an introduction to satisfjability modulo theories
play

An Introduction to Satisfjability Modulo Theories Philipp Rmmer - PowerPoint PPT Presentation

Dec 08, 2023 •10 likes •420 views

An Introduction to Satisfjability Modulo Theories Philipp Rmmer Uppsala University Philipp.Ruemmer@it.uu.se February 11, 2020 1/41 Outline From theory ... From DPLL to DPLL(T) Slides courtesy of Alberto Griggio,

  1. An Introduction to Satisfjability Modulo Theories Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se February 11, 2020 1/41

  2. Outline ● From theory ... ● From DPLL to DPLL(T) ● Slides courtesy of Alberto Griggio, http://www.cs.nyu.edu/~barrett/summerschool/griggio.pdf ● … to practice ● SMT-LIB and some common theories ● http://rise4fun.com/z3 ● http://logicrunch.it.uu.se:4096/~wv/princess/ 2/41

  3. Typical Applications of SMT ● Deductive verifjcation ● Correctness of contracts, invariants ● Testing, symbolic execution ● Path feasibility ● Bounded model checking ● Reachability of errors within k steps ● Model checking ● Finite-state abstraction of programs 3/41

  4. Broader Applications i = 0; x = j; while (i < 50) { i++; x++; } if (j == 0) assert (x >= 50); 4/41

  5. ATP and SMT 5/41

  6. ATP and SMT ATP: Classical methods: ”Big Resolution, Engines Superposition, Tableaux, of Proof” Model Evolution, etc. 6/41

  7. ATP and SMT ATP: Classical methods: ”Big Resolution, Engines Superposition, Tableaux, of Proof” Model Evolution, etc. SMT: Collaborative meth.: “little Propositional → SAT Lin. arithmetic → Simplex engines” Functions → EUF ... 7/41

  8. ATP and SMT ATP: Classical methods: ”Big Resolution, Engines Superposition, Tableaux, of Proof” Model Evolution, etc. SMT: Collaborative meth.: ? “little Propositional → SAT Lin. arithmetic → Simplex engines” Functions → EUF ... 8/41

  9. We know how to … Solve Boolean formulas effjciently: ● DPLL, CDLL ● Implemented in SAT solvers Solve conjunctive constr. effjciently: ● Linear arithmetic: LP, ILP, MIP ● Finite domains: CP, local search ● etc. 9/41

  10. We know how to … ??? Solve Boolean formulas effjciently: ● DPLL, CDLL ● Implemented in SAT solvers Solve conjunctive constr. effjciently: ● Linear arithmetic: LP, ILP, MIP ● Finite domains: CP, local search ● etc. 10/41

  11. Example! 11/41

  12. SAT and SMT Def.: SAT Solver Input: Propositional formula C in n variables Output: C sat + satisfying assignment (model) C unsat [+ Proof] Def.: SAT Modulo Theories Solver Input: First-order formula C in n variables and theories T 1 , …, T m Output: C sat + satisfying assignment (model) C unsat [+ Proof] 12/41

  13. SAT and SMT Def.: SAT Solver Input: Propositional formula C in n variables Output: C sat + satisfying assignment (model) C unsat [+ Proof] Also called a solution Def.: SAT Modulo Theories Solver Input: First-order formula C in n variables and theories T 1 , …, T m Output: C sat + satisfying assignment (model) C unsat [+ Proof] 13/41

  14. Some SMT solvers ● Z3 ● CVC4 ● MathSAT ● Yices ● OpenSMT ● Boolector ● SMTInterpol 14/41

  15. SMT in Uppsala TRAU Z3-TRAU Norn TRAU+ Sloth Ostrich Ostrich+ Princess ePrincess UppSAT Z3 mcBV 15

  16. SMT in Uppsala TRAU Z3-TRAU Norn TRAU+ General-purpose Sloth Ostrich Ostrich+ Princess ePrincess UppSAT Z3 Just mcBV 16 contributing ...

  17. SMT in Uppsala String TRAU Z3-TRAU solvers Norn TRAU+ Sloth Ostrich Ostrich+ Princess ePrincess UppSAT Z3 mcBV 17

  18. SMT in Uppsala TRAU Z3-TRAU Norn TRAU+ Sloth Ostrich Ostrich+ First-order Princess ePrincess UppSAT Z3 mcBV 18

  19. SMT in Uppsala TRAU Z3-TRAU Norn TRAU+ Sloth Ostrich Ostrich+ Princess Low-level machine ePrincess UppSAT arithmetic Z3 mcBV 19

  20. Typical Architecture Queries Verifjer, model SAT/SMT checker, solver etc. Answer (model, proof) 20/41

  21. 21/41

  22. SMT-LIB ● Standardised interface for SMT solvers, supported by most tools ● Rich set of features, many theories ● Comes with a large library of benchmarks; yearly competition SMT-COMP → Organiser until 2018: Tjark Weber ! ● http://www.smtlib.org 22/41

  23. Tutorial ... 23/41

  24. Tutorial ... ● Every 32bit number x that is a power of 2 has the property that x & (x – 1) == 0 (and vice versa) 24/41

  25. Important SMT-LIB commands ● (set-logic QF_BV) (set-option …) ● (declare-const b (_ BitVec 8)) (declare-fun f ((x (_ BitVec 2))) Bool) ● (assert (= b #b10100011)) ● (check-sat) ● (get-value (b)), (get-model) ● (get-unsat-core) ● (push 1), (pop 1) ● (reset), (exit) 25/41

  26. Important SMT-LIB commands Z3, and many ● (set-logic QF_BV) solvers don't care ... (set-option …) ● (declare-const b (_ BitVec 8)) (declare-fun f ((x (_ BitVec 2))) Bool) ● (assert (= b #b10100011)) ● (check-sat) ● (get-value (b)), (get-model) ● (get-unsat-core) ● (push 1), (pop 1) ● (reset), (exit) 26/41

  27. Important SMT-LIB commands Z3, and many ● (set-logic QF_BV) solvers don't care ... (set-option …) ● (declare-const b (_ BitVec 8)) (declare-fun f ((x (_ BitVec 2))) Bool) ● (assert (= b #b10100011)) ● (check-sat) In CP or MIP, this would be called ● (get-value (b)), (get-model) assume or constraint ● (get-unsat-core) ● (push 1), (pop 1) ● (reset), (exit) 27/41

  28. The assertion stack ● Holds both assertions and declarations, but no options ● Important for incremental use of solver ● (push n ) → add n new frames to the stack ● (pop n ) → pop n frames from the stack 28/41

  29. General SMT-LIB constructors ● (and …), (or …), (not …), (=> …) ● (= b c) ● (ite (= b c) #b101 #b011) ● (let ((a #b001) (b #b010)) (= a b)) ● (exists ((x (_ BitVec 2))) (= #b101 x)) (forall …) ● (! (= b c) :named X) 29/41

  30. Main SMT-LIB Bit-vector ops. http://smtlib.cs.uiowa.edu/logics-all.shtml#QF_BV ● (_ BitVec 8) ● #b1010, #xff2a, (_ bv42 32) ● (= (concat #b1010 #b0011) #b10100011) ● (= ((_ extract 1 3) #b10100011) #b010) ● Unary: bvnot, bvneg ● Binary: bvand, bvor, bvadd, bvmul, bvudiv, bvurem, bvshl, bvlshr ● (bvult #b0100 #b0110) ● And many more derived operators ... 30/41

  31. BMC: straight-line programs int x, y; x = x * x; y = x + 1; assert(y > 0); 31/41

  32. BMC: straight-line programs Z3-specifjc int x, y; x = x * x; (set-option :pp.bv-literals false) y = x + 1; (declare-const x0 (_ BitVec 32)) (declare-const y0 (_ BitVec 32)) assert(y > 0); (declare-const x1 (_ BitVec 32)) (declare-const y1 (_ BitVec 32)) (assert (= x1 (bvmul x0 x0))) (assert (= y1 (bvadd x1 (_ bv1 32)))) (assert (not (bvsgt y1 (_ bv0 32)))) (check-sat) (get-model) Signed comparison 32/41

  33. Modelling of Program Variables ● An SMT-LIB constant represents a single value ● Just like mathematical variables ● Program variables can be reassigned … how to model computations? ● Main idea: every assignment creates a new “version” of a variable ● x0 / y0 vs. x1 / y1 in example 33/41

  34. Modelling of Program Variables ● An SMT-LIB constant represents a single value ● Just like mathematical variables ● Program variables In compilers, this is called can be reassigned … how “Single Static Assignment” to model computations? form (SSA) ● Main idea: every assignment creates a new “version” of a variable ● x0 / y0 vs. x1 / y1 in example 34/41

  35. BMC: conditional branching int x, y; if (x > 0) y = x; else y = -x; assert(y >= 0); 35/41

  36. BMC: conditional branching int x, y; (set-option :pp.bv-literals false) (declare-const x0 (_ BitVec 32)) if (x > 0) (declare-const y0 (_ BitVec 32)) (declare-const y1a (_ BitVec 32)) y = x; (declare-const y1b (_ BitVec 32)) else (declare-const y2 (_ BitVec 32)) (declare-const b Bool) y = -x; (assert (= b (bvsgt x0 (_ bv0 32)))) assert(y >= 0); (assert (=> b (= y1a x0))) (assert (=> (not b) (= y1b (bvneg x0)))) (assert (= y2 (ite b y1a y1b))) (assert (not (bvsge y2 (_ bv0 32)))) (check-sat) (get-model) 36/41

  37. Alternative method: path-wise exploration int x, y x > 0 !(x > 0) y = x y = -x assert(...) 37/41

  38. Alternative method: path-wise exploration ● Each query int x, y smaller, but possibly x > 0 !(x > 0) exponentially many paths y = x y = -x ● Learning similar to CDCL can be used to avoid analysing all paths assert(...) 38/41

  39. Conclusions ● Most important idea in this lecture: Lazy encoding of formulas to SAT ● SMT solvers are ... ● Usually optimised for verifjcation: Good at proving unsat ● Able to handle infjnite domains: Arithmetic, arrays, strings, etc. ● Side-efgect: restricted set of operators: Capture decidable domains ● Good at propositional reasoning 39/41

  40. Conclusions Compare to relaxations ● Most important idea in this lecture: Lazy encoding of formulas to SAT ● SMT solvers are ... ● Usually optimised for verifjcation: Good at proving unsat ● Able to handle infjnite domains: Arithmetic, arrays, strings, etc. ● Side-efgect: restricted set of operators: Capture decidable domains ● Good at propositional reasoning 40/41

  41. Outlook ● Various further topics: ● More theories: ADTs, fmoats, strings, etc. ● Handling of quantifjers ● Fixed-point computation ● MaxSAT/MaxSMT ● Optimising SMT ● More lecture slides: ● http://ssa-school-2016.it.uu.se/ ● http://www.sc-square.org/CSA/school/ ● http://ssa-school-2018.cs.manchester.ac.uk/ 41/41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert

Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert

Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert Oliveras Enric Rodr guez-Carbonell May 31, 2019 Satisfiability Modulo Theories Some problems are more naturally expressed in other logics than

752 views • 33 slides
Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories Yeting Ge 1

Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories Yeting Ge 1

Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories Yeting Ge 1 Leonardo de Moura 2 1 New York University 2 Microsoft Research 7th International Workshop on Satisfiability Modulo Theories Aug 3, 2009 Montreal, Canada

1.33k views • 86 slides
SAT Modulo Monotonic Theories Sam Bayless , Noah Bayless , Holger H. Hoos , Alan J. Hu

SAT Modulo Monotonic Theories Sam Bayless , Noah Bayless , Holger H. Hoos , Alan J. Hu

SAT Modulo Monotonic Theories Sam Bayless , Noah Bayless , Holger H. Hoos , Alan J. Hu University of British Columbia Point Grey Secondary School Sam Bayless (UBC) SAT Modulo Monotonic Theories 1 / 0 Procedural Content

768 views • 28 slides
Sa#sfiability Modulo Theories and Network Verifica#on Nikolaj

Sa#sfiability Modulo Theories and Network Verifica#on Nikolaj

Sa#sfiability Modulo Theories and Network Verifica#on Nikolaj Bjrner Microso1 Research Formal Methods and Networks Summer School Ithaca, June

517 views • 36 slides
G22.2390-001 Logic in Computer Science Fall 2009 Lecture 10 1 Review Satisfiability Modulo

G22.2390-001 Logic in Computer Science Fall 2009 Lecture 10 1 Review Satisfiability Modulo

G22.2390-001 Logic in Computer Science Fall 2009 Lecture 10 1 Review Satisfiability Modulo Theories Theory Solvers Combining Decision Procedures Abstract DPLL Modulo Theories Example Application: Translation Validation 2

470 views • 35 slides
Satisfiability Modulo Theories SMT solvers are finding their way in many different application

Satisfiability Modulo Theories SMT solvers are finding their way in many different application

Applications of SMT solvers Alessandro Cimatti Embedded System Unit Fondazione Bruno Kessler Trento, Italy cimatti@fbk.eu Applications of SMT solvers @ SAT/SMT School, Helsinki, July 2013 Satisfiability Modulo Theories SMT solvers are

1.09k views • 27 slides
Abstract DPLL and Abstract DPLL Modulo Theories Robert Nieuwenhuis 1 , Albert Oliveras 1 , and

Abstract DPLL and Abstract DPLL Modulo Theories Robert Nieuwenhuis 1 , Albert Oliveras 1 , and

Abstract DPLL and Abstract DPLL Modulo Theories Robert Nieuwenhuis 1 , Albert Oliveras 1 , and Cesare Tinelli 2 1 Technical University of Catalonia 2 The University of Iowa Abstract DPLL and Abstract DPLL Modulo Theories p.1/24 Overview of

842 views • 29 slides
Expressing theories in the -calculus modulo theory and in the Dedukti system Gilles Dowek

Expressing theories in the -calculus modulo theory and in the Dedukti system Gilles Dowek

Expressing theories in the -calculus modulo theory and in the Dedukti system Gilles Dowek With Ali Assaf, Guillaume Burel, Rapha el Cauderlier, David Delahaye, Catherine Dubois, Fr ed eric Gilbert, Pierre Halmagrand, Olivier

383 views • 13 slides
Generating Optimal Scheduling for Wireless Sensor Networks by Using Optimization Modulo Theories

Generating Optimal Scheduling for Wireless Sensor Networks by Using Optimization Modulo Theories

Generating Optimal Scheduling for Wireless Sensor Networks by Using Optimization Modulo Theories Solvers Gergely Kov asznai, Csaba Bir o and Bal azs Erd elyi IoT Research Institute Eszterhazy Karoly University Eger, Hungary

890 views • 39 slides
Satisfiability Modulo Theories and Assignments Maria Paola Bonacina, Stphane Graham-Lengrand,

Satisfiability Modulo Theories and Assignments Maria Paola Bonacina, Stphane Graham-Lengrand,

Satisfiability Modulo Theories and Assignments Maria Paola Bonacina, Stphane Graham-Lengrand, and Natarajan Shankar Uni. degli Studi di Verona - CNRS - SRI International CADE, 8th August 2017 1/39 This talk is about the quantifier-free core

2.09k views • 180 slides
11th International Satisfiability Modulo Theories Competition SMT-COMP 2016 Sylvain Conchon

11th International Satisfiability Modulo Theories Competition SMT-COMP 2016 Sylvain Conchon

11th International Satisfiability Modulo Theories Competition SMT-COMP 2016 Sylvain Conchon David D eharbe Matthias Heizmann Tjark Weber The Numbers 17 teams participated Solvers: Main track 25 2 non-competitive Application

695 views • 22 slides
13th International Satisfiability Modulo Theories Competition SMT-COMP 2018 Matthias Heizmann

13th International Satisfiability Modulo Theories Competition SMT-COMP 2018 Matthias Heizmann

13th International Satisfiability Modulo Theories Competition SMT-COMP 2018 Matthias Heizmann Aina Niemetz Giles Reger Tjark Weber Outline Design and scope Main changes from last years competition Short presentation of solvers

794 views • 65 slides
Satisfiability Modulo Theories and Z3 Nikolaj Bjrner Microsoft Research ReRISE Winter School,

Satisfiability Modulo Theories and Z3 Nikolaj Bjrner Microsoft Research ReRISE Winter School,

Satisfiability Modulo Theories and Z3 Nikolaj Bjrner Microsoft Research ReRISE Winter School, Linz, Austria February 3, 2014 SMT : Basic Architecture Theory SAT SMT Solvers Equality + UF Arithmetic Case Analysis Bit-vectors Nikolaj is

681 views • 55 slides
Integrating Answer Set Programming and Satisfiability Modulo Theories Ilkka Niemel Department

Integrating Answer Set Programming and Satisfiability Modulo Theories Ilkka Niemel Department

Integrating Answer Set Programming and Satisfiability Modulo Theories Ilkka Niemel Department of Information and Computer Science Aalto University Ilkka.Niemela@aalto.fi (Joint work with Tomi Janhunen) Deduction at Scale, Schloss Ringberg,

585 views • 26 slides
Tree grammars for induction on inductive data types modulo equational theories Gabriel Ebner,

Tree grammars for induction on inductive data types modulo equational theories Gabriel Ebner,

Tree grammars for induction on inductive data types modulo equational theories Gabriel Ebner, Stefan Hetzl WAIT 2018 2018-06-28 TU Wien Introduction Proofs and tree grammars Inductive proving using tree grammars Evaluation Conclusion 1

585 views • 33 slides
EJCP 2016 Model Checking Modulo Theories with Cubicle Sylvain Conchon LRI (UMR 8623),

EJCP 2016 Model Checking Modulo Theories with Cubicle Sylvain Conchon LRI (UMR 8623),

EJCP 2016 Model Checking Modulo Theories with Cubicle Sylvain Conchon LRI (UMR 8623), Universit e Paris-Sud Equipe Toccata, INRIA Saclay Ile-de-France 1 Cubicle An SMT based model checker for parameterized systems 2 Contents

1.74k views • 140 slides
Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan)

Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan)

3/12/20 Cases &amp; Straps Mounts, stands, clamps. Types of Scanning 1 Switch Automatic Step/Dwell Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan) Switches SG SGD Sc Scan an

270 views • 4 slides
Defending Microsoft environments at scale Vineet Bhatia (@ThreatHunting) 15 Mar 2018 Agenda

Defending Microsoft environments at scale Vineet Bhatia (@ThreatHunting) 15 Mar 2018 Agenda

Defending Microsoft environments at scale Vineet Bhatia (@ThreatHunting) 15 Mar 2018 Agenda Introduction and Background Microsoft security stack in Windows 10 Defense model based on MITRE ATTACK and the Microsoft stack Event data

340 views • 31 slides
Instantiation-based Methods and Equality Instantiation-based methods Decision procedure for

Instantiation-based Methods and Equality Instantiation-based methods Decision procedure for

ormal ethods roup iProver-Eq: An Instantiation-based Theorem Prover with Equality Konstantin Korovin and Christoph Sticksel (joint work with Renate Schmidt) The University of Manchester 17th July 2010 1 Konstantin Korovin and

318 views • 18 slides
The Petri Net Model of the Sucrose- to- Starch Breakdown in the potato tuber Ina Koch

The Petri Net Model of the Sucrose- to- Starch Breakdown in the potato tuber Ina Koch

The Petri Net Model of the Sucrose- to- Starch Breakdown in the potato tuber Ina Koch Technical University of Applied Sciences Berlin ina.koch@tfh-berlin.de Monika Heiner Brandenburg University of Technology at Cottbus

631 views • 41 slides
EPC: Extended Path Coverage for Measurement-based Probabilistic Timing Analysis M. Ziccardi ,

EPC: Extended Path Coverage for Measurement-based Probabilistic Timing Analysis M. Ziccardi ,

EPC: Extended Path Coverage for Measurement-based Probabilistic Timing Analysis M. Ziccardi , E. Mezzetti and T. Vardanega J. Abella and F.J. Cazorla University of Padua BSC Spanish National Research Council

707 views • 28 slides
Thinking Like a Geologist About Nuclear Change III UNIT 7 DAY 3 What are we going to learn

Thinking Like a Geologist About Nuclear Change III UNIT 7 DAY 3 What are we going to learn

Thinking Like a Geologist About Nuclear Change III UNIT 7 DAY 3 What are we going to learn today? Quantify Nuclear Decay Rate of Change Radioactive Decay just happens REVIEW BAND OF STABILITY

512 views • 18 slides
Jin Huang (BNL) PHENIX experiment An EIC detector 16y+ operation Comprehensive central Path of

Jin Huang (BNL) PHENIX experiment An EIC detector 16y+ operation Comprehensive central Path of

Jin Huang (BNL) PHENIX experiment An EIC detector 16y+ operation Comprehensive central Path of PHENIX upgrade upgrade base on previous leads to a capable EIC Broad spectrum of BaBar magnet detector physics 180+ physics

336 views • 29 slides
Concept 17.4: Translation is the RNA-directed synthesis of a polypeptide: a closer look A cell

Concept 17.4: Translation is the RNA-directed synthesis of a polypeptide: a closer look A cell

Concept 17.4: Translation is the RNA-directed synthesis of a polypeptide: a closer look A cell translates an mRNA message into protein with the help of transfer RNA (tRNA) Molecules of tRNA are not identical: Each carries a specific

634 views • 16 slides

More recommend