integrating smt with theorem proving for ams verification
play

Integrating SMT with Theorem Proving for AMS Verification Yan Peng - PowerPoint PPT Presentation

Feb 07, 2024 •238 likes •472 views

Integrating SMT with Theorem Proving for AMS Verification Yan Peng & Mark Greenstreet University of British Columbia Vancouver, CA July 09, 2014 Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 1 / 21 Outline

  1. Integrating SMT with Theorem Proving for AMS Verification Yan Peng & Mark Greenstreet University of British Columbia Vancouver, CA July 09, 2014 Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 1 / 21

  2. Outline Integrating SMT with Theorem Proving for AMS Verification � Contributions Integrating SMT with Theorem Proving, challenges and solutions Verifying global convergence of a Digital Phase-Locked Loop(DPLL) using recurrence Conclusion Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 2 / 21

  3. Contributions Combine industrial strength SMT solver with industrial strength theorem prover. Model state-of-the-art DPLL with recurrences. Proof of global convergence. Able to prove design with parameter variation. Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 3 / 21

  4. Outline Integrating SMT with Theorem Proving for AMS Verification ◦ Contributions � Integrating SMT with Theorem Proving ◮ Why combine Z3 and ACL2? ◮ Software framework and technical challenges Verifying global convergence of a Digital Phase-Locked Loop(DPLL) using recurrence Conclusion Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 4 / 21

  5. SMT and Theorem Proving - Z3 Satisfiability Modulo Theories (SMT) problem is a unified decision procedure for logical formulas which combines solvers for a rich set of background theories. Possible theories: propositional logic, arithmetic, uninterpreted functions, bitvectors theories etc. Z3, Microsoft Research [MB08, JM12]. Non-linear arithmetic theories, suitable for AMS design with non-linear dynamics. Lack of: ◮ Induction proof ◮ Structured proof Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 5 / 21

  6. SMT and Theorem Proving - ACL2 Theorem proving is a technique for proving a set of theorems by building upon a set of basic axioms and use of logic rules, e.g. rewrite rules, induction. In order to prove a final theorem, one looks at what is needed and develops a set of lemmas. ACL2, University of Texas at Austin.[KM97] But working through complicated boolean formulas, systems of inequalites, etc., can be extremely tedious. ACL2 and Z3 complement each other: ◮ ACL2 provides structured proofs and induction proofs. ◮ Z3 discharges complicated/tedious systems of inequalities. Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 6 / 21

  7. SMT and Theorem Proving - clause processor clause c c c c 1 2 k processor clause from clauses returned by clause processor: ACL2 c c 2 c c 1 k A clause processor takes the goal one wants to prove and decomposes the goal into a conjunction of subgoals. Each subgoal is a called a clause. ACL2 supports two kinds of clause processors: ◮ A verified clause processor is written in Lisp and proven correct within ACL2. ◮ A trusted clause processor is anything else. Theorems whose proofs rely on a trusted clause processor are tagged accordingly. We integrate Z3 into ACL2 as a trusted clause processor. Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 7 / 21

  8. Challenge: reals vs. rationals clause c c c ∀ x,y,z. c(x,y.z) 2 k 1 processor clauses returned by clause processor: clause from ACL2 c c 2 c c(x,y,z) 1 k Challenge: ACL2 has rationals and Z3 has reals. ◮ In ACL2, ¬∃ x . x 2 = 2 is a theorem. ◮ In Z3, ∃ x . x 2 = 2 is a theorem. Solution: only use Z3 to prove propositions where all variables are universally quantified. Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 8 / 21

  9. Challenge: typed vs. untyped clause c c c clause from ACL2 1 2 k processor clauses returned by clause processor: (implies (and (rationalp x) c c 2 c c(x,y,z) 1 k (rationalp y) (rationalp z)) (c x y z)) Challenge: ACL2 is untyped but Z3 is typed. Solution: user adds type assertions to antecedent. ◮ These are almost always needed anyways. ◮ This requirement is not a significant burden. Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 9 / 21

  10. Challenge: user defined functions clause c c c c 2 k 1 processor clause from Validate user’s claims ACL2 about recursive functions. Expanded => Original Challenge: ◮ ACL2 supports arbitrary lisp functions. ◮ Z3 functions are more like macros (no recursion). Solution: ◮ Set up translation for a basic set of functions. ◮ Expand non-recursive functions. ◮ Expand recursive functions to bounded depth. ◮ Expansion done on ACL2’s representation: can verify correctness. Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 10 / 21

  11. Other issues: Claims can contain non-polynomial terms. ◮ Replace offensive subexpression with a variable. ◮ User adds constraints about the variable. ◮ These constraints are returned as clauses for ACL2 to prove. ACL2 may need hints to discharge clauses returned from the clause processor. ◮ Solution: nested hints. ◮ These hints tell the clause processor what hints to attach to returned clauses. These features provides a very flexible back-and-forth between induction proofs in ACL2 and handling the details of the algebra with Z3. Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 11 / 21

  12. Example - the theorem ∀ a b γ ∈ R , m n ∈ Z . If 0 < m < n , 0 < gamma < 1 . → γ m (( a + b ) 2 − 2 ab ) ≥ γ n · 2 ab 1 (defun f-mul-2 (x) (f-mul 2 x)) (defun f-plus (x y) (+ x y)) 3 (defun f-square (x) (f-mul x x)) (defun f-neg (x) (- x)) 5 (defun f-minus (x y) (f-plus x (f-neg y))) (defun f-expt (x n) (expt x n)) Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 12 / 21

  13. Example - code (defthm demonstration (implies (and (and (rationalp a) 2 (rationalp b) (rationalp gamma) 4 (integerp m) (integerp n)) 6 (and (> gamma 0) 8 (< gamma 1) (> m 0) 10 (< m n))) (>= (f-mul (expt gamma m) 12 (f-minus (f-square (f-plus a b)) (f-mul (f-mul-2 a) b))) 14 (f-mul (foo gamma n) (f-mul (f-mul-2 a) b)))) 16 :hints ...) Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 13 / 21

  14. Example - code 1 :hints (("Goal" 3 :clause-processor (my-clause-processor clause 5 ’( (:expand ((:functions ((f-mul rationalp) (f-mul-2 rationalp) 7 (f-plus rationalp) (f-square rationalp) (f-neg rationalp) 9 (f-minus rationalp) (f-expt rationalp))) 11 (:expansion-level 1)) (:python-file "demonstration") 13 (:let ((expt_gamma_m (expt gamma m) rationalp) (expt_gamma_n (expt gamma n) rationalp))) 15 (:hypothesize ((< expt_gamma_n expt_gamma_m) (> expt_gamma_m 0) 17 (> expt_gamma_n 0))) (:use ((:type ()) 19 (:hypo ()) (:main ())))))))) 21 Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 14 / 21

  15. Outline Integrating SMT with Theorem Proving for AMS Verification ◦ Contributions ◦ Integrating SMT with Theorem Proving � Verifying global convergence of a Digital Phase-Locked Loop(DPLL) using recurrence ◮ The state-of-the-art Digital PLL ◮ Establish recurrence model for the DPLL ◮ Prove global convergence using Z3 and ACL2 Conclusion Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 15 / 21

  16. A state-of-the-art Digital PLL (from CICC 2010)[CNA10] � Center � 0:23 15:23 Σ − DAC LPF − code + 0:14 F ref C decap 0:7 4:7 Σ BBPFD 0:3 ∆Σ F ref F DCO PFD c v F ref + up ∆θ F DCO dn − DCO ÷ N DCO has three control inputs: capacitance setting (digital), supply voltage (linear), phase correction (time-difference of digital transitions). Uses linear and bang-bang PFD. Integrators are digital. LPF and decap to improve power-supply rejection. It is impractical to verify global convergence using simulation. Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 16 / 21

  17. Establish the Recurrence Model A limit cycle is an isolated closed trajectory, for which its neighbouring trajectories are not closed they spiral either towards or away from the limit cycle. The recurrence model: c ( i + 1 ) = c ( i ) + g 1 sign ( φ ( i )) v ( i + 1 ) = v ( i ) + g 2 ( c ( i ) − c code ) � f dco ( i ) � φ ( i + 1 ) = ( 1 − K t ) φ ( i ) + 2 π Nf ref − 1 1 + α v ( i ) where f dco ( i ) = f 0 1 + β c ( i ) Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 17 / 21

  18. The proof: the big picture Coarse convergence: from any initial condition, φ eventually crosses 0 in a state where c and v are not saturated. ◮ Proof sketch: ◮ Use Ricatti equation to get a ranking function based on linear model at convergence. ◮ Use this ranking function to show coarse convergence using non-linear, global model. ◮ Z3 discharges all of the proof obligations. Fine convergence: from any crossing of φ = 0 with c and v away from their saturation conditions (as established above), φ will continue to make zero-crossings that each move closer to the intended equilibrium. ◮ Proof sketch: see the next few slides. Peng & Greenstreet (UBC) Integrating SMT with TP FAC (July 09, 2014) 18 / 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for

Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for

Formal Verification Methods 4: Theorem Proving Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for general theorem proving Set theory vs. higher-order logic Herbrand-based approaches

475 views • 18 slides
Floating-Point Verification by Theorem Proving John Harrison Intel Corporation Capital Normal

Floating-Point Verification by Theorem Proving John Harrison Intel Corporation Capital Normal

Floating-Point Verification by Theorem Proving John Harrison Intel Corporation Capital Normal University 13th October 2012 0 Overview Famous computer arithmetic failures Formal verification and theorem proving Floating-point

971 views • 73 slides
On Theorem Proving for Program Checking Historical perspective and recent developments Maria

On Theorem Proving for Program Checking Historical perspective and recent developments Maria

Outline Introduction Where is theorem proving in program checking Inside theorem proving Big and little engines together: a new theorem proving style Decision procedures with speculative inferences Current and future challenges On Theorem

944 views • 69 slides
Floating-Point Verification by Theorem Proving John Harrison Intel Corporation SFM-06:HV 27th

Floating-Point Verification by Theorem Proving John Harrison Intel Corporation SFM-06:HV 27th

Floating-Point Verification by Theorem Proving John Harrison Intel Corporation SFM-06:HV 27th May 2006 0 Overview Famous computer arithmetic failures Formal verification and theorem proving Floating-point arithmetic Division

1.14k views • 86 slides
Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without

Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without

Interactive Theorem Proving, Nancy August 22, 2016 Joachim Breitner Karlsruhe Institute of Technology University of Pennsylvania, Philadelphia Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without Syntax

579 views • 43 slides
Theorem Proving for Verification John Harrison Intel Corporation Galois talk (repeat of CAV

Theorem Proving for Verification John Harrison Intel Corporation Galois talk (repeat of CAV

Theorem Proving for Verification John Harrison Intel Corporation Galois talk (repeat of CAV tutorial) Portland 16th September 2008 (10:30 12:00) 0 Formal verification Formal verification: mathematically prove the correctness of a design

738 views • 53 slides
Theorem Proving for Verification 1: Background &amp; Propositional Logic John Harrison Intel

Theorem Proving for Verification 1: Background &amp; Propositional Logic John Harrison Intel

Theorem Proving for Verification 1: Background &amp; Propositional Logic John Harrison Intel Corporation Marktoberdorf 2010 Wed 11th August 2010 (08:4509:30) 0 Plan for the lectures Some of the main techniques for automated theorem

1.23k views • 99 slides
JProver : Integrating Connection-based Theorem Proving into Interactive Proof Assistants Stephan

JProver : Integrating Connection-based Theorem Proving into Interactive Proof Assistants Stephan

JProver : Integrating Connection-based Theorem Proving into Interactive Proof Assistants Stephan Schmitt 1 , Lori Lorigo 2 , Christoph Kreitz 2 , Aleksey Nogin 2 1 Dept. of Sciences and Engineering 2 Dept. of Computer Science Saint Louis

579 views • 8 slides
Theorem Proving for Verification John Harrison Intel Corporation CAV 2008 Princeton 9th July

Theorem Proving for Verification John Harrison Intel Corporation CAV 2008 Princeton 9th July

Theorem Proving for Verification John Harrison Intel Corporation CAV 2008 Princeton 9th July 2008 0 Formal verification Formal verification: mathematically prove the correctness of a design with respect to a mathematical formal specification

570 views • 53 slides
Real numbers in the real world Industrial applications of theorem proving John Harrison Intel

Real numbers in the real world Industrial applications of theorem proving John Harrison Intel

Real numbers in the real world Industrial applications of theorem proving John Harrison Intel Corporation 30th May 2006 0 Overview Famous computer arithmetic failures Formal verification and theorem proving Floating-point

627 views • 34 slides
Symbolic Computation and Theorem Proving in Program Analysis Laura Kov acs Chalmers

Symbolic Computation and Theorem Proving in Program Analysis Laura Kov acs Chalmers

Symbolic Computation and Theorem Proving in Program Analysis Laura Kov acs Chalmers Specification Program Loop Assertions Verification Conditions Proving Proving Specification Program Loop Assertions Theorem Proving Computer Algebra

916 views • 90 slides
Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht

Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht

Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht Course Program Semantics and Verfication 2020, Utrecht University September 21, 2020 Lecture Notes Automated Reasoning by Gerard A.W. Vreeswijk.

609 views • 40 slides
Automated Theorem Proving 2/4: First-Order Theorem Proving A.L. Lamprecht Course Program

Automated Theorem Proving 2/4: First-Order Theorem Proving A.L. Lamprecht Course Program

Automated Theorem Proving 2/4: First-Order Theorem Proving A.L. Lamprecht Course Program Semantics and Verfication 2020, Utrecht University September 23, 2020 Lecture Notes Automated Reasoning by Gerard A.W. Vreeswijk. Available for

1.03k views • 54 slides
Theorem-Proving Environments Nathan Ng CSC2547: Learning to Search Theorem Proving What is a

Theorem-Proving Environments Nathan Ng CSC2547: Learning to Search Theorem Proving What is a

Theorem-Proving Environments Nathan Ng CSC2547: Learning to Search Theorem Proving What is a theorem? Statement proven based on basis of previously established statements Premise: If I attend UofT, I am a student Premise: I attend

375 views • 25 slides
Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA Overview Last Lecture theorem

Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA Overview Last Lecture theorem

Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA Overview Last Lecture theorem proving problems premise selection deep learning for theorem proving state estimation Today automated reasoning learning in classical ATPs

1.18k views • 97 slides
Automated Theorem Proving in Real Applications John Harrison Intel Corporation The cost of

Automated Theorem Proving in Real Applications John Harrison Intel Corporation The cost of

Automated Theorem Proving in Real Applications 1 Automated Theorem Proving in Real Applications John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches

678 views • 29 slides
Applications of metric e v al u ation P R E D IC TIN G C TR W ITH MAC H IN E L E AR N IN G IN

Applications of metric e v al u ation P R E D IC TIN G C TR W ITH MAC H IN E L E AR N IN G IN

Applications of metric e v al u ation P R E D IC TIN G C TR W ITH MAC H IN E L E AR N IN G IN P YTH ON Ke v in H u o Instr u ctor Fo u r categories of o u tcomes First part of categor y ( tr u e / false ) represents w hether model w as

730 views • 24 slides
Analytical Modeling of Parallel Systems Ananth Grama, Anshul Gupta, George Karypis, and Vipin

Analytical Modeling of Parallel Systems Ananth Grama, Anshul Gupta, George Karypis, and Vipin

Analytical Modeling of Parallel Systems Ananth Grama, Anshul Gupta, George Karypis, and Vipin Kumar To accompany the text Introduction to Parallel Computing, Addison Wesley, 2003. Topic Overview Sources of Overhead in Parallel Programs

697 views • 67 slides
Using a Set Constraint Solver for Program Verifjcation Maximiliano Cristi Universidad Nacional

Using a Set Constraint Solver for Program Verifjcation Maximiliano Cristi Universidad Nacional

Using a Set Constraint Solver for Program Verifjcation Maximiliano Cristi Universidad Nacional de Rosario Argentina Gianfranco Rossi Universit degli Studi di Parma Italy Claudia Frydman Aix-Marseille Universit France 4th

441 views • 31 slides
Scheduling Parallel Programs by Work Stealing with Private Deques Umut Acar Arthur Charguraud

Scheduling Parallel Programs by Work Stealing with Private Deques Umut Acar Arthur Charguraud

Scheduling Parallel Programs by Work Stealing with Private Deques Umut Acar Arthur Charguraud Mike Rainey Carnegie Mellon INRIA Max Planck Institute University for Software Systems PPoPP 25.2.2013 1 Friday, July 5, 13 Scheduling

651 views • 43 slides
Data Mining Classification: Alternative Techniques Imbalanced Class Problem Introduction to Data

Data Mining Classification: Alternative Techniques Imbalanced Class Problem Introduction to Data

Data Mining Classification: Alternative Techniques Imbalanced Class Problem Introduction to Data Mining, 2 nd Edition by Tan, Steinbach, Karpatne, Kumar 1 Class Imbalance Problem Lots of classification problems where the classes are

446 views • 16 slides
Independent Component Analysis Aleix M. Martinez aleix@ece.osu.edu Independent Component

Independent Component Analysis Aleix M. Martinez aleix@ece.osu.edu Independent Component

Machine Learning &amp; Pattern Recognition Independent Component Analysis Aleix M. Martinez aleix@ece.osu.edu Independent Component Analysis Instead of minimizing the error, ICA seeks to find independent components of the data. x i ( t )

467 views • 5 slides
Polynomial Space [HMU06,Chp.11b] The classes PS and NPS Relationship to Other Classes

Polynomial Space [HMU06,Chp.11b] The classes PS and NPS Relationship to Other Classes

Polynomial Space [HMU06,Chp.11b] The classes PS and NPS Relationship to Other Classes Equivalence PS = NPS Quantified Boolean Formulas A PS-Complete Problem 1 Polynomial Space Machines &amp; Classes 2

926 views • 49 slides
Hardware-Assisted Critical Sections Dr. Liam OConnor University of Edinburgh LFCS (and UNSW)

Hardware-Assisted Critical Sections Dr. Liam OConnor University of Edinburgh LFCS (and UNSW)

Machine Instructions Hardware-Assisted Critical Sections Dr. Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Machine Instructions Where we are at In the last lecture we introduced efficient algorithms for critical

301 views • 18 slides

More recommend