extending acl2 with smt solvers
play

Extending ACL2 with SMT solvers Yan Peng & Mark Greenstreet - PowerPoint PPT Presentation

May 08, 2023 •148 likes •537 views

Motivation Integration architecture Customizing Smtlink Summary and Future work Extending ACL2 with SMT solvers Yan Peng & Mark Greenstreet University of British Columbia October 2nd, 2015 Smtlink handles tedious details of proofs so you

  1. Motivation Integration architecture Customizing Smtlink Summary and Future work Extending ACL2 with SMT solvers Yan Peng & Mark Greenstreet University of British Columbia October 2nd, 2015 Smtlink handles tedious details of proofs so you can focus on the interesting parts. 1 / 24

  2. Motivation Integration architecture Customizing Smtlink Summary and Future work Contents Motivation 1 AMS verification Examples Motivation Integration architecture 2 Architecture Interesting issues Soundness Customizing Smtlink 3 Customization interface Customizing Smtlink Our digital PLL proof example Summary and Future work 4 2 / 24

  3. Motivation AMS verification Integration architecture Examples Customizing Smtlink Motivation Summary and Future work The digital Phase-Locked Loop example[CNA10] � Center � 0:23 15:23 Coarse Σ DAC − code Frequency 0:14 discarded F ref Control Bang−Bang BBPFD Σ Frequency 0:7 Control F ref PFD Linear DCO v c Φ + up ref Phase Φ DCO φ − dn Control Φ DCO/N ÷ N A PLL is a feedback control system that, given an input reference clock f ref , it outputs a clock at a frequency f DCO that’s N times of the input clock frequency and aligned with the reference in phase. Analog/Mixed-Signal design are composed of both analog and digital circuits. 3 / 24

  4. Motivation AMS verification Integration architecture Examples Customizing Smtlink Motivation Summary and Future work Modelling the digital PLL The digital PLL is naturally modelled using non-linear recurrences that update the state variables on each rising edge of φ ref . c ( i + 1) = next c ( c ( i ) , v ( i ) , φ ( i )) v ( i + 1) = next v ( c ( i ) , v ( i ) , φ ( i )) next φ ( c ( i ) , v ( i ) , φ ( i )) 1 φ ( i + 1) = 1 Three state variables: capacitance setting c (digital), supply voltage v (linear), phase correction φ (time-difference of digital transitions). 4 / 24

  5. Motivation AMS verification Integration architecture Examples Customizing Smtlink Motivation Summary and Future work Modelling the digital PLL In more details, c ( i + 1) = saturate( c ( i ) + g c sgn( φ ( i )) , c min , c max ) v ( i + 1) = saturate( v ( i ) + g v ( c center − c ( i )) , v min , v max ) φ ( i + 1) = wrap( φ ( i ) + ( f dco ( c ( i ) , v ( i )) − f ref ) − g φ φ ( i )) 1+ α v f dco ( c , v ) = 1+ β c f 0 saturate( x , lo , hi ) = min(max( x , lo ) , hi ) wrap( φ ) = wrap( φ + 1) , if φ ≤ − 1 = φ, if − 1 < φ < 1 = wrap( φ − 1) , if 1 ≤ φ Turns out to be a relatively large system of non-linear arithmetic formulas. 4 / 24

  6. Motivation AMS verification Integration architecture Examples Customizing Smtlink Motivation Summary and Future work Convergence 0.01 � (continuous) 0.005 0 � 0.005 c 1 c 2 � (2n � 1) � 0.01 � 0.015 � 5 0 5 10 c (quantized) Requires reasoning about sequences of states. We want to show that each crossing of φ = 0 is closer to the origin than the previous one. 5 / 24

  7. Motivation AMS verification Integration architecture Examples Customizing Smtlink Motivation Summary and Future work Example: polynomial inequalities Do you sometimes find it frustrating to prove a theorem like this? 3 0.5 2 0.4 1 0.3 0 y y 0.2 -1 0.1 -2 0 -3 -0.1 -3 -2 -1 0 1 2 3 1 1.05 1.1 1.15 X X 1 (defthm poly-ineq-example-a (implies (and (rationalp x) (rationalp y) 2 (<= (+ (* 4/5 x x) (* y y)) 1) 3 (<= (- (* x x) (* y y)) 1)) 4 (<= y (- (* 3 (- x 17/8) (- x 17/8)) 3)))) 5 6 / 24

  8. Motivation AMS verification Integration architecture Examples Customizing Smtlink Motivation Summary and Future work Example: higher order polynomial inequalities Maybe this? With a higher order term? 3 0.5 2 0.4 1 0.3 0 y y 0.2 -1 0.1 -2 0 -3 -0.1 -3 -2 -1 0 1 2 3 1 1.05 1.1 1.15 1.2 1.25 X X 1 (defthm poly-ineq-example-b (implies (and (rationalp x) (rationalp y) 2 (<= (+ (* 2/3 x x) (* y y)) 1) 3 (<= (- (* x x) (* y y)) 1)) 4 (<= y (+ 2 (- (* 4/9 x)) (- (* x x x x)) (* 5 1/4 x x x x x x)) ))) 7 / 24

