Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories. ACSys Seminar

Size: px
Start display at page:

Download "Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories. ACSys Seminar"

Transcription

1 Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories Yeting Ge Leonardo de Moura ACSys Seminar

2 Motivation SMT solvers have been successful Quantified smt formulas are useful Boogie, ESC/Java, Why,... Define customized theories Type system in ESC/Java x 1x 2x 3(subtype(x 1, x 2) subtype(x 2, x 3) subtype(x 1, x 3))

3 Motivation SMT solvers have been successful Quantified smt formulas are useful Boogie, ESC/Java, Why,... Define customized theories Type system in ESC/Java x 1x 2x 3(subtype(x 1, x 2) subtype(x 2, x 3) subtype(x 1, x 3)) Quantifier reasoning is a long-stranding challenge Mix of interpreted and uninterpreted symbols All interpreted Quantifier Elimination All uninterpreted ATP Quantified SMT formulas

4 Motivation SMT solvers have been successful Quantified smt formulas are useful Boogie, ESC/Java, Why,... Define customized theories Type system in ESC/Java x 1x 2x 3(subtype(x 1, x 2) subtype(x 2, x 3) subtype(x 1, x 3)) Quantifier reasoning is a long-stranding challenge Mix of interpreted and uninterpreted symbols All interpreted Quantifier Elimination All uninterpreted ATP Quantified SMT formulas The practical method: instantiation based on heuristics Simplify, Z3, CVC3,...

5 Instantiation based method For checking satisfiability: xp is satisfiable iff P[x/t 1 ] P[x/t 2 ]... is Acceptable performance

6 Instantiation based method For checking satisfiability: xp is satisfiable iff P[x/t 1 ] P[x/t 2 ]... is Acceptable performance Shortcomings Incomplete Is this the end of the world? Failure of proving a unsatisfiable case means false positive Mysterious heuristics A manual trigger?

7 Instantiation based method For checking satisfiability: xp is satisfiable iff P[x/t 1 ] P[x/t 2 ]... is Acceptable performance Shortcomings Incomplete Is this the end of the world? Failure of proving a unsatisfiable case means false positive Mysterious heuristics A manual trigger? Can we have a complete instantiation? Possible for some fragments

8 Complete instantiation Ad hoc methods. e.g. linked list (by Scott et al)

9 Complete instantiation Ad hoc methods. e.g. linked list (by Scott et al) Array property fragment, by Bradley et al (array as uninterpreted functions) x(i V ) I contains only conjunction and disjunction of x 1 x 2, no negation variables in V must appear as index of array read operation x, y(x y A[x] A[y]) (A is sorted)yes

10 Complete instantiation Ad hoc methods. e.g. linked list (by Scott et al) Array property fragment, by Bradley et al (array as uninterpreted functions) x(i V ) I contains only conjunction and disjunction of x 1 x 2, no negation variables in V must appear as index of array read operation x, y(x y A[x] A[y]) (A is sorted)yes x, y(x (y + 1) P(A[x], A[y]))

11 Complete instantiation Ad hoc methods. e.g. linked list (by Scott et al) Array property fragment, by Bradley et al (array as uninterpreted functions) x(i V ) I contains only conjunction and disjunction of x 1 x 2, no negation variables in V must appear as index of array read operation x, y(x y A[x] A[y]) (A is sorted)yes x, y(x (y + 1) P(A[x], A[y])) NO

12 Complete instantiation Ad hoc methods. e.g. linked list (by Scott et al) Array property fragment, by Bradley et al (array as uninterpreted functions) x(i V ) I contains only conjunction and disjunction of x 1 x 2, no negation variables in V must appear as index of array read operation x, y(x y A[x] A[y]) (A is sorted)yes x, y(x (y + 1) P(A[x], A[y])) NO x, y(x y P(A[x], y))

13 Complete instantiation Ad hoc methods. e.g. linked list (by Scott et al) Array property fragment, by Bradley et al (array as uninterpreted functions) x(i V ) I contains only conjunction and disjunction of x 1 x 2, no negation variables in V must appear as index of array read operation x, y(x y A[x] A[y]) (A is sorted)yes x, y(x (y + 1) P(A[x], A[y])) NO x, y(x y P(A[x], y)) NO

14 Complete instantiation Ad hoc methods. e.g. linked list (by Scott et al) Array property fragment, by Bradley et al (array as uninterpreted functions) x(i V ) I contains only conjunction and disjunction of x 1 x 2, no negation variables in V must appear as index of array read operation x, y(x y A[x] A[y]) (A is sorted)yes x, y(x (y + 1) P(A[x], A[y])) NO x, y(x y P(A[x], y)) NO x(x a P(A[B[x]]))

15 Complete instantiation Ad hoc methods. e.g. linked list (by Scott et al) Array property fragment, by Bradley et al (array as uninterpreted functions) x(i V ) I contains only conjunction and disjunction of x 1 x 2, no negation variables in V must appear as index of array read operation x, y(x y A[x] A[y]) (A is sorted)yes x, y(x (y + 1) P(A[x], A[y])) NO x, y(x y P(A[x], y)) NO x(x a P(A[B[x]])) NO

16 Complete instantiation Ad hoc methods. e.g. linked list (by Scott et al) Array property fragment, by Bradley et al (array as uninterpreted functions) x(i V ) I contains only conjunction and disjunction of x 1 x 2, no negation variables in V must appear as index of array read operation x, y(x y A[x] A[y]) (A is sorted)yes x, y(x (y + 1) P(A[x], A[y])) NO x, y(x y P(A[x], y)) NO x(x a P(A[B[x]])) NO x(x = 4 b P(A[B[x]]))

17 Complete instantiation Ad hoc methods. e.g. linked list (by Scott et al) Array property fragment, by Bradley et al (array as uninterpreted functions) x(i V ) I contains only conjunction and disjunction of x 1 x 2, no negation variables in V must appear as index of array read operation x, y(x y A[x] A[y]) (A is sorted)yes x, y(x (y + 1) P(A[x], A[y])) NO x, y(x y P(A[x], y)) NO x(x a P(A[B[x]])) NO x(x = 4 b P(A[B[x]])) NO

18 Complete instantiation Ad hoc methods. e.g. linked list (by Scott et al) Array property fragment, by Bradley et al (array as uninterpreted functions) x(i V ) I contains only conjunction and disjunction of x 1 x 2, no negation variables in V must appear as index of array read operation x, y(x y A[x] A[y]) (A is sorted)yes x, y(x (y + 1) P(A[x], A[y])) NO x, y(x y P(A[x], y)) NO x(x a P(A[B[x]])) NO x(x = 4 b P(A[B[x]])) NO Array property fragment is decidable Instantiations by using index set and bound set the real story

19 An example of modulo equality (from Shaz) Initialization of an array, suppose a pointer occupy 4 bytes p := begin pointer; while (p <= end pointer){ *p = value; p++; } A loop invariant could be a formula like this: p((begin pointer p current pointer p = 4 0) star(p) = value)

20 Outline Herbrand theorem and many-sorted logic Quantifier over uninterpreted domain Sufficiently stratified Quantifier over interpreted domain Essentially ground and finite partition Sorted vs unsorted sort inference Heuristics for complete instantiation Model guided instantiation

21 Herbrand theorem of unsorted first order logic Given x(p(f (x)) P(a)) Herbrand universe {a, f (a), f (f (a)), f (f (f (a))),...} Herbrand theorem x(p(f (x)) P(a)) is satisfiable iff ((P(a) P(f (a))) (P(a) P(f (f (a)))) (P(a) P(f (f (f (a)))))...) is

22 Herbrand theorem of unsorted first order logic Given x(p(f (x)) P(a)) Herbrand universe {a, f (a), f (f (a)), f (f (f (a))),...} Herbrand theorem x(p(f (x)) P(a)) is satisfiable iff ((P(a) P(f (a))) (P(a) P(f (f (a)))) (P(a) P(f (f (f (a)))))...) is A finite Herbrand universe means a decidable fragment. When Herbrand universe is finite?

23 Herbrand theorem of unsorted first order logic Given x(p(f (x)) P(a)) Herbrand universe {a, f (a), f (f (a)), f (f (f (a))),...} Herbrand theorem x(p(f (x)) P(a)) is satisfiable iff ((P(a) P(f (a))) (P(a) P(f (f (a)))) (P(a) P(f (f (f (a)))))...) is A finite Herbrand universe means a decidable fragment. When Herbrand universe is finite? No function (Bernays-Schonfinkel class, EPR)

24 Herbrand theorem of unsorted first order logic Given x(p(f (x)) P(a)) Herbrand universe {a, f (a), f (f (a)), f (f (f (a))),...} Herbrand theorem x(p(f (x)) P(a)) is satisfiable iff ((P(a) P(f (a))) (P(a) P(f (f (a)))) (P(a) P(f (f (f (a)))))...) is A finite Herbrand universe means a decidable fragment. When Herbrand universe is finite? No function (Bernays-Schonfinkel class, EPR) Can we have some functions?

25 Many-sorted first order logic Sorts are like types of programming languages Quantifiers range over part of the domain only y x z Many-sorted logic is as powerful as unsorted logic

26 Many-sorted first order logic Sorts are like types of programming languages Quantifiers range over part of the domain only y x z Many-sorted logic is as powerful as unsorted logic Sorts are natural from SMT applications Sorts are supported in SMT solvers already

27 Many-sorted first order logic Sorts are like types of programming languages Quantifiers range over part of the domain only y x z Many-sorted logic is as powerful as unsorted logic Sorts are natural from SMT applications Sorts are supported in SMT solvers already Herbrand theorem in many-sorted logic Functions do not mean infinite Herbrand universe

28 Sufficiently stratified formula Idea: If there are no cycles between quantified sorts, then the Herbrand universe is finite, which in turn means decidable

29 Sufficiently stratified formula Idea: If there are no cycles between quantified sorts, then the Herbrand universe is finite, which in turn means decidable Define s 1 s 2 iff exists f (..., x,...) maps a variable of s 1 to s 2 is only defined for sorts of quantified variables Define T R( ) as transitive closure of A formula is sufficiently stratified : If there is no s such that s, s T R( )

30 Sufficiently stratified formula Idea: If there are no cycles between quantified sorts, then the Herbrand universe is finite, which in turn means decidable Define s 1 s 2 iff exists f (..., x,...) maps a variable of s 1 to s 2 is only defined for sorts of quantified variables Define T R( ) as transitive closure of A formula is sufficiently stratified : If there is no s such that s, s T R( ) Theorem A sufficiently stratified formula is decidable by instantiation

31 Equality and interpreted sorts Equality is allowed on quantified domain Extension of works by Fontaine et al Cycles of non-quantified sorts are allowed x(f (x) = b g(h(b)) = h(g(b))) Interpreted functions and predicates are allowed on non-quantified sorts

32 Equality and interpreted sorts Equality is allowed on quantified domain Extension of works by Fontaine et al Cycles of non-quantified sorts are allowed x(f (x) = b g(h(b)) = h(g(b))) Interpreted functions and predicates are allowed on non-quantified sorts Interpreted and quantified?

33 Equality and interpreted sorts Equality is allowed on quantified domain Extension of works by Fontaine et al Cycles of non-quantified sorts are allowed x(f (x) = b g(h(b)) = h(g(b))) Interpreted functions and predicates are allowed on non-quantified sorts Interpreted and quantified? May have problems, e.g. cardinality constraints x(x = a), trouble when x and a are integers We need a more restricted fragment

34 Essentially ground formulas Idea: in an infinite domain if the formulas can only specify the property of a subset, not an individual, it should be decidable. We call this essentially ground f....

35 Essentially ground formulas Idea: in an infinite domain if the formulas can only specify the property of a subset, not an individual, it should be decidable. We call this essentially ground f.... A general form of essentially ground formulas (Other?) x(φ Ψ) Φ satisfies finite partition property Variables only appears as arguments of uninterpreted functions and predicates in Ψ No constants in Ψ appear as arguments of uninterpreted functions and predicates

36 Finite partition A formula ϕ satisfies finite partition property if: The domain could be partition into a finite number of subsets For each group, a representative term tr could be constructed. Assume the interpretation of tr is er. For each group P, any element e P, if ϕ[x/e] holds then ϕ[x/er] holds We call tr above representative terms, and er as representative elements

37 Finite partition A formula ϕ satisfies finite partition property if: The domain could be partition into a finite number of subsets For each group, a representative term tr could be constructed. Assume the interpretation of tr is er. For each group P, any element e P, if ϕ[x/e] holds then ϕ[x/er] holds We call tr above representative terms, and er as representative elements Theorem A sufficiently stratified formula x(φ Ψ) in the above general form is satisfiable iff {t is a representative term} (Φ Ψ)[x/t] is satisfiable

38 Formulas of finite partition To prove a formula satisfies finite partition property, show the partition and representative term(s)

39 Formulas of finite partition To prove a formula satisfies finite partition property, show the partition and representative term(s) The conjunction and disjunction of following atomic formulas satisfy finite partition property x,y are variables, a,b are constants, i is a known integer a x x a x y x = i b

40 Sorted vs. unsorted What if a formulas is in a unsorted logic? Think an unsorted formula as sorted Assign pseudo-sorts to variables and constants by sort inference (very much like the type inference)

41 Sorted vs. unsorted What if a formulas is in a unsorted logic? Think an unsorted formula as sorted Assign pseudo-sorts to variables and constants by sort inference (very much like the type inference) If a formula has a model in unsorted logic, it has a model in sorted logic

42 Sorted vs. unsorted What if a formulas is in a unsorted logic? Think an unsorted formula as sorted Assign pseudo-sorts to variables and constants by sort inference (very much like the type inference) If a formula has a model in unsorted logic, it has a model in sorted logic If a formula has a model in sorted logic, no guarantee it has a model in unsorted logic x, y(x y f (x) f (y)) x(f (x) d) x(x = b) The first two mean the domain is infinite The last means there is only one element in the domain We can think f maps from a sort to a different sort unsatisfiable in unsorted logic, but satisfiable in sorted logic

43 Sorted vs. unsorted What if a formulas is in a unsorted logic? Think an unsorted formula as sorted Assign pseudo-sorts to variables and constants by sort inference (very much like the type inference) If a formula has a model in unsorted logic, it has a model in sorted logic If a formula has a model in sorted logic, no guarantee it has a model in unsorted logic x, y(x y f (x) f (y)) x(f (x) d) x(x = b) The first two mean the domain is infinite The last means there is only one element in the domain We can think f maps from a sort to a different sort unsatisfiable in unsorted logic, but satisfiable in sorted logic Everything uninterpreted, YES

44 Sorted vs. unsorted What if a formulas is in a unsorted logic? Think an unsorted formula as sorted Assign pseudo-sorts to variables and constants by sort inference (very much like the type inference) If a formula has a model in unsorted logic, it has a model in sorted logic If a formula has a model in sorted logic, no guarantee it has a model in unsorted logic x, y(x y f (x) f (y)) x(f (x) d) x(x = b) The first two mean the domain is infinite The last means there is only one element in the domain We can think f maps from a sort to a different sort unsatisfiable in unsorted logic, but satisfiable in sorted logic Everything uninterpreted, YES Essentially ground formulas, YES

45 Even more? With some extra work, we handle the following formula.

46 Even more? With some extra work, we handle the following formula. x, y(x < y f (x) f (y) <= b) Useful for reasoning about strictly sorted arrays

47 Even more? With some extra work, we handle the following formula. x, y(x < y f (x) f (y) <= b) Useful for reasoning about strictly sorted arrays Step function and essentially ground step function f, the derivative f = 0

48 Even more? With some extra work, we handle the following formula. x, y(x < y f (x) f (y) <= b) Useful for reasoning about strictly sorted arrays Step function and essentially ground step function f, the derivative f = 0 Allow f to be other constant Construct two representative terms for each segment Add extra formulas

49 Implementation Yeting Ge, Leonardo Figure: de Moura Naive instantiation G γ xϕ is the set of (tuples of) ground terms for instantiation SOLVE(GF ) return a pair R, M, R is UNSAT or SAT When R is SAT, M is a model of GF PICK(GT,M) return a pair S, g, S is status flag, and g a term from GT. 0. MODEL GUIDED INST(γ, xϕ) 1. GT = G γ xϕ 2. GF = γ 3. LOOP 4. R, M = SOLVE(GF ) 5. IF R == UNSAT THEN RETURN UNSAT 6. S, g = PICK(GT,M) 7. IF S RETURN SAT 8. GT = GT { g} 9. GF = GF ϕ[ x/ g] 10. END

50 Implementing PICK (Model Checking) Brute force enumeration Find a g that falsifies ϕ Use SMT solver for searching g 1. sko = fresh constants 2. ϕ = M(ϕ)[ x/ sko] 3. R, M = SOLVE( ϕ ) 4. IF R == UNSAT THEN RETURN FALSE, 5. RETURN TRUE, TO TERM(M ( sko), M, GT ) Special purpose model checker

51 Examples, model guided instantiation Suppose: x(0 x 0 f (x)), 1 f (a), 2 a,b 0, 1 f (b)

52 Examples, model guided instantiation Suppose: x(0 x 0 f (x)), 1 f (a), 2 a,b 0, 1 f (b) A model of the ground formulas could be: a = 2, b = 0, f (0) = 1, f (2) = 1, f (other) = 0

53 Examples, model guided instantiation Suppose: x(0 x 0 f (x)), 1 f (a), 2 a,b 0, 1 f (b) A model of the ground formulas could be: a = 2, b = 0, f (0) = 1, f (2) = 1, f (other) = 0 Plug in the model, we check 0 sk (0 (if sk = 0 then 1 else if sk = 2 then 1 else 0), which is satisfiable with sk = 2

54 Examples, model guided instantiation Suppose: x(0 x 0 f (x)), 1 f (a), 2 a,b 0, 1 f (b) A model of the ground formulas could be: a = 2, b = 0, f (0) = 1, f (2) = 1, f (other) = 0 Plug in the model, we check 0 sk (0 (if sk = 0 then 1 else if sk = 2 then 1 else 0), which is satisfiable with sk = 2 Since a = 2, we go on to instantiate with a, we have (0 a 0 f (a))

55 Examples, model guided instantiation Suppose: x(0 x 0 f (x)), 1 f (a), 2 a,b 0, 1 f (b) A model of the ground formulas could be: a = 2, b = 0, f (0) = 1, f (2) = 1, f (other) = 0 Plug in the model, we check 0 sk (0 (if sk = 0 then 1 else if sk = 2 then 1 else 0), which is satisfiable with sk = 2 Since a = 2, we go on to instantiate with a, we have (0 a 0 f (a)) A new model of all ground formulas could be: a = 2, b = 0, f (0) = 1, f (2) = 0, f (other) = 0

56 Examples, model guided instantiation Suppose: x(0 x 0 f (x)), 1 f (a), 2 a,b 0, 1 f (b) A model of the ground formulas could be: a = 2, b = 0, f (0) = 1, f (2) = 1, f (other) = 0 Plug in the model, we check 0 sk (0 (if sk = 0 then 1 else if sk = 2 then 1 else 0), which is satisfiable with sk = 2 Since a = 2, we go on to instantiate with a, we have (0 a 0 f (a)) A new model of all ground formulas could be: a = 2, b = 0, f (0) = 1, f (2) = 0, f (other) = 0 Plug in the new model, we check 0 sk (0 (if sk = 0 then 1 else if sk = 2 then 0 else 0), which is unsatisfiable. We conclude that we found a model.

57 Examples, model guided instantiation Suppose: x(0 x 0 f (x)), 1 f (a), 2 a,b 0, 1 f (b) A model of the ground formulas could be: a = 2, b = 0, f (0) = 1, f (2) = 1, f (other) = 0 Plug in the model, we check 0 sk (0 (if sk = 0 then 1 else if sk = 2 then 1 else 0), which is satisfiable with sk = 2 Since a = 2, we go on to instantiate with a, we have (0 a 0 f (a)) A new model of all ground formulas could be: a = 2, b = 0, f (0) = 1, f (2) = 0, f (other) = 0 Plug in the new model, we check 0 sk (0 (if sk = 0 then 1 else if sk = 2 then 0 else 0), which is unsatisfiable. We conclude that we found a model. We use a SMT solver to solve sk. We could do better if we have a special model finder for sk

58 Special purpose model checker Suppose: x(0 x 0 f (x)), 1 f (a), 2 a,b 0, 1 f (b) A model of the ground formulas could be: a = 2, b = 0, f (0) = 1, f (2) = 1, f (other) = 0

59 Special purpose model checker Suppose: x(0 x 0 f (x)), 1 f (a), 2 a,b 0, 1 f (b) A model of the ground formulas could be: a = 2, b = 0, f (0) = 1, f (2) = 1, f (other) = 0 Find in the model a value of x such that 0 f (x) is false, we have one with x = 2

60 Special purpose model checker Suppose: x(0 x 0 f (x)), 1 f (a), 2 a,b 0, 1 f (b) A model of the ground formulas could be: a = 2, b = 0, f (0) = 1, f (2) = 1, f (other) = 0 Find in the model a value of x such that 0 f (x) is false, we have one with x = 2 Check that 0 2 holds

61 Special purpose model checker Suppose: x(0 x 0 f (x)), 1 f (a), 2 a,b 0, 1 f (b) A model of the ground formulas could be: a = 2, b = 0, f (0) = 1, f (2) = 1, f (other) = 0 Find in the model a value of x such that 0 f (x) is false, we have one with x = 2 Check that 0 2 holds Since a = 2, instantiate with a...

62 Related works Bradley et al Fontaine et al Habermehl et al Based on a customized automata Difference constraints and modulo equality in the index guard x, y(x y + 1 f (x) f (y) b) Only difference constraints in the value constraints part x, y(x y f (x) + f (y) b) NO Only conjunction in the value constraints part x, y(x y f (x) a f (y) b) NO

63 Future works Other general form of essentially ground? More finite property formulas? Quantified other theories? Quantifier over both interpreted and uninterpreted domain Empirical study of model guided instantiation

Deductive Methods, Bounded Model Checking

Deductive Methods, Bounded Model Checking Deductive Methods, Bounded Model Checking http://d3s.mff.cuni.cz Pavel Parízek CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Deductive methods Pavel Parízek Deductive Methods, Bounded

More information

Decision Procedures in the Theory of Bit-Vectors

Decision Procedures in the Theory of Bit-Vectors Decision Procedures in the Theory of Bit-Vectors Sukanya Basu Guided by: Prof. Supratik Chakraborty Department of Computer Science and Engineering, Indian Institute of Technology, Bombay May 1, 2010 Sukanya

More information

Symbolic and Concolic Execution of Programs

Symbolic and Concolic Execution of Programs Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015 Information Security, CS 526 1 Reading for this lecture Symbolic execution and program testing - James

More information

Leonardo de Moura and Nikolaj Bjorner Microsoft Research

Leonardo de Moura and Nikolaj Bjorner Microsoft Research Leonardo de Moura and Nikolaj Bjorner Microsoft Research A Satisfiability Checker with built-in support for useful theories Z3 is a solver developed at Microsoft Research. Development/Research driven by

More information

Lost in translation. Leonardo de Moura Microsoft Research. how easy problems become hard due to bad encodings. Vampire Workshop 2015

Lost in translation. Leonardo de Moura Microsoft Research. how easy problems become hard due to bad encodings. Vampire Workshop 2015 Lost in translation how easy problems become hard due to bad encodings Vampire Workshop 2015 Leonardo de Moura Microsoft Research I wanted to give the following talk http://leanprover.github.io/ Automated

More information

Overview. CS389L: Automated Logical Reasoning. Lecture 6: First Order Logic Syntax and Semantics. Constants in First-Order Logic.

Overview. CS389L: Automated Logical Reasoning. Lecture 6: First Order Logic Syntax and Semantics. Constants in First-Order Logic. Overview CS389L: Automated Logical Reasoning Lecture 6: First Order Logic Syntax and Semantics Işıl Dillig So far: Automated reasoning in propositional logic. Propositional logic is simple and easy to

More information

Generating Small Countermodels. Andrew Reynolds Intel August 30, 2012

Generating Small Countermodels. Andrew Reynolds Intel August 30, 2012 Generating Small Countermodels using SMT Andrew Reynolds Intel August 30, 2012 Acknowledgements Intel Corporation AmitGoel, Sava Krstic University of Iowa Cesare Tinelli, Francois Bobot New York University

More information

Decision Procedures for Equality Logic. Daniel Kroening and Ofer Strichman 1

Decision Procedures for Equality Logic. Daniel Kroening and Ofer Strichman 1 in First Order Logic for Equality Logic Daniel Kroening and Ofer Strichman 1 Outline Introduction Definition, complexity Reducing Uninterpreted Functions to Equality Logic Using Uninterpreted Functions

More information

Solving Quantified Verification Conditions using Satisfiability Modulo Theories

Solving Quantified Verification Conditions using Satisfiability Modulo Theories Solving Quantified Verification Conditions using Satisfiability Modulo Theories Yeting Ge 1, Clark Barrett 1, and Cesare Tinelli 2 1 New York University, yeting barrett@cs.nyu.edu 2 The University of Iowa,

More information

Finding and Fixing Bugs in Liquid Haskell. Anish Tondwalkar

Finding and Fixing Bugs in Liquid Haskell. Anish Tondwalkar Finding and Fixing Bugs in Liquid Haskell Anish Tondwalkar Overview Motivation Liquid Haskell Fault Localization Fault Localization Evaluation Predicate Discovery Predicate Discovery Evaluation Conclusion

More information

Motivation. CS389L: Automated Logical Reasoning. Lecture 17: SMT Solvers and the DPPL(T ) Framework. SMT solvers. The Basic Idea.

Motivation. CS389L: Automated Logical Reasoning. Lecture 17: SMT Solvers and the DPPL(T ) Framework. SMT solvers. The Basic Idea. Motivation Lecture 17: SMT rs and the DPPL(T ) Framework şıl Dillig n previous lectures, we looked at decision procedures for conjunctive formulas in various first-order theories This lecture: How to handle

More information

Formally Certified Satisfiability Solving

Formally Certified Satisfiability Solving SAT/SMT Proof Checking Verifying SAT Solver Code Future Work Computer Science, The University of Iowa, USA April 23, 2012 Seoul National University SAT/SMT Proof Checking Verifying SAT Solver Code Future

More information

DPLL(Γ+T): a new style of reasoning for program checking

DPLL(Γ+T): a new style of reasoning for program checking DPLL(Γ+T ): a new style of reasoning for program checking Dipartimento di Informatica Università degli Studi di Verona Verona, Italy June, 2011 Motivation: reasoning for program checking Program checking

More information

Definition: A context-free grammar (CFG) is a 4- tuple. variables = nonterminals, terminals, rules = productions,,

Definition: A context-free grammar (CFG) is a 4- tuple. variables = nonterminals, terminals, rules = productions,, CMPSCI 601: Recall From Last Time Lecture 5 Definition: A context-free grammar (CFG) is a 4- tuple, variables = nonterminals, terminals, rules = productions,,, are all finite. 1 ( ) $ Pumping Lemma for

More information

Foundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution

Foundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution Foundations of AI 9. Predicate Logic Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution Wolfram Burgard, Andreas Karwath, Bernhard Nebel, and Martin Riedmiller 09/1 Contents Motivation

More information

Reasoning About Set Comprehensions

Reasoning About Set Comprehensions Reasoning About Set Comprehensions Edmund S L Lam 1 and Iliano Cervesato 1 Carnegie Mellon University sllam@qatarcmuedu, iliano@cmuedu Abstract Set comprehension is a mathematical notation for defining

More information

Minimum Satisfying Assignments for SMT. Işıl Dillig, Tom Dillig Ken McMillan Alex Aiken College of William & Mary Microsoft Research Stanford U.

Minimum Satisfying Assignments for SMT. Işıl Dillig, Tom Dillig Ken McMillan Alex Aiken College of William & Mary Microsoft Research Stanford U. Minimum Satisfying Assignments for SMT Işıl Dillig, Tom Dillig Ken McMillan Alex Aiken College of William & Mary Microsoft Research Stanford U. 1 / 20 Satisfiability Modulo Theories (SMT) Today, SMT solvers

More information

Instantiation Schemes for Nested Theories

Instantiation Schemes for Nested Theories 0 Instantiation Schemes for Nested Theories MNACHO ECHENIM, Grenoble INP-Ensimag/Laboratory of Informatics of Grenoble NICOLAS PELTIER, CNRS/Laboratory of Informatics of Grenoble This paper investigates

More information

Decision Procedures in First Order Logic

Decision Procedures in First Order Logic in First Order Logic for Equality Logic Daniel Kroening and Ofer Strichman 1 Outline Introduction Definition, complexity Reducing Uninterpreted Functions to Equality Logic Using Uninterpreted Functions

More information

Andrew Reynolds Liana Hadarean

Andrew Reynolds Liana Hadarean 425,7 3!7441$ 89028147 30,7 #0, 7 9 209.&8 3 $ Andrew Reynolds Liana Hadarean July 15, 2010 1 . 34 0/ 020398 University of Iowa Andrew Reynolds, Cesare Tinelli, Aaron Stump Liana Hadarean, Yeting Ge, Clark

More information

Solving Quantified Verification Conditions using Satisfiability Modulo Theories

Solving Quantified Verification Conditions using Satisfiability Modulo Theories Solving Quantified Verification Conditions using Satisfiability Modulo Theories Yeting Ge 1, Clark Barrett 1, and Cesare Tinelli 2 1 New York University, yeting barrett@cs.nyu.edu 2 The University of Iowa,

More information

Range Restriction for General Formulas

Range Restriction for General Formulas Range Restriction for General Formulas 1 Range Restriction for General Formulas Stefan Brass Martin-Luther-Universität Halle-Wittenberg Germany Range Restriction for General Formulas 2 Motivation Deductive

More information

Rethinking Automated Theorem Provers?

Rethinking Automated Theorem Provers? Rethinking Automated Theorem Provers? David J. Pearce School of Engineering and Computer Science Victoria University of Wellington @WhileyDave http://whiley.org http://github.com/whiley Background Verification:

More information

Improving Coq Propositional Reasoning Using a Lazy CNF Conversion

Improving Coq Propositional Reasoning Using a Lazy CNF Conversion Using a Lazy CNF Conversion Stéphane Lescuyer Sylvain Conchon Université Paris-Sud / CNRS / INRIA Saclay Île-de-France FroCoS 09 Trento 18/09/2009 Outline 1 Motivation and background Verifying an SMT solver

More information

Constraint Solving. Systems and Internet Infrastructure Security

Constraint Solving. Systems and Internet Infrastructure Security Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Constraint Solving Systems

More information

COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS

COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS Mathias Preiner?y, Aina Niemetz?y and Armin Biere?? Johannes Kepler University y Stanford University SMT Workshop July 22-23, 2017 Heidelberg, Germany Introduction

More information

CSC Discrete Math I, Spring Sets

CSC Discrete Math I, Spring Sets CSC 125 - Discrete Math I, Spring 2017 Sets Sets A set is well-defined, unordered collection of objects The objects in a set are called the elements, or members, of the set A set is said to contain its

More information

CS 512, Spring 2017: Take-Home End-of-Term Examination

CS 512, Spring 2017: Take-Home End-of-Term Examination CS 512, Spring 2017: Take-Home End-of-Term Examination Out: Tuesday, 9 May 2017, 12:00 noon Due: Wednesday, 10 May 2017, by 11:59 am Turn in your solutions electronically, as a single PDF file, by placing

More information

Efficiently Solving Quantified Bit-Vector Formulas

Efficiently Solving Quantified Bit-Vector Formulas FMSD manuscript No. (will be inserted by the editor) Efficiently Solving Quantified Bit-Vector Formulas Christoph M. Wintersteiger Youssef Hamadi Leonardo de Moura Received: date / Accepted: date Abstract

More information

Congruence Closure in Intensional Type Theory

Congruence Closure in Intensional Type Theory Congruence Closure in Intensional Type Theory Daniel Selsam 1 Leonardo de Moura 2 1 Stanford University 2 Microsoft Research June 30, 2016 Goal Intensional type theory (ITT) Coq, Lean, Agda, Epigram, Idris

More information

COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS

COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS Mathias Preiner, Aina Niemetz and Armin Biere Johannes Kepler University Stanford University SMT Workshop July 22-23, 2017 Heidelberg, Germany Introduction Counterexample-Guided

More information

LEARNING TO INSTANTIATE QUANTIFIERS

LEARNING TO INSTANTIATE QUANTIFIERS LEARNING TO INSTANTIATE QUANTIFIERS Armin Biere 1 joint work with Mathias Preiner 1,2, Aina Niemetz 1,2 TACAS 17, SMT 17, PhD Thesis Mathias Preiner in 2017 1 Johannes Kepler University Linz 2 Stanford

More information

Module 6. Knowledge Representation and Logic (First Order Logic) Version 2 CSE IIT, Kharagpur

Module 6. Knowledge Representation and Logic (First Order Logic) Version 2 CSE IIT, Kharagpur Module 6 Knowledge Representation and Logic (First Order Logic) Lesson 15 Inference in FOL - I 6.2.8 Resolution We have introduced the inference rule Modus Ponens. Now we introduce another inference rule

More information

Linear Time Unit Propagation, Horn-SAT and 2-SAT

Linear Time Unit Propagation, Horn-SAT and 2-SAT Notes on Satisfiability-Based Problem Solving Linear Time Unit Propagation, Horn-SAT and 2-SAT David Mitchell mitchell@cs.sfu.ca September 25, 2013 This is a preliminary draft of these notes. Please do

More information

Small Formulas for Large Programs: On-line Constraint Simplification In Scalable Static Analysis

Small Formulas for Large Programs: On-line Constraint Simplification In Scalable Static Analysis Small Formulas for Large Programs: On-line Constraint Simplification In Scalable Static Analysis Isil Dillig, Thomas Dillig, Alex Aiken Stanford University Scalability and Formula Size Many program analysis

More information

Bounded reachability of model programs

Bounded reachability of model programs Bounded reachability of model programs Microsoft Research Technical Report MSR-TR-2008-81 Margus Veanes Microsoft Research, Redmond margus@microsoft.com Ando Saabas Institute of Cybernetics, TUT, Tallinn,

More information

Lecture Notes on Real-world SMT

Lecture Notes on Real-world SMT 15-414: Bug Catching: Automated Program Verification Lecture Notes on Real-world SMT Matt Fredrikson Ruben Martins Carnegie Mellon University Lecture 15 1 Introduction In the previous lecture we studied

More information

Chapter 10 Part 1: Reduction

Chapter 10 Part 1: Reduction //06 Polynomial-Time Reduction Suppose we could solve Y in polynomial-time. What else could we solve in polynomial time? don't confuse with reduces from Chapter 0 Part : Reduction Reduction. Problem X

More information

8 NP-complete problem Hard problems: demo

8 NP-complete problem Hard problems: demo Ch8 NPC Millennium Prize Problems http://en.wikipedia.org/wiki/millennium_prize_problems 8 NP-complete problem Hard problems: demo NP-hard (Non-deterministic Polynomial-time hard), in computational complexity

More information

Notes. Notes. Introduction. Notes. Propositional Functions. Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry.

Notes. Notes. Introduction. Notes. Propositional Functions. Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry. Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Spring 2006 1 / 1 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 1.3 1.4 of Rosen cse235@cse.unl.edu Introduction

More information

Sets MAT231. Fall Transition to Higher Mathematics. MAT231 (Transition to Higher Math) Sets Fall / 31

Sets MAT231. Fall Transition to Higher Mathematics. MAT231 (Transition to Higher Math) Sets Fall / 31 Sets MAT231 Transition to Higher Mathematics Fall 2014 MAT231 (Transition to Higher Math) Sets Fall 2014 1 / 31 Outline 1 Sets Introduction Cartesian Products Subsets Power Sets Union, Intersection, Difference

More information

COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS

COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS Mathias Preiner, Aina Niemetz and Armin Biere Institute for Formal Models and Verification (FMV) Johannes Kepler University, Linz, Austria http://fmv.jku.at/ TACAS

More information

Finite Model Generation for Isabelle/HOL Using a SAT Solver

Finite Model Generation for Isabelle/HOL Using a SAT Solver Finite Model Generation for / Using a SAT Solver Tjark Weber webertj@in.tum.de Technische Universität München Winterhütte, März 2004 Finite Model Generation for / p.1/21 is a generic proof assistant: Highly

More information

SOFTWARE ENGINEERING DESIGN I

SOFTWARE ENGINEERING DESIGN I 2 SOFTWARE ENGINEERING DESIGN I 3. Schemas and Theories The aim of this course is to learn how to write formal specifications of computer systems, using classical logic. The key descriptional technique

More information

Boolean Functions (Formulas) and Propositional Logic

Boolean Functions (Formulas) and Propositional Logic EECS 219C: Computer-Aided Verification Boolean Satisfiability Solving Part I: Basics Sanjit A. Seshia EECS, UC Berkeley Boolean Functions (Formulas) and Propositional Logic Variables: x 1, x 2, x 3,, x

More information

Yices 1.0: An Efficient SMT Solver

Yices 1.0: An Efficient SMT Solver Yices 1.0: An Efficient SMT Solver AFM 06 Tutorial Leonardo de Moura (joint work with Bruno Dutertre) {demoura, bruno}@csl.sri.com. Computer Science Laboratory SRI International Menlo Park, CA Yices: An

More information

Conceptual modeling of entities and relationships using Alloy

Conceptual modeling of entities and relationships using Alloy Conceptual modeling of entities and relationships using Alloy K. V. Raghavan Indian Institute of Science, Bangalore Conceptual modeling What is it? Capture requirements, other essential aspects of software

More information

VS 3 : SMT Solvers for Program Verification

VS 3 : SMT Solvers for Program Verification VS 3 : SMT Solvers for Program Verification Saurabh Srivastava 1,, Sumit Gulwani 2, and Jeffrey S. Foster 1 1 University of Maryland, College Park, {saurabhs,jfoster}@cs.umd.edu 2 Microsoft Research, Redmond,

More information

EECS 219C: Formal Methods Boolean Satisfiability Solving. Sanjit A. Seshia EECS, UC Berkeley

EECS 219C: Formal Methods Boolean Satisfiability Solving. Sanjit A. Seshia EECS, UC Berkeley EECS 219C: Formal Methods Boolean Satisfiability Solving Sanjit A. Seshia EECS, UC Berkeley The Boolean Satisfiability Problem (SAT) Given: A Boolean formula F(x 1, x 2, x 3,, x n ) Can F evaluate to 1

More information

9/19/12. Why Study Discrete Math? What is discrete? Sets (Rosen, Chapter 2) can be described by discrete math TOPICS

9/19/12. Why Study Discrete Math? What is discrete? Sets (Rosen, Chapter 2) can be described by discrete math TOPICS What is discrete? Sets (Rosen, Chapter 2) TOPICS Discrete math Set Definition Set Operations Tuples Consisting of distinct or unconnected elements, not continuous (calculus) Helps us in Computer Science

More information

Yices 1.0: An Efficient SMT Solver

Yices 1.0: An Efficient SMT Solver Yices 1.0: An Efficient SMT Solver SMT-COMP 06 Leonardo de Moura (joint work with Bruno Dutertre) {demoura, bruno}@csl.sri.com. Computer Science Laboratory SRI International Menlo Park, CA Yices: An Efficient

More information

SAT-CNF Is N P-complete

SAT-CNF Is N P-complete SAT-CNF Is N P-complete Rod Howell Kansas State University November 9, 2000 The purpose of this paper is to give a detailed presentation of an N P- completeness proof using the definition of N P given

More information

Software development using B method. Julien Cervelle LACL - UPEC

Software development using B method. Julien Cervelle LACL - UPEC Software development using B method Julien Cervelle LACL - UPEC Outline Introduction B abstract machine First order logic of set theory Substitutions Proof obligations Refinement Introduction B method

More information

Decision Procedures for Recursive Data Structures with Integer Constraints

Decision Procedures for Recursive Data Structures with Integer Constraints Decision Procedures for Recursive Data Structures with Ting Zhang, Henny B Sipma, Zohar Manna Stanford University tingz,sipma,zm@csstanfordedu STeP Group, June 29, 2004 IJCAR 2004 - p 1/31 Outline Outline

More information

Evolving model evolution

Evolving model evolution University of Iowa Iowa Research Online Theses and Dissertations Fall 2009 Evolving model evolution Alexander Fuchs University of Iowa Copyright 2009 Alexander Fuchs This dissertation is available at Iowa

More information

Pooya Saadatpanah, Michalis Famelis, Jan Gorzny, Nathan Robinson, Marsha Chechik, Rick Salay. September 30th, University of Toronto.

Pooya Saadatpanah, Michalis Famelis, Jan Gorzny, Nathan Robinson, Marsha Chechik, Rick Salay. September 30th, University of Toronto. Comparing the Pooya Michalis Jan Nathan Marsha Chechik, Rick Salay University of Toronto September 30th, 2012 MoDeVVa 12 1 / 32 in software modeling : pervasive in MDE Models with uncertainty: Represent

More information

Rewriting Needs Constraints and Constraints Need Rewriting

Rewriting Needs Constraints and Constraints Need Rewriting Rewriting Needs Constraints and Constraints Need Rewriting José Meseguer Department of Computer Science, UIUC ints 14 November 2008 Motivation Symbolic Computation, Rewriting, and Constraints Rewriting

More information

Module 6. Knowledge Representation and Logic (First Order Logic) Version 2 CSE IIT, Kharagpur

Module 6. Knowledge Representation and Logic (First Order Logic) Version 2 CSE IIT, Kharagpur Module 6 Knowledge Representation and Logic (First Order Logic) 6.1 Instructional Objective Students should understand the advantages of first order logic as a knowledge representation language Students

More information

From: FM 2006 Alloy Intro and Logic. Greg Dennis and Rob Seater Software Design Group, MIT

From: FM 2006 Alloy Intro and Logic. Greg Dennis and Rob Seater Software Design Group, MIT From: FM 2006 Alloy Intro and Logic Greg Dennis and Rob Seater Software Design Group, MIT agenda Intro & Logic Language & Analysis Dynamic Modeling M.C. Escher Observations Software is built on abstractions

More information

PROPOSITIONAL LOGIC (2)

PROPOSITIONAL LOGIC (2) PROPOSITIONAL LOGIC (2) based on Huth & Ruan Logic in Computer Science: Modelling and Reasoning about Systems Cambridge University Press, 2004 Russell & Norvig Artificial Intelligence: A Modern Approach

