The SMT-LIB 2 Standard: Overview and Proposed New Theories

Similar documents
SMT-LIB for HOL. Daniel Kroening Philipp Rümmer Georg Weissenbacher Oxford University Computing Laboratory. ITP Workshop MSR Cambridge 25 August 2009

The SMT-LIB Standard Version 2.0

A Proposal for a Theory of Finite Sets, Lists, and Maps for the SMT-Lib Standard

An Introduction to Satisfiability Modulo Theories

ArgoExpression: SMT-LIB 2.0 compliant expression library

Integration of SMT Solvers with ITPs There and Back Again

The SMT-LIB Standard Version 2.0. Clark Barrett Aaron Stump Cesare Tinelli

The SMT-LIB Standard Version 2.0. Clark Barrett Aaron Stump Cesare Tinelli

OpenMath and SMT-LIB

Formally Certified Satisfiability Solving

Abstraction techniques for Floating-Point Arithmetic

Lecture Notes on Real-world SMT

Andrew Reynolds Liana Hadarean

The design of a programming language for provably correct programs: success and failure

SMT Solvers for Verification and Synthesis. Andrew Reynolds VTSA Summer School August 1 and 3, 2017

Integration of SMT-LIB Support into Maple

More on Verification and Model Checking

Generating Small Countermodels. Andrew Reynolds Intel August 30, 2012

ArgoSMTExpression: an SMT-LIB 2.0 compliant expression library

arxiv: v1 [cs.pl] 22 May 2014

smt-lib in xml clothes

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27

Yices 1.0: An Efficient SMT Solver

Proving SPARK Verification Conditions with SMT solvers

Symbolic and Concolic Execution of Programs

The SMT-LIBv2 Language and Tools: A Tutorial

Simple proofs of simple programs in Why3

SOFTWARE ENGINEERING DESIGN I

Deductive Verification in Frama-C and SPARK2014: Past, Present and Future

Formalization of Incremental Simplex Algorithm by Stepwise Refinement

Why. an intermediate language for deductive program verification

Bounded Model Checking Of C Programs: CBMC Tool Overview

Reasoning About Set Comprehensions

11th International Satisfiability Modulo Theories Competition (SMT-COMP 2016): Rules and Procedures

A Michael Jackson presentation. CSE503: Software Engineering. The following slides are from his keynote at ICSE 1995

Deductive Methods, Bounded Model Checking

Model Checking and Its Applications

GNATprove a Spark2014 verifying compiler Florian Schanda, Altran UK

Semantic Subtyping with an SMT Solver

Built-in Treatment of an Axiomatic Floating-Point Theory for SMT Solvers

Why3 where programs meet provers

Type Checking. Outline. General properties of type systems. Types in programming languages. Notation for type rules.

Leonardo de Moura and Nikolaj Bjorner Microsoft Research

versat: A Verified Modern SAT Solver

Outline. General properties of type systems. Types in programming languages. Notation for type rules. Common type rules. Logical rules of inference

Bit-Vector Approximations of Floating-Point Arithmetic

Specification, Verification, and Interactive Proof

Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories. ACSys Seminar

Computing Fundamentals 2 Introduction to CafeOBJ

Towards certification of TLA + proof obligations with SMT solvers

Flang typechecker Due: February 27, 2015

CS 320: Concepts of Programming Languages

SMTCoq: A plug-in for integrating SMT solvers into Coq

Counterexample-Driven Genetic Programming

12th International Satisfiability Modulo Theories Competition (SMT-COMP 2017): Rules and Procedures

Decision Procedures. An Algorithmic Point of View. Bit-Vectors. D. Kroening O. Strichman. Version 1.0, ETH/Technion

Data-Oriented System Development

SMT solvers for Rodin

Satisfiability Modulo Theories Competition (SMT-COMP) 2012: Rules and Procedures

Lost in translation. Leonardo de Moura Microsoft Research. how easy problems become hard due to bad encodings. Vampire Workshop 2015