  9. Motivation AMS verification Integration architecture Examples Customizing Smtlink Motivation Summary and Future work Example: exponential functions Or even this one with exponential functions? # 10 -5 z=0.5,n=3,m=2 z=0.5,n=20,m=15 0.5 7 0.4 6 0.3 5 0.2 function 4 function 0.1 3 0 2 -0.1 1 -0.2 0 -0.3 -1 -1 0 1 1 -1 0 -1 0 1 1 0.5 0 -0.5 -1 y x y x 1 (defun ||x^2+y^2||^2 (x y) (+ (* x x) (* y y))) 2 (defthm poly-of-expt-example (implies (and (rationalp x) (rationalp y) (rationalp z) 3 (integerp m) (integerp n) 4 (< 0 z) (< z 1) (< 0 m) (< m n)) 5 (<= (* 2 (expt z n) x y) 6 (* (expt z m) (||x^2+y^2||^2 x y) )))) 7 8 / 24

  10. Motivation AMS verification Integration architecture Examples Customizing Smtlink Motivation Summary and Future work Motivation 1 Motivation: provide better proof capabilities for AMS and other physical systems. 2 ACL2 provides extensive support for induction proofs and for structuring large, complicated proofs. 3 Z3 has automatic procedures for solving arithmetic formulas. No direct support for induction. Need to avoid “too much information” – important to give Z3 the relevant facts to keep the problems tractable. 9 / 24

  11. Motivation Architecture Integration architecture Interesting issues Customizing Smtlink Soundness Summary and Future work Starting with a clause processor Clause Original … C n C 1 ^ C 2 ^ ^ Clause G Processor Clause returned by clause processor SMT C 1 ^ C 2 ^ ... ^ C n ) G solver Verified clause processor & trusted clause processor. We use a trusted clause processor for the integration. We utilize clauses C 1 , C 2 ... C n to get ACL2 to check many of the steps of our translation. 10 / 24

  12. Motivation Architecture Integration architecture Interesting issues Customizing Smtlink Soundness Summary and Future work Two-step translation architecture lisp (ACL2) python (z3) translation translation G ′ , A 1 , A 2 , ..., A m step 1 step 2 original expanded G SMT G expand & translate clause clause SMT clause simplify to smt−py ACL2 (lisp) ACL2 (lisp) (python) original expanded ¬ G SMT acl2SMT generate (implies (proven) Not(clause) Z3 return expanded satisfiable? clause original) yes A 1 ∧ A 2 ∧ ... ∧ A m ∧ ( G ′ ⇒ G ) return generate sat, unsat, return false unsat ? or unknown no clause First translation step: clause transformation Second translation step: transliteration 11 / 24

  13. Motivation Architecture Integration architecture Interesting issues Customizing Smtlink Soundness Summary and Future work Extract type predicates G T T G Clause Original C 1 Clause G Processor Extract type predicates SMT C 1 = ( T ∨ G ) ∧ (( T ⇒ G T ) ⇒ G ) solver ACL2 is not typed while Z3 is typed. It is common for the users to include type-recognizers in the hypotheses. We are currently translating rationalp in ACL2 into real s in Z3. 12 / 24

  14. Motivation Architecture Integration architecture Interesting issues Customizing Smtlink Soundness Summary and Future work Extract type predicates G T T G Clause Original C 1 Clause G Processor Extract type predicates SMT C 1 = ( T ∨ G ) ∧ (( T ⇒ G T ) ⇒ G ) solver (implies (and (rationalp x) (rationalp y) (rationalp z) (integerp m) (integerp n) (< 0 z) (< z 1) (< 0 m) (< m n)) G (<= (* 2 (expt z n) x y) (* (expt z m) (||x^2+y^2||^2 x y) ))) (and (rationalp x) (rationalp y) (rationalp z) T (integerp m) (integerp n)) (implies (and (< 0 z) (< z 1) (< 0 m) (< m n)) (<= (* 2 (expt z n) x y) G T (* (expt z m) (||x^2+y^2||^2 x y) ))) 12 / 24

  15. Motivation Architecture Integration architecture Interesting issues Customizing Smtlink Soundness Summary and Future work Expand functions Extract type predicates G F G Clause Original ^ C 1 C 2 Clause G Processor Expand functions SMT C 2 = ( T func ∨ G ) ∧ ( G F ⇒ G ) solver Functions are expanded into primitive functions. Recursive functions are expanded to a user specified level then replaced with a variable of appropriate type. Uninterpreted functions stay the same. 13 / 24

  16. Motivation Architecture Integration architecture Interesting issues Customizing Smtlink Soundness Summary and Future work Expand functions Extract type predicates G G F Clause Original ^ C 1 C 2 Clause G Processor Expand functions SMT C 2 = ( T func ∨ G ) ∧ ( G F ⇒ G ) solver (rationalp (||x^2+y^2||^2 x y)) T func function type clause (||x^2+y^2||^2 x y) function expansion ((lambda (VAR1 VAR2) (+ (* VAR1 VAR1) (* VAR2 VAR2))) x y) 13 / 24

  17. Motivation Architecture Integration architecture Interesting issues Customizing Smtlink Soundness Summary and Future work Revisit the expt proof Let’s take a look at the expt theorem again: 1 (defun ||x^2+y^2||^2 (x y) (+ (* x x) (* y y))) 2 (defthm poly-of-expt-example (implies (and (rationalp x) (rationalp y) (rationalp z) 3 (integerp m) (integerp n) 4 (< 0 z) (< z 1) (< 0 m) (< m n)) 5 (<= (* 2 (expt z n) x y) 6 (* (expt z m) (||x^2+y^2||^2 x y) )))) 7 The reason that this is a theorem is because: 0 < z < 1 and 0 < m < n ⇒ 0 < z n < z m 2 xy ≤ x 2 + y 2 14 / 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya http://staff.computing.dundee.ac.uk/katya/acl2ml/ 12 July 2014 ACL214 J. Heras ACL2(ml): Machine-Learning for ACL2 1/23 Outline Some Challenges in ACL2 1 An overview of

871 views • 56 slides
Extending DPLL-Based QBF Solvers to Handle Free Variables Will Klieber , Mikol a s Janota,

Extending DPLL-Based QBF Solvers to Handle Free Variables Will Klieber , Mikol a s Janota,

Extending DPLL-Based QBF Solvers to Handle Free Variables Will Klieber , Mikol a s Janota, Joao Marques-Silva, Edmund Clarke July 9, 2013 1 Open QBF Closed QBF: All variables quantified; answer is True or False. Open QBF: Contains

472 views • 46 slides
Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming Introduction ACL2 ( r ) is a variant of ACL2 that supports the irrational numbers It is distributed with the ACL2 sources The foundations of ACL2

479 views • 29 slides
Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2 Workshop, FLoC, Seattle, August 16, 2006 1 Introduction ACL2 provides a powerful congruence-based rewriting capability. However, some have

537 views • 19 slides
Combining ACL2 and an Automated Verification Tool to Verify a Multiplier Jun Sawada and Erik

Combining ACL2 and an Automated Verification Tool to Verify a Multiplier Jun Sawada and Erik

Combining ACL2 and an Automated Verification Tool to Verify a Multiplier Jun Sawada and Erik Reeber IBM Austin Research Laboratory University of Texas at Austin August 16, 2006 Introduction Implemented prototype mechanism for extending

404 views • 19 slides
How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1

How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1

How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1 Introduction (1) ACL2 Version 3.5 was released in May, 2009. Release note items (see :DOC release-notes) since then: (+ 41 ; 3.6 (8/2009) 3 ;

622 views • 49 slides
Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a

Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a

Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a logic of total functions. Some recursive equations have no satisfying ACL2 functions: No ACL2 function g satisfies this recursive equation

518 views • 35 slides
Motivation SMT-solvers are routinely used in program analysis: Deductive program verification

Motivation SMT-solvers are routinely used in program analysis: Deductive program verification

Extending the Theory of Arrays: st , , and Beyond Stephan Falke , Florian Merz, and Carsten Sinz INSTITUTE FOR THEORETICAL COMPUTER SCIENCE (ITI) 0 08.07.2013 S. Falke , F. Merz, C. Sinz - Extending the Theory of

913 views • 69 slides
A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro Coglio Kestrel Institute Workshop 2018 ATJ Java code generator for ACL2 (ACL2 To Java) based on AIJ deep embedding of ACL2 in Java (ACL2 In Java)

901 views • 38 slides
Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu Northeastern University Boston, MA, USA 1 ACL2 2 ACL2 Formal verification based on pure, first-order Common Lisp. Used to model critical

909 views • 61 slides
Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop 2018 This talk is for hint abusers This might be you if: You cant be bothered to figure out a good rewriting strategy You just dont know

541 views • 30 slides
Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon

Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon

Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon Austel IBM IBM Outline Outline What a typed ACL2 might look like Vague proposal concerning how to change ACL2 to allow experimentation with type

873 views • 19 slides
Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using

Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using

Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using SMT-LIB 2.5 Clifford Wolf 1 Abstract Bounded model checking and other SAT-based formal methods are an important part of todays digital design

773 views • 52 slides
DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August

DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August

DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August 16, 2006 1 Undergraduate Software Engineering Page teaches two SE courses at Oklahoma U. Covers usual topics - specification, documentation,

557 views • 51 slides
A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik Reeber {reeber,hunt}@cs.utexas.edu The University of Texas ACL2 Workshop, August 16 , 2006 Introduction The ACL2 theorem prover is great

252 views • 22 slides
Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals Given a state machine, we want : A termination proof: from a set of starting states, a desired goal state will always eventually be reached. An

423 views • 26 slides
Quantum gas microscopy of the Fermi-Hubbard model in new regimes Peter Schauss, Princeton

Quantum gas microscopy of the Fermi-Hubbard model in new regimes Peter Schauss, Princeton

Quantum gas microscopy of the Fermi-Hubbard model in new regimes Peter Schauss, Princeton University Debayan Mitra, Peter Brown, Elmer Guardado-Sanchez, Stanimir Kondov, Trithep Devakul, David Huse, Waseem Bakr Ehsan Khatami, Thereza Paiva,

654 views • 34 slides
Entanglement spectrum of AKLT like states - effective field theory approach A. Tanaka, National

Entanglement spectrum of AKLT like states - effective field theory approach A. Tanaka, National

NQS 2017 Oct 27, YITP, Kyoto Entanglement spectrum of AKLT like states - effective field theory approach A. Tanaka, National Institute for Materials Science w. S. Takayoshi, Geneva U. References AT Nov. 2017 issue of in

593 views • 33 slides
Vision Camera Computer Network Communication Interface 3/51 O VERVIEW Wired Networks

Vision Camera Computer Network Communication Interface 3/51 O VERVIEW Wired Networks

C LUSTER -B ASED D ISTRIBUTED F ACE T RACKING IN C AMERA N ETWORKS Josiah Yoder Robot Vision Lab Purdue University 9 September 2011 1/51 I NTRODUCTION C AMERA N ETWORKS 2/51 A C AMERA N ODE Vision Camera Computer Network

1.15k views • 71 slides
Lifshitz Hydrodynamics Adiel Meyer Tel-Aviv University adielmey@post.tau.ac.il February 9, 2016

Lifshitz Hydrodynamics Adiel Meyer Tel-Aviv University adielmey@post.tau.ac.il February 9, 2016

Motivation Relativistic Hydrodynamics Lifshitz Hydrodynamics Conclusions Lifshitz Hydrodynamics Adiel Meyer Tel-Aviv University adielmey@post.tau.ac.il February 9, 2016 Adiel Meyer (TAU) Lifshitz Hydrodynamics February 9, 2016 1 / 32

555 views • 32 slides
2. Test results of LOCs1, a 5 Gbps 16:1 serializer. 3. Test results of the LCPLL, a 5 GHz

2. Test results of LOCs1, a 5 Gbps 16:1 serializer. 3. Test results of the LCPLL, a 5 GHz

ASIC Development for High Speed Serial Data Transmission from Detector Front-end to the Back-end 1. Overview. 2. Test results of LOCs1, a 5 Gbps 16:1 serializer. 3. Test results of the LCPLL, a 5 GHz phase-locked-loop 4. Future work: LOCs2

325 views • 17 slides
Predictions for the neutrino parameters in the minimal model extended by general lepton flavor

Predictions for the neutrino parameters in the minimal model extended by general lepton flavor

Predictions for the neutrino parameters in the minimal model extended by general lepton flavor dependent U(1) gauge symmetries () 2019 2019731 @ Based on KA

776 views • 75 slides
Electroweak Phase Transition and Sphaleron Eibun Senaha (Natl Taiwan U) April 7, 2017 ACFI

Electroweak Phase Transition and Sphaleron Eibun Senaha (Natl Taiwan U) April 7, 2017 ACFI

Electroweak Phase Transition and Sphaleron Eibun Senaha (Natl Taiwan U) April 7, 2017 ACFI Workshop: Making the Electroweak Phase Transition (Theoretically) Strong @Umass-Amherst Outline part1: EWPT and sphaleron in a complex-extended SM

789 views • 77 slides
Key rollover @RIPE NCC draft-ietf-sidr-res-certs-18#section-8 draft-huston-sidr-keyroll-00.txt

Key rollover @RIPE NCC draft-ietf-sidr-res-certs-18#section-8 draft-huston-sidr-keyroll-00.txt

RIPE Network Coordination Centre Key rollover @RIPE NCC draft-ietf-sidr-res-certs-18#section-8 draft-huston-sidr-keyroll-00.txt Tim Bruijnzeels IETF78 http://www.ripe.net 1 RIPE Network Coordination Centre Before rollover CA Issuer: TA

258 views • 13 slides

More recommend