More information

Satisfiability Modulo Theories. DPLL solves Satisfiability fine on some problems but not others

Satisfiability Modulo Theories. DPLL solves Satisfiability fine on some problems but not others DPLL solves Satisfiability fine on some problems but not others DPLL solves Satisfiability fine on some problems but not others Does not do well on proving multipliers correct pigeon hole formulas cardinality

More information

A Pearl on SAT Solving in Prolog (extended abstract)

A Pearl on SAT Solving in Prolog (extended abstract) A Pearl on SAT Solving in Prolog (extended abstract) Jacob M. Howe and Andy King 1 Introduction The Boolean satisfiability problem, SAT, is of continuing interest because a variety of problems are naturally

More information

CAV Verification Mentoring Workshop 2017 SMT Solving

CAV Verification Mentoring Workshop 2017 SMT Solving CAV Verification Mentoring Workshop 2017 SMT Solving Alberto Griggio Fondazione Bruno Kessler Trento, Italy The SMT problem Satisfiability Modulo Theories Given a (quantifier-free) FOL formula and a (decidable)

More information

This is already grossly inconvenient in present formalisms. Why do we want to make this convenient? GENERAL GOALS

This is already grossly inconvenient in present formalisms. Why do we want to make this convenient? GENERAL GOALS 1 THE FORMALIZATION OF MATHEMATICS by Harvey M. Friedman Ohio State University Department of Mathematics friedman@math.ohio-state.edu www.math.ohio-state.edu/~friedman/ May 21, 1997 Can mathematics be

More information

Lecture 4. First order logic is a formal notation for mathematics which involves:

Lecture 4. First order logic is a formal notation for mathematics which involves: 0368.4435 Automatic Software Verification April 14, 2015 Lecture 4 Lecturer: Mooly Sagiv Scribe: Nimrod Busany, Yotam Frank Lesson Plan 1. First order logic recap. 2. The SMT decision problem. 3. Basic

More information

Model-Checking Modulo Theories at Work: the integration of Yices in MCMT

Model-Checking Modulo Theories at Work: the integration of Yices in MCMT Model-Checking Modulo Theories at Work: the integration of Yices in MCMT Silvio Ghilardi Dipartimento di Scienze dell Informazione Università degli Studi di Milano ghilardi@dsi.unimi.it Silvio Ranise Dipartimento

More information

n HW7 due in about ten days n HW8 will be optional n No CLASS or office hours on Tuesday n I will catch up on grading next week!

n HW7 due in about ten days n HW8 will be optional n No CLASS or office hours on Tuesday n I will catch up on grading next week! Announcements SMT Solvers, Symbolic Execution n HW7 due in about ten days n HW8 will be optional n No CLASS or office hours on Tuesday n I will catch up on grading next week! n Presentations n Some of

More information

CS 3512, Spring Instructor: Doug Dunham. Textbook: James L. Hein, Discrete Structures, Logic, and Computability, 3rd Ed. Jones and Barlett, 2010

CS 3512, Spring Instructor: Doug Dunham. Textbook: James L. Hein, Discrete Structures, Logic, and Computability, 3rd Ed. Jones and Barlett, 2010 CS 3512, Spring 2011 Instructor: Doug Dunham Textbook: James L. Hein, Discrete Structures, Logic, and Computability, 3rd Ed. Jones and Barlett, 2010 Prerequisites: Calc I, CS2511 Rough course outline:

More information

SAT solver of Howe & King as a logic program

SAT solver of Howe & King as a logic program SAT solver of Howe & King as a logic program W lodzimierz Drabent June 6, 2011 Howe and King [HK11b, HK11a] presented a SAT solver which is an elegant and concise Prolog program of 22 lines. It is not

More information

NP and computational intractability. Kleinberg and Tardos, chapter 8

NP and computational intractability. Kleinberg and Tardos, chapter 8 NP and computational intractability Kleinberg and Tardos, chapter 8 1 Major Transition So far we have studied certain algorithmic patterns Greedy, Divide and conquer, Dynamic programming to develop efficient

More information

Enhancing the Alloy Analyzer with Patterns of Analysis

Enhancing the Alloy Analyzer with Patterns of Analysis Enhancing the Alloy Analyzer with Patterns of Analysis William Heaven in collaboration with Alessandra Russo Imperial College London Motivation Formal techniques not yet widely adopted by programmers.

More information

Automated Theorem Proving and Proof Checking

Automated Theorem Proving and Proof Checking Automated Theorem Proving and Proof Checking #1 #2 Cunning Theorem-Proving Plan There are full-semester courses on automated deduction; we will elide details. Logic Syntax Theories Satisfiability Procedures

More information

Where Can We Draw The Line?

Where Can We Draw The Line? Where Can We Draw The Line? On the Hardness of Satisfiability Problems Complexity 1 Introduction Objectives: To show variants of SAT and check if they are NP-hard Overview: Known results 2SAT Max2SAT Complexity

More information

versat: A Verified Modern SAT Solver

versat: A Verified Modern SAT Solver Computer Science, The University of Iowa, USA Satisfiability Problem (SAT) Is there a model for the given propositional formula? Model: assignments to the variables that makes the formula true. SAT if

More information

CSE 20 DISCRETE MATH. Fall

CSE 20 DISCRETE MATH. Fall CSE 20 DISCRETE MATH Fall 2017 http://cseweb.ucsd.edu/classes/fa17/cse20-ab/ Final exam The final exam is Saturday December 16 11:30am-2:30pm. Lecture A will take the exam in Lecture B will take the exam

More information

SMT-Based Bounded Model Checking for Embedded ANSI-C Software. Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva

SMT-Based Bounded Model Checking for Embedded ANSI-C Software. Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva SMT-Based Bounded Model Checking for Embedded ANSI-C Software Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva b.fischer@ecs.soton.ac.uk Bounded Model Checking (BMC) Basic Idea: check negation of given

More information

The SMT-LIB 2 Standard: Overview and Proposed New Theories

The SMT-LIB 2 Standard: Overview and Proposed New Theories 1 / 23 The SMT-LIB 2 Standard: Overview and Proposed New Theories Philipp Rümmer Oxford University Computing Laboratory philr@comlab.ox.ac.uk Third Workshop on Formal and Automated Theorem Proving and

More information

15-819M: Data, Code, Decisions

15-819M: Data, Code, Decisions 15-819M: Data, Code, Decisions 08: First-Order Logic André Platzer aplatzer@cs.cmu.edu Carnegie Mellon University, Pittsburgh, PA André Platzer (CMU) 15-819M/08: Data, Code, Decisions 1 / 40 Outline 1

More information

Propositional Logic Formal Syntax and Semantics. Computability and Logic

Propositional Logic Formal Syntax and Semantics. Computability and Logic Propositional Logic Formal Syntax and Semantics Computability and Logic Syntax and Semantics Syntax: The study of how expressions are structured (think: grammar) Semantics: The study of the relationship

More information

EECS 219C: Computer-Aided Verification Boolean Satisfiability Solving. Sanjit A. Seshia EECS, UC Berkeley

EECS 219C: Computer-Aided Verification Boolean Satisfiability Solving. Sanjit A. Seshia EECS, UC Berkeley EECS 219C: Computer-Aided Verification Boolean Satisfiability Solving Sanjit A. Seshia EECS, UC Berkeley Project Proposals Due Friday, February 13 on bcourses Will discuss project topics on Monday Instructions

More information

PKIND: A parallel k-induction based model checker

PKIND: A parallel k-induction based model checker PKIND: A parallel k-induction based model checker Temesghen Kahsai The University of Iowa temesghen-kahsaiazene@uiowa.edu Cesare Tinelli The University of Iowa cesare-tinelli@uiowa.edu PKIND is a novel

More information

CS Bootcamp Boolean Logic Autumn 2015 A B A B T T T T F F F T F F F F T T T T F T F T T F F F

CS Bootcamp Boolean Logic Autumn 2015 A B A B T T T T F F F T F F F F T T T T F T F T T F F F 1 Logical Operations 1.1 And The and operator is a binary operator, denoted as, &,, or sometimes by just concatenating symbols, is true only if both parameters are true. A B A B F T F F F F The expression

More information

Formalization of Incremental Simplex Algorithm by Stepwise Refinement

Formalization of Incremental Simplex Algorithm by Stepwise Refinement Formalization of Incremental Simplex Algorithm by Stepwise Refinement Mirko Spasić, Filip Marić Faculty of Mathematics, University of Belgrade FM2012, 30. August 2012. Overview 1 Introduction 2 Approach

More information

Towards a Logical Reconstruction of Relational Database Theory

Towards a Logical Reconstruction of Relational Database Theory Towards a Logical Reconstruction of Relational Database Theory On Conceptual Modelling, Lecture Notes in Computer Science. 1984 Raymond Reiter Summary by C. Rey November 27, 2008-1 / 63 Foreword DB: 2

More information

Propositional Calculus: Boolean Algebra and Simplification. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

Propositional Calculus: Boolean Algebra and Simplification. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson Propositional Calculus: Boolean Algebra and Simplification CS 270: Mathematical Foundations of Computer Science Jeremy Johnson Propositional Calculus Topics Motivation: Simplifying Conditional Expressions

More information

A Decision Procedure for (Co)datatypes in SMT Solvers. Andrew Reynolds Jasmin Christian Blanchette IJCAI sister conference track, July 12, 2016

A Decision Procedure for (Co)datatypes in SMT Solvers. Andrew Reynolds Jasmin Christian Blanchette IJCAI sister conference track, July 12, 2016 A Decision Procedure for (Co)datatypes in SMT Solvers Andrew Reynolds Jasmin Christian Blanchette IJCAI sister conference track, July 12, 2016 Satisfiability Modulo Theories (SMT) Solvers Software Verification

More information

Module 3. Requirements Analysis and Specification. Version 2 CSE IIT, Kharagpur

Module 3. Requirements Analysis and Specification. Version 2 CSE IIT, Kharagpur Module 3 Requirements Analysis and Specification Lesson 6 Formal Requirements Specification Specific Instructional Objectives At the end of this lesson the student will be able to: Explain what a formal

More information

Tree Interpolation in Vampire

Tree Interpolation in Vampire Tree Interpolation in Vampire Régis Blanc 1, Ashutosh Gupta 2, Laura Kovács 3, and Bernhard Kragl 4 1 EPFL 2 IST Austria 3 Chalmers 4 TU Vienna Abstract. We describe new extensions of the Vampire theorem

More information

8.1 Polynomial-Time Reductions

8.1 Polynomial-Time Reductions 8.1 Polynomial-Time Reductions Classify Problems According to Computational Requirements Q. Which problems will we be able to solve in practice? A working definition. Those with polynomial-time algorithms.

More information

PHIL 240, Introduction to Logic, Sections Fall 2011 FINAL EXAM 14 December Name (5 points): Section (5 points):

PHIL 240, Introduction to Logic, Sections Fall 2011 FINAL EXAM 14 December Name (5 points): Section (5 points): Section I True / False questions (2 points each) 1. TRUE Any argument that is sound is also valid. 2. FALSE_ If the premises of an argument are all true, then that argument is sound. 3. TRUE Every universal

More information

Automatic Software Verification

Automatic Software Verification Automatic Software Verification Instructor: Mooly Sagiv TA: Oded Padon Slides from Eran Yahav and the Noun Project, Wikipedia Course Requirements Summarize one lecture 10% one lecture notes 45% homework

More information

Mixed Integer Linear Programming

Mixed Integer Linear Programming Mixed Integer Linear Programming Part I Prof. Davide M. Raimondo A linear program.. A linear program.. A linear program.. Does not take into account possible fixed costs related to the acquisition of new

More information

Discrete Mathematics Lecture 4. Harper Langston New York University

Discrete Mathematics Lecture 4. Harper Langston New York University Discrete Mathematics Lecture 4 Harper Langston New York University Sequences Sequence is a set of (usually infinite number of) ordered elements: a 1, a 2,, a n, Each individual element a k is called a

More information

On the Combination of the Bernays Schönfinkel Ramsey Fragment with Simple Linear Integer Arithmetic

On the Combination of the Bernays Schönfinkel Ramsey Fragment with Simple Linear Integer Arithmetic On the Combination of the Bernays Schönfinkel Ramsey Fragment with Simple Linear Integer Arithmetic Matthias Horbach, Marco Voigt, Christoph Weidenbach To cite this version: Matthias Horbach, Marco Voigt,

More information

Template-based Program Verification and Program Synthesis

Template-based Program Verification and Program Synthesis Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) Template-based Program Verification and Program Synthesis Saurabh Srivastava and Sumit Gulwani and Jeffrey S. Foster

More information

The Rule of Constancy(Derived Frame Rule)

The Rule of Constancy(Derived Frame Rule) The Rule of Constancy(Derived Frame Rule) The following derived rule is used on the next slide The rule of constancy {P } C {Q} {P R} C {Q R} where no variable assigned to in C occurs in R Outline of derivation

More information

Th(N, +) is decidable

Th(N, +) is decidable Theorem 6.12 Th(N, +) is decidable Presented by: Brian Lee Two Domains 1. We can give an algorithm to decide truth 2. A problem is undecidable First Order Logic Also known as First order predicate calculus

More information

( A(x) B(x) C(x)) (A(x) A(y)) (C(x) C(y))

( A(x) B(x) C(x)) (A(x) A(y)) (C(x) C(y)) 1 Introduction Finite model theory studies the expressive power of logics on finite models. Classical model theory, on the other hand, concentrates on infinite structures: its origins are in mathematics,

More information

Reductions. Linear Time Reductions. Desiderata. Reduction. Desiderata. Classify problems according to their computational requirements.

Reductions. Linear Time Reductions. Desiderata. Reduction. Desiderata. Classify problems according to their computational requirements. Desiderata Reductions Desiderata. Classify problems according to their computational requirements. Frustrating news. Huge number of fundamental problems have defied classification for decades. Desiderata'.

More information

Action Language Verifier, Extended

Action Language Verifier, Extended Action Language Verifier, Extended Tuba Yavuz-Kahveci 1, Constantinos Bartzis 2, and Tevfik Bultan 3 1 University of Florida 2 Carnegie Mellon University 3 UC, Santa Barbara 1 Introduction Action Language

More information