Lecture 4. First order logic is a formal notation for mathematics which involves:

Reminder of the last lecture. Aliasing Issues: Call by reference, Pointer programs. Introducing Aliasing Issues. Home Work from previous lecture

Yices 1.0: An Efficient SMT Solver

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter 11 p. 1/38

argo-lib: A Generic Platform for Decision Procedures

Verifying Safety Property of Lustre Programs: Temporal Induction

Combining Static and Dynamic Contract Checking for Curry

Automated Reasoning. Natural Deduction in First-Order Logic

Type- & Example-Driven Program Synthesis. Steve Zdancewic WG 2.8, August 2014

Challenging Problems for Yices

Pierce Ch. 3, 8, 11, 15. Type Systems

Advances in Programming Languages

A Tour of CVC4. Tim King

COS 320. Compiling Techniques

Finding and Fixing Bugs in Liquid Haskell. Anish Tondwalkar

Coq, a formal proof development environment combining logic and programming. Hugo Herbelin

COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS

Pooya Saadatpanah, Michalis Famelis, Jan Gorzny, Nathan Robinson, Marsha Chechik, Rick Salay. September 30th, University of Toronto.

Representing and Manipulating Floating Points

Datatype declarations

LEARNING TO INSTANTIATE QUANTIFIERS

Overloading, Type Classes, and Algebraic Datatypes

On the Generation of Test Cases for Embedded Software in Avionics or Overview of CESAR

Overview. CS389L: Automated Logical Reasoning. Lecture 6: First Order Logic Syntax and Semantics. Constants in First-Order Logic.

Seminar in Software Engineering Presented by Dima Pavlov, November 2010

COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS

On partial order semantics for SAT/SMT-based symbolic encodings of weak memory concurrency

COUNTEREXAMPLE-GUIDED MODEL SYNTHESIS

1. true / false By a compiler we mean a program that translates to code that will run natively on some machine.

Rewriting Needs Constraints and Constraints Need Rewriting

Reasoning About Programs Panagiotis Manolios

CS558 Programming Languages

Deductive Program Verification with Why3, Past and Future

Interpolation-based Software Verification with Wolverine

Evaluating the SMT-LIB repository as a benchmark source for software verification

Chapter 10 Formal Specification

Representing and Manipulating Floating Points. Jo, Heeseung

TIP: Tools for Inductive Provers

EasyChair Preprint. A FOOLish Encoding of the Next State Relations of Imperative Programs

Lemmas on Demand for the Extensional Theory of Arrays

Transcription:

1 / 23 The SMT-LIB 2 Standard: Overview and Proposed New Theories Philipp Rümmer Oxford University Computing Laboratory philr@comlab.ox.ac.uk Third Workshop on Formal and Automated Theorem Proving and Applications Belgrade, Serbia 29 January 2010

Outline 2 / 23 Overview of SMT-LIB 2, comparison with version 1 Joint work by somebody else Set-theoretic datatypes for the SMT-LIB Finite sets, lists, maps, relations Joint work with Daniel Kroening, Georg Weissenbacher Floating-point arithmetic for the SMT-LIB Joint work with Thomas Wahl

The SMT-LIB Standard SMT Satisfiability Modulo Theories SMT-LIB is... a standardised input format for SMT solvers (since 2003) a standardised format for exchanging SMT problems a library of more than 90 000 SMT benchmarks the basis for the annual SMT competition (this year: on FLoC) Relevant for verification + program analysis tool: Krakatoa, Caduceus, ESC/Java2, Spec#, VCC, Havoc, Pex, CBMC, F7,... 3 / 23

Example in SMT-LIB Format (Version 1) (benchmark Ensures_Q_noinfer_2 :source { Boogie/Spec# benchmarks. } :logic AUFLIA :extrapreds (( InRange Int Int )) :extrafuns (( this Int )) :extrafuns (( intatleast Int Int Int )) :assumption (forall (?t Int) (?u Int) (?v Int) (implies (and (subtypes?t?u) (subtypes?u?v)) (subtypes?t?v)) :pat (subtypes?t?u) (subtypes?u?v)) :formula (not (implies (implies (implies (implies (and (forall (?o Int) (?F Int) (implies (and (=?o this) (=?F X)) (= (select2 H?o?F) 5))) (implies (forall (?o Int) (?F Int) (implies (and (=?o this) (=?F X)) (= (select2 H?o?F) 5))) (implies true true))) (= ReallyLastGeneratedExit_correct Smt.true)) (= ReallyLastGeneratedExit_correct Smt.true)) (= start_correct Smt.true)) (= start_correct Smt.true)))) 4 / 23

Example in SMT-LIB Format (Version 1) (benchmark Ensures_Q_noinfer_2 :source :logic Preamble + problem logic/category :extrapreds :extrafuns Problem signature: sorts, functions, predicates :extrafuns :assumption :formula Premises + axioms Verification condition ) 4 / 23

Versions of SMT-LIB Latest stable version 1.2 Introduced 2006 Supported by virtually all SMT solvers Theories: arrays, bit-vectors, integers, reals Upcoming version 2.0 Proposed July 2009 1 Improvements + simplifications over 1.2... next slides More flexible w.r.t. combination of theories But: semantics similar to 1.2 1 Working group: Clark Barrett, Sylvain Conchon, Bruno Dutertre, Jim Grundy, Leonardo de Moura, Albert Oliveras, Aaron Stump, Cesare Tinelli 5 / 23

The Brave New World (of SMT-LIB 2)

1. Sort Constructors 7 / 23 SMT-LIB 1 Only nullary sort constructors: :sorts (Int) :extrasorts (U T) Types are atomic: :extrafuns ((f T T)) SMT-LIB 2 Sort constructors of any arity: :sorts ((Array 2)) :extrasorts ((List 1) U T) Types can be compound: :extrafuns ((f T (Array U T)))

2. Theory Schemas SMT-LIB 1 Theories are monomorphic: (theory Int_Arrays :sorts (Int Array) :funs ((select Array Int Int) (store Array Int Int Array) )) SMT-LIB 2 Parametric polymorphism in theories: (theory Array :sorts ((Array 2)) :funs ((par (X Y) (select (Array X Y) X Y)) (par (X Y) (store (Array X Y) X Y (Array X Y))) )) 8 / 23

3. Symbol Overloading 9 / 23 SMT-LIB 1 Unique operator names: :sorts (Int) :funs ((~ Int Int) (- Int Int Int) (+ Int Int Int)) :sorts (BitVec) :funs ((bvneg BitVec BitVec)) SMT-LIB 2 Symbol overloading: :sorts (Int) :funs ((- Int Int) (- Int Int Int) (+ Int Int Int)) :sorts (BitVec) :funs ((- BitVec BitVec))

4. No Formula/Term Distinction 10 / 23 SMT-LIB 1 SMT-LIB 2 Formulae terms, predicates functions: :extrapreds ((divides Int Int)) :extrafuns ((succ Int Int)) Only terms can be function/predicate arguments Bool is simply a sort: :extrafuns ((divides Int Int Bool) (prime (Array Int Bool))) and, or, =,... are just functions Work-arounds: reflection, ite operator

5. Standardised Command Language 11 / 23 Text-based interface to SMT solvers: > (set-logic AUFLIA) > (declare-fun a () Int) > (declare-fun b () Int) > (assert (= (* 8 a) (* 4 b))) > (push) > (assert (forall ((x Int)) (not (= b (* 2 x))))) > (check-sat) unsat > (pop) Apparently: Interface will replace the old benchmark file format

Proposals for Additional SMT-LIB 2 Theories

Theories of Set-Theoretic Datatypes 13 / 23 We propose to add datatypes inspired by VDM-SL Tuples Lists (Finite) Sets (Finite) Partial Maps Main applications for us: Bounded Model Checking for C, C++ (CBMC) Model-based test-case generation (UML/OCL, Simulink/Stateflow, Lustre) Analysis of requirements + architecture specifications System development in Event-B, VDM

SMT-LIB 2 Theory Schemas 14 / 23 Tuples Sets Lists Maps (Tuple n T 1... T n ) (Set T) (List T) (Map S T) tuple (x 1,..., x n ) project x k product M 1 M n emptyset insert M {x} in subset union inter setminus \ card M nil [ ] cons x :: L head tail append length l nth l k inds {1,..., l } elems {l 1,..., l l } emptymap apply f (x) overwrite <+ domain range restrict subtract

Example: Verification Cond. Generated by VDMTools In VDM-SL notation: l : L(Z), i : N. ( i inds(l) j inds(l) \ {i}. j inds(l) ) In SMT-LIB notation: (forall ((l (List Int)) (i Int)) (implies (and (>= i 0) (in i (inds l))) (forall (j Int) (implies (in j (setminus (inds l) (insert i emptyset))) (in j (inds l)))))) 15 / 23

Status of the Proposal 16 / 23 Syntax + Semantics of theories is defined In collaboration with Cesare Tinelli Parser + type checker + converter to SMT-LIB 1 available (using a rather naive axiomatisation of the datatypes) Meaningful sublogics still to be identified We have a small initial collection of benchmarks More to be converted from Event-B VCs Further benchmarks would be welcome http://www.cprover.org/smt-lib-lsm/

Floating-Point Arithmetic (FPA) Binary floating-point numbers (IEEE 754-2008) where: F = { ( 1) s m 2 e (m, e) E, s {0, 1} } = {NaN, +,, 0,...} s... sign m... mantissa/significand e... exponent Standard mathematical operations + rounding (defined more or less ambiguously in IEEE 754-2008) Important for embedded software, control software, etc. 17 / 23

A Theory of Floating-Point Arithmetic (FPA) 18 / 23 So far: no SMT solvers with FPA support Correct reasoning about FPA is hard Precise encoding: hard for automatic solvers (but works for interactive proof assistants) Interval arithmetic: sound but imprecise, no models (bad for test cases) Rational arithmetic: only an approximation (unsound in certain settings) Main applications for us: Bounded model checking for Simulink/Stateflow Test-case generation

Abstraction for Floating-Point Arithmetic [FMCAD 09] 19 / 23 New reasoning approach: Precise SAT encoding combined with mixed over/under-approximation Outperforms naive SAT encoding + can generate models Prototypical implementation as part of CBMC Planned: move implementation to an SMT solver SMT-LIB interface is needed!

An SMT-LIB Theory of FPA (work in progress) Goals Model FPA core that is relevant for reasoning + verification Not considered: Exact error handling, bit-precise encoding,... Precise + concise definition of FPA semantics Useable syntax http://www.cprover.org/smt-lib-float/ 20 / 23

Example: FPA Problem in SMT-LIB 21 / 23 :extrafuns ((x (ind FP 11 53)) (y (ind FP 11 53))) :problem (exists ((z (ind FP 11 53))) (= (+ roundtowardzero x z) y)) 64-bit floating-point arithmetic (double precision) 11 bit exponent, 53 bit significand ind notation is used for indexed types (ind FP 11 53) means FP 11,53 + is ternary: first argument is rounding mode

Conclusion 22 / 23 Overview of SMT-LIB 2 Datatypes of sets, lists, maps, relations Floating-point arithmetic Trade-off when defining theories: Generality Implementation complexity Decidability good for users good for tool writers We hope that we have found a good compromise Feedback is welcome!

23 / 23 Thanks for your attention! Don t forget about... Logics for Systems Analysis LfSA 10 Workshop affiliated with LICS and IJCAR at FLoC July 15th 2010 Ad http://www.ls.cs.cmu.edu/lfsa10/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback