Andrew Reynolds Liana Hadarean

Similar documents
Formally Certified Satisfiability Solving

SMTCoq: A plug-in for integrating SMT solvers into Coq

Extended Abstract: Combining a Logical Framework with an RUP Checker for SMT Proofs

SMT Proof Checking Using a Logical Framework

COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS

Dependently Typed Programming with Mutable State

Generating Small Countermodels. Andrew Reynolds Intel August 30, 2012

COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS

A Tour of CVC4. Tim King

Scaling Up DPLL(T) String Solvers Using Context-Dependent Simplification

LEARNING TO INSTANTIATE QUANTIFIERS

COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS

versat: A Verified Modern SAT Solver

argo-lib: A Generic Platform for Decision Procedures

Formally certified satisfiability solving

SMT Solvers for Verification and Synthesis. Andrew Reynolds VTSA Summer School August 1 and 3, 2017

The SMT-LIB 2 Standard: Overview and Proposed New Theories

SMT-LIB for HOL. Daniel Kroening Philipp Rümmer Georg Weissenbacher Oxford University Computing Laboratory. ITP Workshop MSR Cambridge 25 August 2009

Seminar decision procedures: Certification of SAT and unsat proofs

Formalization of Incremental Simplex Algorithm by Stepwise Refinement

Small Formulas for Large Programs: On-line Constraint Simplification In Scalable Static Analysis

DPLL(Γ+T): a new style of reasoning for program checking

OpenSMT2. A Parallel, Interpolating SMT Solver. Antti Hyvärinen, Matteo Marescotti, Leonardo Alt, Sepideh Asadi, and Natasha Sharygina

Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories. ACSys Seminar

Producing Proofs from an Arithmetic Decision Procedure in Elliptical LF

Satisfiability Modulo Theories. DPLL solves Satisfiability fine on some problems but not others

Towards certification of TLA + proof obligations with SMT solvers

Decision Procedures in the Theory of Bit-Vectors

Fine-grained SMT proofs for the theory of fixed-width bit-vectors

Deductive Methods, Bounded Model Checking

OpenMath and SMT-LIB

[Draft. Please do not distribute] Online Proof-Producing Decision Procedure for Mixed-Integer Linear Arithmetic

Types. Type checking. Why Do We Need Type Systems? Types and Operations. What is a type? Consensus

Symbolic and Concolic Execution of Programs

Improving Coq Propositional Reasoning Using a Lazy CNF Conversion

A Decision Procedure for (Co)datatypes in SMT Solvers. Andrew Reynolds Jasmin Christian Blanchette IJCAI sister conference track, July 12, 2016

Lost in translation. Leonardo de Moura Microsoft Research. how easy problems become hard due to bad encodings. Vampire Workshop 2015

Refutation-Based Synthesis in SMT

CAV Verification Mentoring Workshop 2017 SMT Solving

Quantifier Inference Rules for SMT proofs

The SMT-LIB Standard Version 2.0

Integrating a SAT Solver with Isabelle/HOL

An Introduction to Satisfiability Modulo Theories

An Industrially Useful Prover

Integration of SMT-LIB Support into Maple

Lemmas on Demand for Lambdas

Improving Haskell Types with SMT

Refutation-based synthesis in SMT

Satisfiability Modulo Theories: ABsolver

Ranking Functions for Loops with Disjunctive Exit-Conditions

The SMT-LIBv2 Language and Tools: A Tutorial

Lecture Notes on Real-world SMT

Yices 1.0: An Efficient SMT Solver

DPLL(T ):Fast Decision Procedures

Predicate Refinement Heuristics in Program Verification with CEGAR

An Improved Separation of Regular Resolution from Pool Resolution and Clause Learning

Evaluating the SMT-LIB repository as a benchmark source for software verification

Decision Procedures for Equality Logic. Daniel Kroening and Ofer Strichman 1

CVC4. 2 University of Iowa

Integration of SMT Solvers with ITPs There and Back Again

Quantier Inference Rules for SMT proofs

Tree Interpolation in Vampire

Mechanically-Verified Validation of Satisfiability Solvers

Isabelle/HOL:Selected Features and Recent Improvements

arxiv: v1 [cs.pl] 22 May 2014

Decision Procedures in First Order Logic

Cuts from Proofs: A Complete and Practical Technique for Solving Linear Inequalities over Integers

Yices 1.0: An Efficient SMT Solver

Clause Sharing and Partitioning for Cloud-Based SMT Solving

Isabelle Tutorial: System, HOL and Proofs

Built-in Treatment of an Axiomatic Floating-Point Theory for SMT Solvers

Satisfiability (SAT) Applications. Extensions/Related Problems. An Aside: Example Proof by Machine. Annual Competitions 12/3/2008

Leonardo de Moura and Nikolaj Bjorner Microsoft Research

NO WARRANTY. Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the trademark holder.

ddsmt: A Delta Debugger for the SMT-LIB v2 Format

Finite Model Generation for Isabelle/HOL Using a SAT Solver

ArgoExpression: SMT-LIB 2.0 compliant expression library

Definition: A context-free grammar (CFG) is a 4- tuple. variables = nonterminals, terminals, rules = productions,,

Reasoning About Set Comprehensions

Language Techniques for Provably Safe Mobile Code

NP Completeness. Andreas Klappenecker [partially based on slides by Jennifer Welch]

Automated reasoning over string constraints

Cooperating Theorem Provers: A Case Study Combining HOL-Light and CVC Lite

Automated Theorem Proving and Proof Checking

The Design and Implementation of the Model Constructing Satisfiability Calculus

PySMT: a Solver-Agnostic Library for Fast Prototyping of SMT-Based Algorithms

A Decision Procedure for (Co)datatypes in SMT Solvers

Motivation. CS389L: Automated Logical Reasoning. Lecture 17: SMT Solvers and the DPPL(T ) Framework. SMT solvers. The Basic Idea.

SAT Solvers. Ranjit Jhala, UC San Diego. April 9, 2013

Proofs in Satisfiability Modulo Theories

Combinational Equivalence Checking

Math Interim Mini-Tests. 3rd Grade Mini-Tests

Using an SMT Solver and Craig Interpolation to Detect and Remove Redundant Linear Constraints in Representations of Non-Convex Polyhedra

New Encodings of Pseudo-Boolean Constraints into CNF

The 4 th Competition on Syntax-Guided Synthesis. Rajeev Alur, Dana Fisman, Rishabh Singh and Armando Solar-Lezama

The SMT-LIB Standard Version 2.0. Clark Barrett Aaron Stump Cesare Tinelli

Automated Theorem Proving in a First-Order Logic with First Class Boolean Sort

NP-Complete Reductions 2

Computability Theory

ArgoSMTExpression: an SMT-LIB 2.0 compliant expression library

Transcription:

425,7 3!7441$ 89028147 30,7 #0, 7 9 209.&8 3 $ Andrew Reynolds Liana Hadarean July 15, 2010 1

. 34 0/ 020398 University of Iowa Andrew Reynolds, Cesare Tinelli, Aaron Stump Liana Hadarean, Yeting Ge, Clark Barrett 2

49 ;,9 431479 8 47 SMT solvers are difficult to verify Code may be complex (10k+ loc) Code is subject to change Alternatively, solvers can justify answers with proofs There is need for third party certification Must ensure that proof is valid 3

079 1 3 $% $4 ;07 8 38 078 For satisfiable : Provide a satisfying assignment For unsatisfiable : Provide a proof of unsatisfiability 4

7. 90.9:70 sat Solver unsat Assignment Proof of Unsatisfiability... Proof Checker Proof Valid Proof Invalid 5

!7441 0. 3, 03 08 Flexibility Different solvers have different needs Solvers can change over time Many different theories Speed Practical for use with solvers Measured time against solving time 6

;07; 0 Certification of proofs in QF_LRA Use LFSC for proof checking Experiments with QF_LRA proof systems Examine declarative vs computational Use CVC3 for proof generation 7

!7441 0. 3 3 $ Edinburgh Logical Framework (LF) [Harper et al 1993] Based on type theory Meta framework for defining logical systems LF with side conditions (LFSC) [Stump et al 2008] Meta-logical proof checker Side Conditions Support for Integer, Rational arithmetic If proof term type-checks, Then proof is considered valid 8

,25 0574417: 0 (declare and_intro (! f1 formula (! f2 formula (! p1 (proof f1) (! p2 (proof f2) (proof (and f1 f2))))))) 9

!74417: 0 9 8 /0.43/ 9 43 (declare ineq_contradiction (! p poly (! p1 (proof (> p 0)) (! s (^ (is_positive (simplify p)) ff) false)))) 10

!74417: 0 9 8 /0.43/ 9 43 Side conditions Written in simply typed functional language Most are concise (less than 10 loc) 11

!74417: 0 9 8 /0.43/ 9 43 (program simplify ((p poly)) real (match p ((poly c' l') (match (is_zero l') (tt c') (ff fail))))) (^ (is_positive (simplify p)) ff) 12

8 /0.43/ 9 438 Mirror high-performance solver inferences More Efficient Smaller Proof Size Faster Checking time Amount can be fine tuned Fully Declarative Fully Computational 13

$ 59 2,9 438 009, ( Incremental Checking Proof checking occurs while reading proof Deferred Resolution Efficient to check boolean inferences Compiled Side Condition Code Compiled instead of interpreted code 14

4397 -:9 438419 8 47 ( Demonstrate capabilities of LFSC Flexibility in: Handling new logic (QF_LRA) Defining multiple proof systems for this logic Developed LFSC signatures for QF_LRA Instrumented CVC3 to produce proofs in system Comparative analysis 15

' Refutation based prover for SMT Support for many different logics Integer/Real, Arrays, Data types, etc. Support for quantifiers Proof generation Native format 16

'94 $574418 CVC3 sat unsat.. CVC3 Proof of Unsatisfiability LFSC Proof of Unsatisfiability Did not modify CVC3 core Translated CVC3 Proofs to LFSC Opportunity to test different translations LFSC.. 17

5574,. 08 Literal translation (Lit) Mimics the structure of CVC3 proofs Liberal translation (Lib) Compacts portions of proof to side conditions Limits compaction to QF_LRA theory lemmas Aggressive Liberal translation (Lib-A) Extends compaction to equality reasoning proof fragments Declarative Lit Lib Lib-A Computational 18

'!74418 Proof derives false from: Input formulas Theory Lemmas i.e. ( x+1 > x ) Proof Rules Many rules (100+) Rewrite axioms Mostly Declarative 19

425,.9 431742'94 $ Theory lemmas in QF_LRA Ex: ( 2x>2y ) ( y>x+5 ) Proof of unsatisfiability from assumptions 20

425,.9 431742'94 $ Theory lemmas in QF_LRA Ex: ( 2x>2y ) ( y>x+5 ) Can be done by finding set of coefficients ½* 2x > 2y 1 * y > x + 5 x + y > y + x + 5 0 > 5 21

425,.9 431742'94 $ LFSC proofs use polynomial formulas Ex: Instead of 2x > 2y, (2x 2y) > 0 Proof of theory lemmas are always of the form: Intuition: For each CVC3 rule, determine corresponding coefficient to multiply each premise by to obtain contradictory polynomial c p 22

425,.9 431742'94 $ CVC3 rules mapped to polynomial operations Applies to all proof rules for theory lemmas However, not applicable to boolean portions Compaction occurs because: Condense redundant operations Eliminate trivial subproofs, such as those involving only rewrite axioms 23

!7441425,.9 43,25 0 Theory lemma example: ½* 1 * 2x > 2y y > x + 5 x + y > y + x + 5 0 > 5 24

!7441425,.9 43 8905 Map to operations on polynomials 25

!7441425,.9 43 8905 Remove redundant operations 26

7088 ;0-07, 97,38,9 43 Attempt to compact all theory inferences When conversion gets stuck, Switch to literal translation Compact Translation Literal Translation 27

507 2039, 708: 98 Selection of 145 unsatisfiable QF_LRA benchmarks Each solved 60s by CVC3 Proof generation 300s Configurations CVC3 native proof (CVC3) Literal (Lit) Liberal (Lib) Aggressive Liberal (Lib-A) 28

!74418 0';8 9 29

!74418 0 Lit vs Lib Lit vslib-a 30

!7441. 0. 3 9 20 Lit vslib Lit vslib-a 31

!7441. 0. 3 ;8 $4 ; 3 Solving vslit Solving vslib 32

3, 8 8 Theory content 11% on average For theory heavy benchmarks Lib compresses proof sizes 34% Lib-A compresses proofs sizes 58% (16% overhead on non-theory benchmarks) Lib is the most effective method overall with an average compression of 12% 33

3, 8 8.439 3:0/ When isolated to theory component Lib compresses proof sizes factor of 5.24 Lib improves proof checking factor of 2.7 Overall, Lib proof checking is factor of 2.6 faster than solving time 34

43. :8 438 LFSC is a pragmatic approach to proof checking Efficient Checking times fast w.r.t. solving Trustworthy Small/not complex side condition code Clear definition of trusted components Flexible Signature is separate from checker Effective for different proof systems 35

:9:70 47 Demonstrate scalability for QF_LRA Integration with CVC4 New decision procedures New logics (arrays etc.) Public release of LFSC Tool for signature creation LFSC proof generation library Interpolant generating proofs 36

Questions? 37

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback