(R,C,A)) ∧ ∧R,C,A1<A2(¬l(R,C,A1)∨¬l(R,C,A2))
% row uniqueness (at-most-one per row):
∧R,A,C1<C2(¬l(R,C1,A)∨¬l(R,C2,A))
% col uniqueness (at-most-one per col):
∧C,A,R1<R2(¬l(R1,C,A)∨¬l(R2,C,A))
% n=10: >12,000 clauses — enumerate all manually

ASP — requires auxiliary predicate

{ l(R,C,A) } :- dom(R), dom(C), dom(A).
latin_aux(R,C) :- l(R,C,A).    % ← auxiliary: not in the problem
:- dom(R), dom(C), not latin_aux(R,C).
:- dom(R), dom(C), l(R,C,A1),  l(R,C,A2),  A1 < A2.
:- dom(R), dom(A), l(R,C1,A),  l(R,C2,A),  C1 < C2.
:- dom(C), dom(A), l(R1,C,A),  l(R2,C,A),  R1 < R2.

SetLah! — direct FOL

l(R,C,A) ?:- dom(R), dom(C), dom(A).
∀R,C. (∃A. l(R,C,A) ∧ ∀A1,A2. l(R,C,A1)∧l(R,C,A2)→A1=A2)
∀R,A,C1,C2. l(R,C1,A) ∧ l(R,C2,A) → C1=C2
∀C,A,R1,R2. l(R1,C,A) ∧ l(R2,C,A) → R1=R2

Reads as the problem statement · compiled automatically to ASP

ASP Constraints: Restricted FOL

First-Order Integrity Constraint (IC)

Universal formula with $\bot$ as consequent:

$\forall \bar{x}.\ \varphi(\bar{x}) \rightarrow \bot$

Equivalently: $\neg\exists\bar{x}.\ \varphi(\bar{x})$ — no model of $\varphi$ should exist.

Native ASP rule: :- Body.  $\longleftrightarrow$  $\forall \bar{x}.\ \underbrace{\mathit{Body}(\bar{x})}_{\varphi} \rightarrow \bot$

Gap: quantifier alternation (e.g., $\forall\exists$) makes formula non-IC.
SetLah! compiles any FOL constraint into IC form.
Compilation target: IC (+ auxiliary atoms/aggregates) — ready for the ASP grounder.

✓ "At most one" per cell — IS IC:

$\forall R,C,A_1,A_2.\ l(R,C,A_1)\wedge l(R,C,A_2) \rightarrow A_1=A_2$

:- l(R,C,A1), l(R,C,A2), A1 != A2.

Pure implication — no existential. Directly expressible as IC.

✗ "Exactly one" per cell — cannot be expressed as IC:

$\forall R,C.\ \bigl(\exists A.\ l(R,C,A)\bigr)\ \wedge\ \bigl(\forall A_1,A_2.\ l(R,C,A_1)\wedge l(R,C,A_2)\to A_1=A_2\bigr)$

Graeco-Latin Square: Stratified Blocks + Orthogonality

Two Latin squares l, g on the same grid: every pair $(l(R,C), g(R,C))$ appears in exactly one cell.

1 2 3 2 3 1 3 1 2 1 3 2 2 1 3 3 2 1

blue = l  ·  green = g

SetLah! — three stratified blocks 

[dom(1). dom(2). dom(3).]             % Block 1: domain

[  % Block 2 — Latin square l
  l(R,C,A) ?:- dom(R), dom(C), dom(A).
  ∀R,C. (∃A. l(R,C,A) ∧ ∀A1,A2. l(R,C,A1)∧l(R,C,A2)→A1=A2)
  ∀R,A,C1,C2. l(R,C1,A) ∧ l(R,C2,A) → C1=C2
  ∀C,A,R1,R2. l(R1,C,A) ∧ l(R2,C,A) → R1=R2
]

[  % Block 3 — Latin square g + orthogonality
  g(R,C,B) ?:- dom(R), dom(C), dom(B).
  ∀R,C. (∃B. g(R,C,B) ∧ ∀B1,B2. g(R,C,B1)∧g(R,C,B2)→B1=B2)
  ∀R,B,C1,C2. g(R,C1,B) ∧ g(R,C2,B) → C1=C2
  ∀C,B,R1,R2. g(R1,C,B) ∧ g(R2,C,B) → R1=R2
  ∀A,B. ∃R,C. l(R,C,A) ∧ g(R,C,B)   % orthogonality: each pair once
]
Euler's conjecture (1782): no GL-square for $n \equiv 2 \pmod{4}$. Disproved ~180 years later.
SetLah! finds a counterexample for $n{=}10$ in 10 minutes.

SetLah!: Three Design Pillars

Block-Based Syntax

  • ?:- separates generation from checking, and emits negation in rules
  • Constraints written as FOL, not ASP idioms
  • Sub-problems decompose into independent blocks

PCLP Semantics

  • Positive Choice Logic Programming
  • Branching fixpoint; sound FOL + choice foundation

Modular Rewriting

  • Phase-by-phase compilation pipeline
  • FOL → splitting → QE → desugaring
  • Optimisation for grounding/solving-heavy problems

Compilation: Splitting + Quantifier Elimination

Phase 1 — Conjunction Splitting

"Exactly one" has 5 variables $(R,C,A,A_1,A_2)$ — naively $d^5$ ground rules:

$\forall R,C.\ \bigl(\underbrace{\exists A.\ l(R,C,A)}_{\text{3 vars}}\ \wedge\ \underbrace{\forall A_1,A_2.\ l(R,C,A_1)\wedge l(R,C,A_2)\to A_1\!=\!A_2}_{\text{4 vars}}\bigr)$

✓ "At most one" — already IC
$\forall R,C,A_1,A_2.\ l(R,C,A_1)\wedge l(R,C,A_2)\to A_1\!=\!A_2$
4 vars $(R,C,A_1,A_2)$, shared $(R,C)$ → $d^4$
✗ "At least one" — not IC, needs QE
$\forall R,C.\ \exists A.\ l(R,C,A)$
3 vars $(R,C,A)$ → $d^3$
→ Phase 2

Split at shared $(R,C)$: $d^4 + d^3$ instead of $d^5$.

Phase 2 — Quantifier Elimination on $\forall R,C.\ \exists A.\ l(R,C,A)$

Aggregate-based
$\exists A.\ l(R,C,A)$ $\;\longrightarrow\;$ #count{A:l(R,C,A)}>=1
Result IC: :- #count{A:l(R,C,A)}=0.
Auxiliary-based
aux(R,C) :- l(R,C,A).
:- dom(R), dom(C), not aux(R,C).
Eliminates $\exists$ without grounding explosion

Both produce IC form — $\forall\bar{x}.\,\varphi(\bar{x})\to\bot$ — ready for the ASP grounder.

Compilation runs once (~1–5 s), model-preserving. Resulting ASP reused across all instances.

SetLah!: Results I — Graeco-Latin Square

SetLah!: Results II — Alloy Benchmarks

SetLah!: Results III — Q-Synth (Quantum Circuit Layout Synthesis)

Q-Synth (original)

600 lines of pySAT code — manual CNF encoding of the paper's formulas

SetLah! encoding

Same FOL formulas as in the paper — written directly in 100 lines of SetLah!, compiled automatically

SetLah!: Takeaways

(Project) FOL → ASP Transformation

  • Conjunction splitting reduces the variable instantiation effort
  • Quantifier elimination: enabling arbitrary FOL formulas to ASP constraints
  • Analogous to Tseitin transformation, but first-ordered
  • Compile once, solve many

(ASP) Under Appreciated

  • The way to achieve first-ordered combinatorial search (not SMT!)
  • Prominent system Clingo: on both features and performance
  • Potential for combining with Datalog rewriting

Positions of the Thesis

For the PL Community

  • Inductive generalisation is not dying
  • SMT is not first-order SAT
  • Synthesise the synthesiser

In the LLM Era

  • Constraint solving is not dying
  • Specialised languages are the next frontier
  • SetLah! as the mid-ground
The recursive irony: ASP is a natural answer to the specification bottleneck — and, self-referentially, a compelling instance of it.

Research Progression

Program Transformation Yang et al., FLOPS 2022 Separation Logic Young et al., ECOOP 2024 Synthesis Sippy Part I.1 Logic Programming (ASP) FORCE Part I.2 First-Order Logic (FOL) SetLah! Part II E-graphs Hardware Synthesis Combinatorial Search

Future Directions

Extending SetLah!

  • Alternative backends: SAT, Datalog; SMT subset
  • More ASP features: optimisation, heuristics, etc.
  • Higher-order quantification
  • More applications

ASP × E-graphs

  • E-matching and extraction are NP-hard — natural ASP targets
  • ASP constraints prune equality saturation
  • E-graphs as efficient internal search-space representation for ASP synthesis

More Domains

  • Hardware synthesis: qubit layout, RTL verification
  • Theorem proving: shared techniques (E-matching, AIG) from hardware synthesis
  • Inductive synthesis as a cross-domain library

ASP-based E-graph Extraction

Solution quality — # instances beating the greedy baseline (higher = better)

Method babble
(173)		 herbie
(18)		 rover
(9)
asp-td 23 7 2
asp-bu 23 9 2
faster-ilp-cbc 23 3 3
ilp-cbc 17 0 0

ASP matches/beats ILP on quality — especially herbie (7–9 vs 0–3)

Runtime — geo-mean ratio vs asp-td  (lower = faster)

vs asp-td babble herbie rover
asp-bu 1.51 0.96 1.12
faster-ilp-cbc 0.78 1.94 0.49
ilp-cbc 3.32 3.26 1.67

asp-td: best balance; ilp-cbc is 3× slower on babble/herbie

Q & A

Thank You for Your Attention

Ziyi Yang  ·  National University of Singapore

Quick reference:

Sippy (Ch. 1)

Positive-only SL predicate synthesis + domain-specific pruning · OOPSLA'25

FORCE (Ch. 2)

FOL invariant synthesis via orthogonal slices + unified ASP framework · ICLP'25

SetLah! (Ch. 3)

Semi-declarative modelling language via PCLP + two-phase translation · Submitted