Satisfiability Modulo Theories. DPLL solves Satisfiability fine on some problems but not others

Similar documents
Yices 1.0: An Efficient SMT Solver

Yices 1.0: An Efficient SMT Solver

Integration of SMT Solvers with ITPs There and Back Again

Formally Certified Satisfiability Solving

Deductive Methods, Bounded Model Checking

A Decision Procedure for (Co)datatypes in SMT Solvers. Andrew Reynolds Jasmin Christian Blanchette IJCAI sister conference track, July 12, 2016

Rethinking Automated Theorem Provers?

Challenging Problems for Yices

Automated Theorem Proving and Proof Checking

Generating Small Countermodels. Andrew Reynolds Intel August 30, 2012

Satisfiability Modulo Theories: ABsolver

Leonardo de Moura and Nikolaj Bjorner Microsoft Research

Improving Coq Propositional Reasoning Using a Lazy CNF Conversion

Symbolic and Concolic Execution of Programs

Motivation. CS389L: Automated Logical Reasoning. Lecture 17: SMT Solvers and the DPPL(T ) Framework. SMT solvers. The Basic Idea.

SMT-LIB for HOL. Daniel Kroening Philipp Rümmer Georg Weissenbacher Oxford University Computing Laboratory. ITP Workshop MSR Cambridge 25 August 2009

Finite Model Generation for Isabelle/HOL Using a SAT Solver

SAT Solver. CS 680 Formal Methods Jeremy Johnson

GNATprove a Spark2014 verifying compiler Florian Schanda, Altran UK

DPLL(Γ+T): a new style of reasoning for program checking

Satisfiability (SAT) Applications. Extensions/Related Problems. An Aside: Example Proof by Machine. Annual Competitions 12/3/2008

Andrew Reynolds Liana Hadarean

Playing with Vampire: the dark art of theorem proving

An Introduction to Satisfiability Modulo Theories

An Industrially Useful Prover

SAT Solvers. Ranjit Jhala, UC San Diego. April 9, 2013

Lee Pike. June 3, 2005

Minimum Satisfying Assignments for SMT. Işıl Dillig, Tom Dillig Ken McMillan Alex Aiken College of William & Mary Microsoft Research Stanford U.

SMT Solvers for Verification and Synthesis. Andrew Reynolds VTSA Summer School August 1 and 3, 2017

Decision Procedures in First Order Logic

HySAT. what you can use it for how it works example from application domain final remarks. Christian Herde /12

Integrating a SAT Solver with Isabelle/HOL

Deductive Program Verification with Why3

Tree Interpolation in Vampire

Encoding First Order Proofs in SMT

CAV Verification Mentoring Workshop 2017 SMT Solving

Specification, Verification, and Interactive Proof

Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories. ACSys Seminar

Decision Procedures in the Theory of Bit-Vectors

Why3 A Multi-Prover Platform for Program Verification

SAT-based Model Checking for C programs

Incremental Proof Development in Dafny

SMTCoq: A plug-in for integrating SMT solvers into Coq

Decision Procedures for Equality Logic. Daniel Kroening and Ofer Strichman 1

Proving SPARK Verification Conditions with SMT solvers

The Design and Implementation of the Model Constructing Satisfiability Calculus

Towards certification of TLA + proof obligations with SMT solvers

Template-based Circuit Understanding

The Prototype Verification System PVS

Built-in Treatment of an Axiomatic Floating-Point Theory for SMT Solvers

Semantic Subtyping with an SMT Solver

Deductive Program Verification with Why3, Past and Future

Lecture 4. First order logic is a formal notation for mathematics which involves:

Axiomatic Specification. Al-Said, Apcar, Jerejian

Seminar decision procedures: Certification of SAT and unsat proofs

Software Model Checking. Xiangyu Zhang

Overview. CS389L: Automated Logical Reasoning. Lecture 6: First Order Logic Syntax and Semantics. Constants in First-Order Logic.

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27

PVS, SAL, and the ToolBus

Ranking Functions for Loops with Disjunctive Exit-Conditions

Finding and Fixing Bugs in Liquid Haskell. Anish Tondwalkar

Applications of Logic in Software Engineering. CS402, Spring 2016 Shin Yoo

The SMT-LIBv2 Language and Tools: A Tutorial

versat: A Verified Modern SAT Solver

Why. an intermediate language for deductive program verification

VS 3 : SMT Solvers for Program Verification

Introduction to dependent types in Coq

Solving Quantified Verification Conditions using Satisfiability Modulo Theories

Improving Haskell Types with SMT

Exploring Abstraction Techniques for Scalable Bit-Precise Verification of Embedded Software

6c Lecture 3 & 4: April 8 & 10, 2014

OpenSMT2. A Parallel, Interpolating SMT Solver. Antti Hyvärinen, Matteo Marescotti, Leonardo Alt, Sepideh Asadi, and Natasha Sharygina

Integration of SMT-LIB Support into Maple

Normal Forms for Boolean Expressions

SAT Modulo Bounded Checking

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Small Formulas for Large Programs: On-line Constraint Simplification In Scalable Static Analysis

[Draft. Please do not distribute] Online Proof-Producing Decision Procedure for Mixed-Integer Linear Arithmetic

Refutation-Based Synthesis in SMT

SAT/SMT summer school 2015 Introduction to SMT

OpenMath and SMT-LIB

Lecture Notes on Real-world SMT

Interpretations and Models. Chapter Axiomatic Systems and Incidence Geometry

Refutation-based synthesis in SMT

Pluggable SAT-Solvers for SMT-Solvers

Lecture 10 Design by Contract

Module 6. Knowledge Representation and Logic (First Order Logic) Version 2 CSE IIT, Kharagpur

Better test results for the graph coloring and the Pigeonhole Problems using DPLL with k-literal representation

Outline. 1 Background. 2 Symbolic Execution. 3 Whitebox Fuzzing. 4 Summary. 1 Cost of each Microsoft Security Bulletin: $Millions

Why3 where programs meet provers

Semantic Subtyping with an SMT Solver

Lost in translation. Leonardo de Moura Microsoft Research. how easy problems become hard due to bad encodings. Vampire Workshop 2015

System Description of a SAT-based CSP Solver Sugar

Learning Techniques for Pseudo-Boolean Solving and Optimization

SMT solvers for Rodin

Verification of JML Generic Types with Yices

CODE ANALYSIS CARPENTRY

Pooya Saadatpanah, Michalis Famelis, Jan Gorzny, Nathan Robinson, Marsha Chechik, Rick Salay. September 30th, University of Toronto.

Opportunities for Industrial Applications of Formal Methods

Deductive Verification in Frama-C and SPARK2014: Past, Present and Future

Transcription:

DPLL solves Satisfiability fine on some problems but not others

DPLL solves Satisfiability fine on some problems but not others Does not do well on proving multipliers correct pigeon hole formulas cardinality constraints

DPLL solves Satisfiability fine on some problems but not others Does not do well on proving multipliers correct pigeon hole formulas cardinality constraints Can do well on bounded model checking but often it does not Is intended for propositional formulas

DPLL solves Satisfiability fine on some problems but not others Does not do well on proving multipliers correct pigeon hole formulas cardinality constraints Can do well on bounded model checking but often it does not Is intended for propositional formulas SMT combines subsolvers for certain classes of first order formulas with a DPLL SAT solver

What is a first order formula? Quantification (, )

What is a first order formula? Quantification (, ) Predicates: for all 2-colorings of the numbers from 1 to n there exists an arithmetic progression of length l among numbers of the same color. S {1...n} ( S SP(S,l) S SP(S,l))

What is a first order theory?

What is a first order theory? Axioms, deduction rules

What is a first order theory? Axioms, deduction rules Theory: all axioms plus whatever can be deduced from them

What is a first order theory? Axioms, deduction rules Theory: all axioms plus whatever can be deduced from them Examples: Real numbers: let R denote the set of real numbers 1. Operators + and exist, R + R R, R R R 2. {0, 1} R, 1 a a, 0 + a a 3. a + b = b + a, a b = b a 4. a + (b + c) = (a + b) + c, a (b c) = (a b) c 5. a (b + c) = (a b) + (a c) 6. a R a,a 1 R a + ( a) = 0,a a 1 = 1 (a 0) 7. Operator : x,y,z R x y x + z y + z x,y R x 0 and y 0 x y 0 8. LU B(S R) exists if S, S has upper bound

What is a first order theory? More examples: Theory of linear arithmetic (ax + by <= c)

What is a first order theory? More examples: Theory of linear arithmetic (ax + by <= c) Theory of bit vectors (concat(bv 1,bv 2 ) == bv 3 )

What is a first order theory? More examples: Theory of linear arithmetic (ax + by <= c) Theory of bit vectors (concat(bv 1,bv 2 ) == bv 3 ) Theory of arrays (arr[i := v 1 ][j] = v 2 )

What is a first order theory? More examples: Theory of linear arithmetic (ax + by <= c) Theory of bit vectors (concat(bv 1,bv 2 ) == bv 3 ) Theory of arrays (arr[i := v 1 ][j] = v 2 ) Theory of uninterpreted functions (f(f(f(x))) == x)

What can SMT do better than SAT? Boolean variables are replaced by predicates from various theories The resulting language makes it easier to express properties

What can SMT do better than SAT? Boolean variables are replaced by predicates from various theories The resulting language makes it easier to express properties Examples: dataflow of words, as well as bits a < x < b: simple tests involving three bit vectors but, as a collection of clauses: (x d a d ) ( x d a d x d 1 a d 1 )...

How does it work? The SAT solver takes care of reasoning When needed, it consults a theory solver which decides the validity of predicates.

How to use it? Example: Yices Formula example: i 1 = j + 2,f(i 3) f(j + 6)

How to use it? Example: Yices Formula example: i 1 = j + 2,f(i 3) f(j + 6) Applications: equivalence checking, bounded model checking, test case generation, embedded in theorem provers

How to use it? Example: Yices Formula example: i 1 = j + 2,f(i 3) f(j + 6) Applications: equivalence checking, bounded model checking, test case generation, embedded in theorem provers Example: yices ex1.ys (define f::(-> int int)) (define i::int) (define j::int) (assert (= (- i 1) (+ j 2))) (assert (/= (f (+ i 3)) (f (+ j 6)))) Obviously false

Example: yices ex2.ys (define x::int) (define y::int) (define z::int) (assert (= (+ (* 3 x) (* 6 y) z) 1)) (assert (= z 2)) (check) Need the (check) to show unsatisfiable 3 x + 6 y gives multiples of 3 (3, 0, 3, 6,...)

Example: yices -e ex3.ys (define x::int) (define y::int) (define f::(-> int int)) (assert (/= (f (+ x 2)) (f (- y 1)))) (assert (= x (- y 4))) (check) Counterexample: x = 0, y = 4 f(2) = 1,f(3) = 5

Example: yices -e ex4.ys (define f::(-> int int)) (define i::int) (define j::int) (define k::int) (assert+ (= (+ i (* 2 k)) 10)) (assert+ (= (- i 1) (+ j 2))) (assert+ (= (f k) (f i))) (assert+ (/= (f (+ i 3)) (f (+ j 6)))) (check) (retract 2) (check) 1. unsat core ids: 2 4 2. sat, i = 4, k = 3, j = 8, f(3) = 15, f(4) = 15, f(7) = 16, f(14) = 17 Assertions made with assert+ can be retracted. Lemmas discovered in first check are reused in second.

Example: yices -e ex5.ys Returns: (define f::(-> int int)) (define i::int) (define j::int) (define k::int) (assert+ (= (+ i (* 2 k)) 10) 10) (assert+ (= (- i 1) (+ j 2)) 20) (assert+ (= (f k) (f i)) 30) (assert+ (/= (f (+ i 3)) (f (+ j 6))) 15) (max-sat) sat unsatisfied assertion ids: 4 (= i 4) (= k 3) (= j 1) (= (f 3) 8) (= (f 4) 8) (= (f 7) 9) cost: 15

Example: yices -e f1.ys unsat (define A1::(-> int int)) (define A2::(-> int int)) (define v::int) (define w::int) (define x::int) (define y::int) (define g::(-> (-> int int) int)) (define f::(-> int int)) (assert (= (update A1 (x) v) A2)) (assert (= (update A1 (y) w) A2)) (assert (/= (f x) (f y))) (assert (/= (g A1) (g A2))) (check) Yices does not distinguish between functions and arrays

Example: yices -e f1.ys unsat (define A1::(-> int int)) (define A2::(-> int int)) (define v::int) (define w::int) (define x::int) (define y::int) (define g::(-> (-> int int) int)) (define f::(-> int int)) (assert (= (update A1 (x) v) A2)) (assert (= (update A1 (y) w) A2)) (assert (/= (f x) (f y))) (assert (/= (g A1) (g A2))) (check) Yices does not distinguish between functions and arrays Remove (assert (/= (f x) (f y))) to get sat (= x 1) (= v 2) (= y 1) (= w 2) (= (A2 1) 2) (= (A1 1) 3) (= (g A1) 4) (= (g A2) 5)

Example: yices -e f2.ys Returns: (define f::(-> int int)) (assert (or (= f (lambda (x::int) 0)) (= f (lambda (x::int) (+ x 1))))) (define x::int) (assert (and (>= x 1) (<= x 2))) (assert (>= (f x) 3)) (check) sat (= x 2) (= (f 2) 3) (= (f 4) 5)

Example: yices -e dt.ys (define-type list (datatype (cons car::int cdr::list) nil)) (define l1::list) (define l2::list) (assert (not (nil? l2))) (assert (not (nil? l1))) (assert (= (car l1) (car l2))) (assert (= (cdr l1) (cdr l2))) (assert (/= l1 l2)) (check) unsat so l1 and l2 must be the same!

Example: yices -e bv.ys sat b=0b0101 (define b::(bitvector 4)) (assert (= b (bv-add 0b0010 0b0011))) (check)

Example: yices -e d.ys (define x::real) (define y::int) (define floor::(-> x::real (subtype (r::int) (and (>= x r) (< x (+ r 1)))))) (assert (and (> x 5) (< x 6))) (assert (= y (floor x))) (check) sat (= x 11/2) (= y 5) (= (floor 11/2) 5) State property of uninterpreted function

Example: yices -e q.ys unsat (define f::(-> int int)) (define g::(-> int int)) (define a::int) (assert (forall (x::int) (= (f x) x))) (assert (forall (x::int) (= (g (g x)) x))) (assert (/= (g (f (g a))) a)) (check) Quantifier example

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback