introduction to smt
play

Introduction to SMT Albert Oliveras Technical University of - PowerPoint PPT Presentation

Feb 15, 2024 •328 likes •1.39k views

Introduction to SMT Albert Oliveras Technical University of Catalonia 8th International SAT/SMT/AR Summer School 2019 Lisbon, Portugal July 3rd, 2019 Introduction to SMT p. 1 Overview of the talk Motivation SMT Theories of Interest

  1. Lazy approach Methodology: Example: consider EUF and the CNF g ( a )= c ∧ ( f ( g ( a )) � = f ( c ) ∨ g ( a )= d ) c � = d ∧ ���� � �� � � �� � � �� � 1 3 4 2 SAT solver returns model [ 1, 2, 4 ] Theory solver says T -inconsistent Send { 1, 2 ∨ 3, 4, 1 ∨ 2 ∨ 4 } to SAT solver Introduction to SMT – p. 17

  2. Lazy approach Methodology: Example: consider EUF and the CNF g ( a )= c ∧ ( f ( g ( a )) � = f ( c ) ∨ g ( a )= d ) c � = d ∧ ���� � �� � � �� � � �� � 1 3 4 2 SAT solver returns model [ 1, 2, 4 ] Theory solver says T -inconsistent Send { 1, 2 ∨ 3, 4, 1 ∨ 2 ∨ 4 } to SAT solver SAT solver returns model [ 1, 2, 3, 4 ] Introduction to SMT – p. 17

  3. Lazy approach Methodology: Example: consider EUF and the CNF g ( a )= c ∧ ( f ( g ( a )) � = f ( c ) ∨ g ( a )= d ) c � = d ∧ ���� � �� � � �� � � �� � 1 3 4 2 SAT solver returns model [ 1, 2, 4 ] Theory solver says T -inconsistent Send { 1, 2 ∨ 3, 4, 1 ∨ 2 ∨ 4 } to SAT solver SAT solver returns model [ 1, 2, 3, 4 ] Theory solver says T -inconsistent Introduction to SMT – p. 17

  4. Lazy approach Methodology: Example: consider EUF and the CNF g ( a )= c ∧ ( f ( g ( a )) � = f ( c ) ∨ g ( a )= d ) c � = d ∧ ���� � �� � � �� � � �� � 1 3 4 2 SAT solver returns model [ 1, 2, 4 ] Theory solver says T -inconsistent Send { 1, 2 ∨ 3, 4, 1 ∨ 2 ∨ 4 } to SAT solver SAT solver returns model [ 1, 2, 3, 4 ] Theory solver says T -inconsistent SAT solver detects { 1, 2 ∨ 3, 4, 1 ∨ 2 ∨ 4, 1 ∨ 2 ∨ 3 ∨ 4 } UNSATISFIABLE Introduction to SMT – p. 17

  5. Lazy approach (2) Why “lazy”? Theory information used lazily when checking T -consistency of propositional models Characteristics: + Modular and flexible - Theory information does not guide the search Introduction to SMT – p. 18

  6. Overview of the talk Motivation SMT Theories of Interest Eager approach Lazy approach Optimizations and DPLL( T ) Theory solvers: difference logic and case splitting Combining Theory Solvers Limitations and Other Approaches Introduction to SMT – p. 18

  7. Lazy approach - Optimizations Several optimizations for enhancing efficiency: Check T -consistency only of full propositional models Introduction to SMT – p. 19

  8. Lazy approach - Optimizations Several optimizations for enhancing efficiency: Check T -consistency only of full propositional models Check T -consistency of partial assignment while being built Introduction to SMT – p. 19

  9. Lazy approach - Optimizations Several optimizations for enhancing efficiency: Check T -consistency only of full propositional models Check T -consistency of partial assignment while being built Given a T -inconsistent assignment M , add ¬ M as a clause Introduction to SMT – p. 19

  10. Lazy approach - Optimizations Several optimizations for enhancing efficiency: Check T -consistency only of full propositional models Check T -consistency of partial assignment while being built Given a T -inconsistent assignment M , add ¬ M as a clause Given a T -inconsistent assignment M , identify a T -inconsistent subset M 0 ⊆ M and add ¬ M 0 as a clause Introduction to SMT – p. 19

  11. Lazy approach - Optimizations Several optimizations for enhancing efficiency: Check T -consistency only of full propositional models Check T -consistency of partial assignment while being built Given a T -inconsistent assignment M , add ¬ M as a clause Given a T -inconsistent assignment M , identify a T -inconsistent subset M 0 ⊆ M and add ¬ M 0 as a clause Upon a T -inconsistency, add clause and restart Introduction to SMT – p. 19

  12. Lazy approach - Optimizations Several optimizations for enhancing efficiency: Check T -consistency only of full propositional models Check T -consistency of partial assignment while being built Given a T -inconsistent assignment M , add ¬ M as a clause Given a T -inconsistent assignment M , identify a T -inconsistent subset M 0 ⊆ M and add ¬ M 0 as a clause Upon a T -inconsistency, add clause and restart Upon a T -inconsistency, bactrack to some point where the assignment was still T -consistent Introduction to SMT – p. 19

  13. Lazy approach - T -propagation As pointed out the lazy approach has one drawback: Theory information does not guide the search (too lazy) How can we improve that? For example: Assume that a < b , b < c are in our partial assignment M . If the formula contains a < c we would like to add it to M Search guided by T -Solver by finding T-consequences, instead of only validating it as in basic lazy approach. Naive implementation:: Add ¬ l . If T -inconsistent then infer l [ACG00] But for efficient Theory Propagation we need: - T -Solvers specialized and fast in it. - fully exploited in conflict analysis This approach has been named DPLL( T ) [NOT06] Introduction to SMT – p. 20

  14. Lazy approach - Important points Important and benefitial aspects of the lazy approach: (even with the optimizations) Everyone does what he/she is good at: SAT solver takes care of Boolean information Theory solver takes care of theory information Theory solver only receives conjunctions of literals Modular approach: SAT solver and T -solver communicate via a simple API SMT for a new theory only requires new T -solver SAT solver can be embedded in a lazy SMT system with relatively litte effort Introduction to SMT – p. 21

  15. DPLL( T ) In a nutshell: DPLL( T ) = DPLL( X ) + T -Solver DPLL( X ): Very similar to a SAT solver, enumerates Boolean models Not allowed: pure literal, blocked literal detection, ... Desirable: partial model detection T -Solver: Checks consistency of conjunctions of literals Computes theory propagations Produces explanations of inconsistency/ T -propagation Should be incremental and backtrackable Introduction to SMT – p. 22

  16. DPLL( T ) - Example Consider again EUF and the formula: g ( a )= c ∧ ( f ( g ( a )) � = f ( c ) ∨ g ( a )= d ) c � = d ∧ ���� � �� � � �� � � �� � 1 3 4 2 ( UnitPropagate ) 0 || / 1, 2 ∨ 3, 4 ⇒ Introduction to SMT – p. 23

  17. DPLL( T ) - Example Consider again EUF and the formula: g ( a )= c ∧ ( f ( g ( a )) � = f ( c ) ∨ g ( a )= d ) c � = d ∧ ���� � �� � � �� � � �� � 1 3 4 2 ( UnitPropagate ) 0 || / 1, 2 ∨ 3, 4 ⇒ ( UnitPropagate ) 1 || 1, 2 ∨ 3, 4 ⇒ Introduction to SMT – p. 23

  18. DPLL( T ) - Example Consider again EUF and the formula: g ( a )= c ∧ ( f ( g ( a )) � = f ( c ) ∨ g ( a )= d ) c � = d ∧ ���� � �� � � �� � � �� � 1 3 4 2 ( UnitPropagate ) 0 || / 1, 2 ∨ 3, 4 ⇒ ( UnitPropagate ) 1 || 1, 2 ∨ 3, 4 ⇒ ( T-Propagate ) 1 4 || 1, 2 ∨ 3, 4 ⇒ Introduction to SMT – p. 23

  19. DPLL( T ) - Example Consider again EUF and the formula: g ( a )= c ∧ ( f ( g ( a )) � = f ( c ) ∨ g ( a )= d ) c � = d ∧ ���� � �� � � �� � � �� � 1 3 4 2 ( UnitPropagate ) 0 || / 1, 2 ∨ 3, 4 ⇒ ( UnitPropagate ) 1 || 1, 2 ∨ 3, 4 ⇒ ( T-Propagate ) 1 4 || 1, 2 ∨ 3, 4 ⇒ 1 4 2 || 1, 2 ∨ 3, 4 ⇒ ( T-Propagate ) Introduction to SMT – p. 23

  20. DPLL( T ) - Example Consider again EUF and the formula: g ( a )= c ∧ ( f ( g ( a )) � = f ( c ) ∨ g ( a )= d ) c � = d ∧ ���� � �� � � �� � � �� � 1 3 4 2 ( UnitPropagate ) 0 || / 1, 2 ∨ 3, 4 ⇒ ( UnitPropagate ) 1 || 1, 2 ∨ 3, 4 ⇒ ( T-Propagate ) 1 4 || 1, 2 ∨ 3, 4 ⇒ 1 4 2 || 1, 2 ∨ 3, 4 ⇒ ( T-Propagate ) ( Fail ) 1 4 2 3 || 1, 2 ∨ 3, 4 ⇒ Introduction to SMT – p. 23

  21. DPLL( T ) - Example Consider again EUF and the formula: g ( a )= c ∧ ( f ( g ( a )) � = f ( c ) ∨ g ( a )= d ) c � = d ∧ ���� � �� � � �� � � �� � 1 3 4 2 ( UnitPropagate ) 0 || / 1, 2 ∨ 3, 4 ⇒ ( UnitPropagate ) 1 || 1, 2 ∨ 3, 4 ⇒ ( T-Propagate ) 1 4 || 1, 2 ∨ 3, 4 ⇒ 1 4 2 || 1, 2 ∨ 3, 4 ⇒ ( T-Propagate ) ( Fail ) 1 4 2 3 || 1, 2 ∨ 3, 4 ⇒ UNSAT Introduction to SMT – p. 23

  22. DPLL( T ) - Overall algorithm High-levew view gives the same algorithm as a CDCL SAT solver: while(true){ while (propagate_gives_conflict()){ if (decision_level==0) return UNSAT; else analyze_conflict(); } restart_if_applicable(); remove_lemmas_if_applicable(); if (!decide()) returns SAT; // All vars assigned } Differences are in: propagate_gives_conflict analyze_conflict Introduction to SMT – p. 24

  23. DPLL( T ) - Propagation propagate_gives_conflict( ) returns Bool do { // unit propagate if ( unit_prop_gives_conflict() ) then return true // check T-consistency of the model if ( solver.is_model_inconsistent() ) then return true // theory propagate solver.theory_propagate() } while (someTheoryPropagation) return false Introduction to SMT – p. 25

  24. DPLL( T ) - Propagation (2) Three operations: Unit propagation (SAT solver) Consistency checks ( T -solver) Theory propagation ( T -solver) Cheap operations are computed first If theory is expensive, calls to T -solver are sometimes skipped For completeness, only necessary to call T -solver at the leaves (i.e. when we have a full propositional model) Theory propagation is not necessary for completeness Introduction to SMT – p. 26

  25. DPLL( T ) - Conflict Analysis Remember conflict analysis in SAT solvers: C := conflicting clause while C contains more than one lit of last DL l :=last literal assigned in C C :=Resolution( C ,reason( l )) end while // let C = C’ v l where l is UIP backjump(maxDL(C’)) add l to the model with reason C learn(C) Introduction to SMT – p. 27

  26. DPLL( T ) - Conflict Analysis (2) Conflict analysis in DPLL( T ): if boolean conflict then C := conflicting clause else C := ¬ ( solver.explain_inconsistency() ) while C contains more than one lit of last DL l :=last literal assigned in C C :=Resolution( C ,reason( l )) end while // let C = C’ v l where l is UIP backjump(maxDL(C’)) add l to the model with reason C learn(C) Introduction to SMT – p. 28

  27. DPLL( T ) - Conflict Analysis (3) What does explain_inconsistency return? A (small) conjuntion of literals l 1 ∧ ... ∧ l n such that: They were in the model when T -inconsistency was found It is T -inconsistent What is now reason ( l ) ? If l was unit propagated, reason is the clause that propagated it If l was T -propagated? T -solver has to provide an explanation for l , i.e. a (small) set of literals l 1 , ... , l n such that: They were in the model when l was T -propagated l 1 ∧ ... ∧ l n | = T l Then reason ( l ) is ¬ l 1 ∨ ... ∨¬ l n ∨ l Introduction to SMT – p. 29

  28. DPLL( T ) - Conflict Analysis (4) Let M be of the form ... , c = b , ... and let F contain h ( a )= h ( c ) ∨ p a = b ∨ ¬ p ∨ a = d a � = d ∨ a = b Take the following sequence: 1. Decide h ( a ) � = h ( c ) 2. UnitPropagate p (due to clause h ( a )= h ( c ) ∨ p ) 3. T-Propagate a � = b (since h ( a ) � = h ( c ) and c = b ) 4. UnitPropagate a = d (due to clause a = b ∨ ¬ p ∨ a = d ) 5. Conflicting clause a � = d ∨ a = b Explain( a � = b ) is { h ( a ) � = h ( c ) , c = b } a = b ∨¬ p ∨ a = d a � = d ∨ a = b ❄ h ( a )= h ( c ) ∨ c � = b ∨ a � = b a = b ∨¬ p h ( a )= h ( c ) ∨ p h ( a )= h ( c ) ∨ c � = b ∨¬ p h ( a )= h ( c ) ∨ c � = b Introduction to SMT – p. 30

  29. Overview of the talk Motivation SMT Theories of Interest Eager approach Lazy approach Optimizations and DPLL( T ) T -solvers: difference logic Combining Theory Solvers Limitations and Other Approaches Introduction to SMT – p. 30

  30. Difference logic Literals in Difference Logic are of the form a − b ⊲ ⊳ k , where ⊳ ∈ {≤ , ≥ , < , > , = , � = } ⊲ a and b are integer/real variables k is an integer/real At the formula level, a = b is replaced by p and p ↔ a ≤ b ∧ b ≤ a is added If domain is Z then a − b < k is replaced by a − b ≤ k − 1 If domain is R then a − b < k is replaced by a − b ≤ k − δ δ is a sufficiently small real δ is not computed but used symbolically (i.e. numbers are pairs ( k , δ ) Hence we can assume all literals are a − b ≤ k Introduction to SMT – p. 31

  31. Difference Logic - Remarks Note that any solution to a set of DL literals can be shifted (i.e. if σ is a solution then σ ′ ( x ) = σ ( x ) + k also is a solution) This allows one to process bounds x ≤ k Introduce fresh variable zero Convert all bounds x ≤ k into x − zero ≤ k Given a solution σ , shift it so that σ ( zero ) = 0 If we allow (dis)equalities as literals, then: If domain is R consistency check is polynomial If domain is Z consistency check is NP-hard ( k -colorability) 1 ≤ c i ≤ k with i = 1 ... # verts encodes k colors available c i � = c j if i and j adjacents encode proper assignment Introduction to SMT – p. 32

  32. Difference Logic as a Graph Problem Given M = { a − b ≤ 2, b − c ≤ 3, c − a ≤ − 7 } , construct weighted graph G ( M ) 2 a b − 7 3 c Theorem: M is T -inconsistent iff G ( M ) has a negative cycle Introduction to SMT – p. 33

  33. Difference Logic as a Graph Problem (2) Theorem: M is T -inconsistent iff G ( M ) has a negative cycle ⇐ ) k 1 k 2 k n Any negative cycle a 1 − → a 2 − → a 3 − → ... − → a n − → a 1 corresponds to a set of literals: a 1 − a 2 ≤ k 1 a 2 − a 3 ≤ k 2 ... a n − a 1 ≤ k n If we add them all, we get 0 ≤ k 1 + k 2 + ... + k n , which is inconsistent since neg. cycle implies k 1 + k 2 + ... + k n < 0 Introduction to SMT – p. 34

  34. Difference Logic as a Graph Problem (3) Theorem: M is T -inconsistent iff G ( M ) has a negative cycle ⇒ ) Let us assume that there is no negative cycle. 0 1. Consider additional vertex o with edges o − → v to all verts. v 2. For each variable x , let σ ( x ) = − dist ( o , x ) [exists because there is no negative cycle] 3. σ is a model of M = x − y ≤ k then − dist ( o , x ) + dist ( o , y ) > k If σ �| Hence, dist ( o , y ) > dist ( o , x ) + k But k = weight ( x − → y ) !!! Introduction to SMT – p. 35

  35. Bellman-Ford: negative cycle detection forall v ∈ V do d [ v ] : = ∞ endfor forall i = 1 to | V |− 1 do forall ( u , v ) ∈ E do if d[v] > d[u] + weight(u,v) then d[v]:= d[u] + weight(u,v) p[v]:= u endif endfor endfor forall ( u , v ) ∈ E do if d [ v ] > d [ u ] + weight ( u , v ) then Negative cycle detected Cycle reconstructed following p endif endfor Introduction to SMT – p. 36

  36. Consistency checks Consistency checks can be performed using Bellman-Ford in time ( O ( | V |·| E | ) ) Other more efficient variants exists Incrementality easy: k Upon arrival of new literal a − → b process graph from u Solutions can be kept after backtracking Inconsistency explanations are negative cycles (irredundant but not minimal explanations) Introduction to SMT – p. 37

  37. Theory propagation → b entails c − d ≤ k ′ only if k Addition of a − shortest � �� � k c − →∗ a − → b − →∗ d � �� � shortest k Given a solution σ , each edge a − → b (i.e. a − b ≤ k ) has its reduced cost k − σ ( a ) + σ ( b ) ≥ 0 Shortest path computation more efficient using reduced costs, since they are non-negative [Dijkstra’s algorithm] Theory propagation ≈ shortest-path computations Explanations are the shortest paths Introduction to SMT – p. 38

  38. Overview of the talk Motivation SMT Theories of Interest Eager approach Lazy approach Optimizations and DPLL( T ) T -solvers: case splitting Combining Theory Solvers Limitations and Other Approaches Introduction to SMT – p. 38

  39. Case Reasoning in Theory Solvers For certain theories, consistency checking requires case reasoning. Example: consider the theory of arrays and the set of literals read ( write ( A , i , x ) , j ) � = x read ( write ( A , i , x ) , j ) � = read ( A , j ) Two cases: i = j . LHS rewrites into x � = x !!! i � = j . RHS rewrites into read ( A , j ) � = read ( A , j ) !!! CONCLUSION : T -inconsistent Introduction to SMT – p. 39

  40. Case Reasoning in Theory Solvers (2) A complete T-solver reasons by cases via internal case splitting and backtracking mechanisms. An alternative is to lift case splitting and backtracking from the T-solver to the SAT engine. Basic idea: encode case splits as sets of clauses and send them as needed to the SAT engine for it to split on them. Possible benefits: All case-splitting is coordinated by the SAT engine Only have to implement case-splitting infrastructure in one place Can learn a wider class of lemmas (more details later) Introduction to SMT – p. 40

  41. Case Reasoning in Theory Solvers (3) Basic idea: encode case splits as a set of clauses and send them as needed to the SAT engine Example: s = read ( write ( A , i , t ) , j ) Assume model contains literal � �� � s ′ DPLL( X ) asks: “is it T -satisfiable”? T -solver says: “I do not know yet , but it will be helpful that you consider these theory lemmas:” s = s ′ ∧ i = j − → s = t s = s ′ ∧ i � = j − → s = read ( A , j ) We need certain completeness conditions (e.g. once all lits from a certain subset L has been decided, the T -solver should YES/NO) Introduction to SMT – p. 41

  42. Overview of the talk Motivation SMT Theories of Interest Eager approach Lazy approach Optimizations and DPLL( T ) Theory solvers: difference logic and case splitting Combining Theory Solvers Limitations and Other Approaches Introduction to SMT – p. 41

  43. Need for combination In software verification, formulas like the following one arise: a = b + 2 ∧ A = write ( B , a + 1,4 ) ∧ ( read ( A , b + 3 )= 2 ∨ f ( a − 1 ) � = f ( b + 1 )) Here reasoning is needed over The theory of linear arithmetic ( T LA ) The theory of arrays ( T A ) The theory of uninterpreted functions ( T EUF ) Remember that T -solvers only deal with conjunctions of lits. Given T -solvers for the three individual theories, can we combine them to obtain one for ( T LA ∪ T A ∪ T EUF )? Under certain conditions the Nelson-Oppen combination method gives a positive answer Introduction to SMT – p. 42

  44. Motivating example - Convex case Consider the following set of literals: f ( f ( x ) − f ( y )) = a f ( 0 ) = a + 2 = x y There are two theories involved: T LA ( R ) and T EUF FIRST STEP: purify each literal so that it belongs to a single theory f ( f ( x ) − f ( y )) = a = ⇒ f ( e 1 ) = a = ⇒ f ( e 1 ) = a e 1 = f ( x ) − f ( y ) e 1 = e 2 − e 3 e 2 = f ( x ) e 3 = f ( y ) Introduction to SMT – p. 43

  45. Motivating example - Convex case Consider the following set of literals: f ( f ( x ) − f ( y )) = a f ( 0 ) = a + 2 = x y There are two theories involved: T LA ( R ) and T EUF FIRST STEP: purify each literal so that it belongs to a single theory f ( 0 ) = a + 2 = ⇒ f ( e 4 ) = a + 2 = ⇒ f ( e 4 ) = e 5 e 4 = 0 e 4 = 0 e 5 = a + 2 Introduction to SMT – p. 44

  46. Motivating example - Convex case (2) SECOND STEP: check satisfiability and exchange entailed equalities EUF Arithmetic f ( e 1 ) = e 2 − e 3 = a e 1 f ( x ) = = e 2 e 4 0 f ( y ) = = a + 2 e 3 e 5 f ( e 4 ) = e 5 = x y The two solvers only share constants: e 1 , e 2 , e 3 , e 4 , e 5 , a To merge the two models into a single one, the solvers have to agree on equalities between shared constants (interface equalities) This can be done by exchanging entailed interface equalities Introduction to SMT – p. 45

  47. Motivating example - Convex case (2) SECOND STEP: check satisfiability and exchange entailed equalities EUF Arithmetic f ( e 1 ) = e 2 − e 3 = a e 1 f ( x ) = = e 2 e 4 0 f ( y ) = = a + 2 e 3 e 5 f ( e 4 ) = = e 5 e 2 e 3 = x y The two solvers only share constants: e 1 , e 2 , e 3 , e 4 , e 5 , a EUF -Solver says SAT Ari -Solver says SAT = e 2 = e 3 EUF | Introduction to SMT – p. 46

  48. Motivating example - Convex case (2) SECOND STEP: check satisfiability and exchange entailed equalities EUF Arithmetic f ( e 1 ) = e 2 − e 3 = a e 1 f ( x ) = = e 2 e 4 0 f ( y ) = = a + 2 e 3 e 5 f ( e 4 ) = = e 5 e 2 e 3 = x y = e 1 e 4 The two solvers only share constants: e 1 , e 2 , e 3 , e 4 , e 5 , a EUF -Solver says SAT Ari -Solver says SAT = e 1 = e 4 Ari | Introduction to SMT – p. 47

  49. Motivating example - Convex case (2) SECOND STEP: check satisfiability and exchange entailed equalities EUF Arithmetic f ( e 1 ) = e 2 − e 3 = a e 1 f ( x ) = = e 2 e 4 0 f ( y ) = = a + 2 e 3 e 5 f ( e 4 ) = = e 5 e 2 e 3 = = x y a e 5 = e 1 e 4 The two solvers only share constants: e 1 , e 2 , e 3 , e 4 , e 5 , a EUF -Solver says SAT Ari -Solver says SAT = a = e 5 EUF | Introduction to SMT – p. 48

  50. Motivating example - Convex case (2) SECOND STEP: check satisfiability and exchange entailed equalities EUF Arithmetic f ( e 1 ) = e 2 − e 3 = a e 1 f ( x ) = = e 2 e 4 0 f ( y ) = = a + 2 e 3 e 5 f ( e 4 ) = = e 5 e 2 e 3 = = x y a e 5 = e 1 e 4 The two solvers only share constants: e 1 , e 2 , e 3 , e 4 , e 5 , a EUF -Solver says SAT Ari -Solver says UNSAT Hence the original set of lits was UNSAT Introduction to SMT – p. 49

  51. Nelson-Oppen – The convex case A theory T is stably-infinite iff every T -satisfiable quantifier-free formula has an infinite model A theory T is convex iff = T a 1 = b 1 ∨ ... ∨ a n = b n = = a i = b i for some i S | ⇒ S | Deterministic Nelson-Oppen: [NO79, TH96, MZ02] Given two signature-disjoint, stably-infinite and convex theories T 1 and T 2 Given a set of literals S over the signature of T 1 ∪ T 2 The ( T 1 ∪ T 2 )-satisfiability of S can be checked with the following algorithm: Introduction to SMT – p. 50

  52. Nelson-Oppen – The convex case (2) Deterministic Nelson-Oppen 1. Purify S and split it into S 1 ∪ S 2 . Let E the set of interface equalities between S 1 and S 2 2. If S 1 is T 1 -unsatisfiable then UNSAT 3. If S 2 is T 2 -unsatisfiable then UNSAT = T 1 x = y with x = y ∈ E \ S 2 then 4. If S 1 | S 2 : = S 2 ∪{ x = y } and goto 3 = T 2 x = y with x = y ∈ E \ S 1 then 5. If S 2 | S 1 : = S 1 ∪{ x = y } and goto 2 6. Report SAT Introduction to SMT – p. 51

  53. Motivating example – Non-convex case Consider the following UNSATISFIABLE set of literals: 1 ≤ ≤ 2 x f ( 1 ) = a f ( x ) = b = b + 2 a f ( 2 ) = f ( 1 ) + 3 There are two theories involved: T LA ( Z ) and T EUF FIRST STEP: purify each literal so that it belongs to a single theory f ( 1 ) = = f ( e 1 ) = ⇒ a a e 1 = 1 Introduction to SMT – p. 52

  54. Motivating example – Non-convex case Consider the following UNSATISFIABLE set of literals: 1 ≤ ≤ 2 x f ( 1 ) = a f ( x ) = b = b + 2 a f ( 2 ) = f ( 1 ) + 3 There are two theories involved: T LA ( Z ) and T EUF FIRST STEP: purify each literal so that it belongs to a single theory f ( 2 ) = f ( 1 ) + 3 = e 2 = ⇒ 2 f ( e 2 ) = e 3 f ( e 1 ) = e 4 e 3 = e 4 + 3 Introduction to SMT – p. 53

  55. Motivating example – Non-convex case(2) SECOND STEP: check satisfiability and exchange entailed equalities Arithmetic EUF f ( e 1 ) = ≤ 1 x a f ( x ) = ≤ x 2 b = f ( e 2 ) = e 1 1 e 3 = b + 2 f ( e 1 ) = a e 4 = 2 e 2 = e 4 + 3 e 3 = a e 4 The two solvers only share constants: x , e 1 , a , b , e 2 , e 3 , e 4 Ari -Solver says SAT EUF -Solver says SAT = a = e 4 EUF | Introduction to SMT – p. 54

  56. Motivating example – Non-convex case(2) SECOND STEP: check satisfiability and exchange entailed equalities Arithmetic EUF f ( e 1 ) = ≤ 1 x a f ( x ) = ≤ x 2 b = f ( e 2 ) = e 1 1 e 3 = b + 2 f ( e 1 ) = a e 4 = 2 e 2 = e 4 + 3 e 3 = a e 4 The two solvers only share constants: x , e 1 , a , b , e 2 , e 3 , e 4 Ari -Solver says SAT EUF -Solver says SAT No theory entails any other interface equality, but... Introduction to SMT – p. 55

  57. Motivating example – Non-convex case(2) SECOND STEP: check satisfiability and exchange entailed equalities Arithmetic EUF f ( e 1 ) = ≤ 1 x a f ( x ) = ≤ x 2 b = f ( e 2 ) = e 1 1 e 3 = b + 2 f ( e 1 ) = a e 4 = 2 e 2 = e 4 + 3 e 3 = a e 4 The two solvers only share constants: x , e 1 , a , b , e 2 , e 3 , e 4 Ari -Solver says SAT EUF -Solver says SAT = T x = e 1 ∨ x = e 2 . Let’s consider both cases. Ari | Introduction to SMT – p. 56

  58. Motivating example – Non-convex case(2) SECOND STEP: check satisfiability and exchange entailed equalities Arithmetic EUF f ( e 1 ) = ≤ 1 x a f ( x ) = ≤ x 2 b = f ( e 2 ) = e 1 1 e 3 = b + 2 f ( e 1 ) = a e 4 = = 2 e 2 x e 1 = e 4 + 3 e 3 = a e 4 = x e 1 Ari -Solver says SAT EUF -Solver says SAT = T a = b , that when sent to Ari makes it UNSAT EUF | Introduction to SMT – p. 57

  59. Motivating example – Non-convex case(2) SECOND STEP: check satisfiability and exchange entailed equalities Arithmetic EUF f ( e 1 ) = ≤ 1 x a f ( x ) = ≤ x 2 b = f ( e 2 ) = e 1 1 e 3 = b + 2 f ( e 1 ) = a e 4 = 2 e 2 = e 4 + 3 e 3 = a e 4 Let’s try now with x = e 2 Introduction to SMT – p. 58

  60. Motivating example – Non-convex case(2) SECOND STEP: check satisfiability and exchange entailed equalities Arithmetic EUF f ( e 1 ) = ≤ 1 x a f ( x ) = ≤ x 2 b = f ( e 2 ) = e 1 1 e 3 = b + 2 f ( e 1 ) = a e 4 = = 2 e 2 x e 2 = e 4 + 3 e 3 = a e 4 = x e 2 Ari -Solver says SAT EUF -Solver says SAT = T b = e 3 , that when sent to Ari makes it UNSAT EUF | Introduction to SMT – p. 59

  61. Motivating example – Non-convex case(2) SECOND STEP: check satisfiability and exchange entailed equalities Arithmetic EUF f ( e 1 ) = ≤ 1 x a f ( x ) = ≤ x 2 b = f ( e 2 ) = e 1 1 e 3 = b + 2 f ( e 1 ) = a e 4 = = 2 e 2 x e 2 = e 4 + 3 e 3 = a e 4 = x e 2 Since both x = e 1 and x = e 2 are UNSAT , the set of literals is UNSAT Introduction to SMT – p. 60

  62. Nelson-Oppen - The non-convex case In the previous example Deterministic NO does not work This was because T LA ( Z ) is not convex: = T LA ( Z ) x = e 1 ∨ x = e 2 , but S LA ( Z ) | = T LA ( Z ) x = e 1 and S LA ( Z ) �| S LA ( Z ) �| = T LA ( Z ) x = e 2 However, there is a version of NO for non-convex theories Given a set constants C , an arrangement A over C is: A set of equalities and disequalites between constants in C For each x , y ∈ C either x = y ∈ A or x � = y ∈ A Introduction to SMT – p. 61

  63. Nelson-Oppen – The non-convex case (2) Non-deterministic Nelson-Oppen: [NO79, TH96, MZ02] Given two signature-disjoint, stably-infinite theories T 1 and T 2 Given a set of literals S over the signature of T 1 ∪ T 2 The ( T 1 ∪ T 2 ) -satisfiability of S can be checked via: 1. Purify S and split it into S 1 ∪ S 2 Let C be the set of shared constants 2. For every arrangement A over C do If ( S 1 ∪ A ) is T 1 -satisfiable and ( S 2 ∪ A ) is T 2 -satisfiable report SAT 3. Report UNSAT Introduction to SMT – p. 62

  64. Overview of the talk Motivation SMT Theories of Interest Eager approach Lazy approach Optimizations and DPLL( T ) Theory solvers: difference logic and case splitting Combining Theory Solvers Limitations and Other Approaches Introduction to SMT – p. 62

  65. Eager vs Lazy Approach REMEMBER.... Important and benefitial aspects of the lazy approach: (even with the optimizations) Everyone does what he/she is good at: SAT solver takes care of Boolean information Theory solver takes care of theory information Theory solver only receives conjunctions of literals Modular approach: SAT solver and T -solver communicate via a simple API SMT for a new theory only requires new T -solver SAT solver can be embedded in a lazy SMT system with very few new lines of code Introduction to SMT – p. 63

  66. Eager vs Lazy Approach (2) The Lazy Approach idea ( SAT Solver + Theory Reasoner ) can be applied to other extensions of SAT: Cardinality constraints (e.g. x 1 + x 2 + ... + x 7 ≤ 4 ) Pseudo-Boolean constraints (e.g. 7 x 1 + 4 x 2 + 3 x 3 + 5 x 4 ≤ 10 ) ... Also sophisticated encodings exist for these constraints (Eager Approach) Lazy approach seems to dominate, but can we claim that it is always the best option? Introduction to SMT – p. 64

  67. Eager vs Lazy Approach (3) Consider the problem with no SAT clauses and two constraints: x 1 + ... + x n ≤ n / 2 x 1 + ... + x n > n / 2 Let us see how a (very) Lazy Approach would behave: Problem is obviously unsatisfiable Inconsistency explanations are of the form: Introduction to SMT – p. 65

  68. Eager vs Lazy Approach (3) Consider the problem with no SAT clauses and two constraints: x 1 + ... + x n ≤ n / 2 x 1 + ... + x n > n / 2 Let us see how a (very) Lazy Approach would behave: Problem is obviously unsatisfiable Inconsistency explanations are of the form: ¬ x i 1 ∨ ... ∨¬ x i n / 2 + 1 x i 1 ∨ ... ∨ x i n / 2 Introduction to SMT – p. 65

  69. Eager vs Lazy Approach (3) Consider the problem with no SAT clauses and two constraints: x 1 + ... + x n ≤ n / 2 x 1 + ... + x n > n / 2 Let us see how a (very) Lazy Approach would behave: Problem is obviously unsatisfiable Inconsistency explanations are of the form: ¬ x i 1 ∨ ... ∨¬ x i n / 2 + 1 x i 1 ∨ ... ∨ x i n / 2 All ( n 2 + 1 ) + ( n n / 2 ) explanations are needed to produce an n unsatisfiable subset of clauses Introduction to SMT – p. 65

  70. Eager vs Lazy Approach (3) Consider the problem with no SAT clauses and two constraints: x 1 + ... + x n ≤ n / 2 x 1 + ... + x n > n / 2 Let us see how a (very) Lazy Approach would behave: Problem is obviously unsatisfiable Inconsistency explanations are of the form: ¬ x i 1 ∨ ... ∨¬ x i n / 2 + 1 x i 1 ∨ ... ∨ x i n / 2 All ( n 2 + 1 ) + ( n n / 2 ) explanations are needed to produce an n unsatisfiable subset of clauses Hence, runtime is exponential in n . Introduction to SMT – p. 65

  71. Eager vs Lazy approach (4) What has happened? Lazy approach = lazily encoding (parts of) the theory into SAT Sometimes, only parts of the theory need to be encoded But in this example the whole constraint is encoded into SAT... ...and the encoding used is a very naive one Best here is a good SAT encoding with auxiliary variables 1e+07 SAT Encoding SMT 1e+06 Number of conflicts 100000 10000 1000 100 16 18 20 22 24 26 Introduction to SMT – p. 66 Size (n)

  72. The diamonds example b b b b 3 0 1 2 a 0 a a a a 1 2 3 4 c c c c 2 3 0 1 n − 1 � ( ( a k < b k ∧ b k < a k + 1 ) ∨ ( a k < c k ∧ c k < a k + 1 ) ) a n < a o ∧ k = 0 With these literals, only exponential refutations exist. Introducing a 0 < a 1 , a 1 < a 2 , ... allows linear refutations. Introduction to SMT – p. 67

  73. Other approaches Previous examples show limitations of (DPLL( T )) There are more technical limitations out of the scope of this talk Research on model-based procedures tries to address these issues: Linear Real Arithmetic Generalizing DPLL to Richer Logics [MKS09] Conflict Resolution [KTV09] Natural Domain SMT [Cot10] Linear Integer Arithmetic Cutting to the Chase [JdM13] Non-Linear Real Arithmetic Solving Non-Linear Arithmetic [JM12] General Framework Model-Constructing Satisfiability Calculus [JM13] Satisfiability Modulo Theories and Assignments[BGS17] Introduction to SMT – p. 68

  74. References [ABC + 02] G. Audemard, P. Bertoli, A. Cimatti, A. Kornilowicz, and R. Sebastiani. A SAT-Based Approach for Solving Formulas over Boolean and Linear Mathematical Propositions. In A. Voronkov, editor, 18th International Conference on Automated Deduction, CADE’02 , volume 2392 of Lecture Notes in Conference Science , pages 195–210. Springer, 2002. [ACG00] A. Armando, C. Castellini, and E. Giunchiglia. SAT-Based Procedures for Temporal Reasoning. In S. Biundo and M. Fox, editors, 5th European Conference on Planning, ECP’99 , volume 1809 of Lecture Notes in Computer Science , pages 97–108. Springer, 2000. [AMP06] A. Armando, J. Mantovani, and L. Platania. Bounded Model Checking of Software Using SMT Solvers Instead of SAT Solvers. In A. Valmari, editor, 13th International SPIN Workshop, SPIN’06 , volume 3925 of Lecture Notes in Computer Science , pages 146–162. Springer, 2006. [BB09] R. Brummayer and A. Biere. Boolector: An Efficient SMT Solver for Bit-Vectors and Arrays. In S. Kowalewski and A. Philippou, editors, 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS’05 , volume 5505 of Lecture Notes in Computer Science , pages 174–177. Springer, 2009. Introduction to SMT – p. 68

  75. References [BBC + 05] M. Bozzano, R. Bruttomesso, A. Cimatti, T. A. Junttila, S. Ranise, P. van Rossum, and R. Sebastiani. Efficient Satisfiability Modulo Theories via Delayed Theory Combination. In K. Etessami and S. Rajamani, editors, 17th International Conference on Computer Aided Verification, CAV’05 , volume 3576 of Lecture Notes in Computer Science , pages 335–349. Springer, 2005. [BCF + 07] Roberto Bruttomesso, Alessandro Cimatti, Anders Franzén, Alberto Griggio, Ziyad Hanna, Alexander Nadel, Amit Palti, and Roberto Sebastiani. A Lazy and Layered SMT(BV) Solver for Hard Industrial Verification Problems. In W. Damm and H. Hermanns, editors, 19th International Conference on Computer Aided Verification, CAV’07 , volume 4590 of Lecture Notes in Computer Science , pages 547–560. Springer, 2007. [BD94] J. R. Burch and D. L. Dill. Automatic Verification of Pipelined Microprocessor Control. In D. L. Dill, editor, 6th International Conference on Computer Aided Verification, CAV’94 , volume 818 of Lecture Notes in Computer Science , pages 68–80. Springer, 1994. [BDS02a] C. Barrett, D. Dill, and A. Stump. Checking Satisfiability of First-Order Formulas by Incremental Translation into SAT. In E. Brinksma and K. G. Larsen, editors, 14th International Conference on Computer Aided Verification, CAV’02 , volume 2404 of Lecture Notes in Computer Science , pages 236–249. Springer, 2002. Introduction to SMT – p. 68

  76. References [BDS02b] C. Barrett, D. Dill, and A. Stump. Checking Satisfiability of First-Order Formulas by Incremental Translation into SAT. In E. Brinksma and K. G. Larsen, editors, 14th International Conference on Computer Aided Verification, CAV’02 , volume 2404 of Lecture Notes in Computer Science , pages 236–249. Springer, 2002. [BGS17] M. P. Bonacina, S. Graham-Lengrand and N. Shankar. Satisfiability Modulo Theories and Assignments In L. de Moura, 26th International Conference on Automated Deduction, CADE 2017 , volume 10395 of Lecture Notes in Computer Science , pages 42–59. Springer, 2017. [BGV01] R. E. Bryant, S. M. German, and M. N. Velev. Processor Verification Using Efficient Reductions of the Logic of Uninterpreted Functions to Propositional Logic. ACM Transactions on Computational Logic, TOCL , 2(1):93–134, 2001. [BLNM + 09] C. Borralleras, S. Lucas, R. Navarro-Marset, E. Rodríguez-Carbonell, and A. Rubio. Solving Non-linear Polynomial Arithmetic via SAT Modulo Linear Arithmetic. In R. A. Schmidt, editor, 22nd International Conference on Automated Deduction , CADE-22 , volume 5663 of Lecture Notes in Computer Science , pages 294–305. Springer, 2009. [BM90] R. S. Boyer and J. S. Moore. A Theorem Prover for a Computational Logic. In Mark E. Stickel, editor, 10th International Conference on Automated Deduction, CADE’90 , volume 449 of Lecture Notes in Computer Science , pages 1–15. Springer, 1990. Introduction to SMT – p. 68

  77. References [BNO + 08b] M. Bofill, R. Nieuwenhuis, A. Oliveras, E. Rodríguez-Carbonell, and A. Rubio. The barcelogic smt solver. In Computer-aided Verification (CAV) , volume 5123 of Lecture Notes in Computer Science , pages 294–298, 2008. [BV02] R. E. Bryant and M. N. Velev. Boolean Satisfiability with Transitivity Constraints. ACM Transactions on Computational Logic, TOCL , 3(4):604–627, 2002. [Cot10] S. Cotton. Natural Domain SMT: A Preliminary Assessment. In K. Chatterjee and T. A. Henzinger, Formal Modeling and Analysis of Timed Systems - FORMATS 2010 , volume 6246 of Lecture Notes in Computer Science , pages 77–91. Springer, 2010. [DdM06] B. Dutertre and L. de Moura. A Fast Linear-Arithmetic Solver for DPLL(T). In T. Ball and R. B. Jones, editors, 18th International Conference on Computer Aided Verification, CAV’06 , volume 4144 of Lecture Notes in Computer Science , pages 81–94. Springer, 2006. [dMB09] L. de Moura and N. Bjørner. Generalized, efficient array decision procedures. In 9th International Conference on Formal Methods in Computer-Aided Design, FMCAD 2009 , pages 45–52. IEEE, 2009. [dMR02] L. de Moura and H. Rueß. Lemmas on Demand for Satisfiability Solvers. In 5th International Conference on Theory and Applications of Satisfiability Testing, SAT’02 , pages 244–251, 2002. Introduction to SMT – p. 68

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION

INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION

TRAINING COURSE ON SOCIAL PROTECTION &amp; FORMALIZATION TRINIDAD AND TOBAGO MARCH 15, 2017 INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION Design of the NIS Assistance from the

547 views • 23 slides
INTRODUCTION Introduction 2/42 INTRODUCTION Alternations I am giving bread to the

INTRODUCTION Introduction 2/42 INTRODUCTION Alternations I am giving bread to the

Patterns of variation in the expression of case and agreement Andrs Brny Leiden University Centre for Linguistics 9 November 2019, BaSIS Workshop a.barany@hum.leidenuniv.nl INTRODUCTION Introduction 2/42 INTRODUCTION

1.37k views • 42 slides
Introduction Introduction Introduction Introduction Outline Motivation Failures

Introduction Introduction Introduction Introduction Outline Motivation Failures

Introduction Introduction Introduction Introduction Outline Motivation Failures Definition and concepts Process and product properties Principles SE Approaches Motivation Software and the economy The economies of

1.03k views • 49 slides
Introduction Introduction Introduction Nationwide Cause for Concern 1

Introduction Introduction Introduction Nationwide Cause for Concern 1

Introduction Introduction Introduction Nationwide Cause for Concern 1 https://www.cdc.gov/std/stats17/infographic.htm Introduction Epidemiology in Western Colorado CPHE Surveillance Data Report, May 2018 Chlamydia Epidemiology in Western

977 views • 39 slides
DAQ introduction Purpose of this talk : (1) Introduction for those who have not been in every

DAQ introduction Purpose of this talk : (1) Introduction for those who have not been in every

DAQ introduction Purpose of this talk : (1) Introduction for those who have not been in every meeting (2) Some ideas of diagrams for section 7.1 (Introduction) of TP. Giles Barr 25 Jan 2018, Pembroke College On DUNE, the reality is there is a

474 views • 10 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Overview Introduction to SMIL Introduction to W3C and XML Introduction to SMIL

Overview Introduction to SMIL Introduction to W3C and XML Introduction to SMIL

Overview Introduction to SMIL Introduction to W3C and XML Introduction to SMIL Writing a SMIL file Adding Media Objects Martin Halvey Clipping media files January 2008 Timing and Synchronising Layout World Wide

387 views • 14 slides
14 Introduction Introduction Bad guys can put malware into Example: hosts

14 Introduction Introduction Bad guys can put malware into Example: hosts

Introduction Introduction source Encapsulation ISO/OSI reference model message M application segment H t H t M transport network datagram H n H n H t M presentation: allow applications to frame link H l H n H t M interpret

583 views • 4 slides
Previous Lecture Introduction to SMIL 2 Introduction to W3C and XML Introduction to SMIL

Previous Lecture Introduction to SMIL 2 Introduction to W3C and XML Introduction to SMIL

Previous Lecture Introduction to SMIL 2 Introduction to W3C and XML Introduction to SMIL Writing a SMIL file Adding Media Objects Martin Halvey Clipping media files January 2008 Timing and Synchronising Layout

322 views • 8 slides
Lecture 1 Andreas Habegger Introduction Zynq Introduction Zynq Introduction Zynq PS vs. PL

Lecture 1 Andreas Habegger Introduction Zynq Introduction Zynq Introduction Zynq PS vs. PL

Introduction Zynq Lecture 1 Andreas Habegger Introduction Zynq Introduction Zynq Introduction Zynq PS vs. PL Processing System Processor Peripherals Data Buses AXI Bus Conclusion BTE5380 - Embedded Systems Octobre 2014 Andreas Habegger

1.81k views • 30 slides
2018.06 01 SMILE5 Introduction S E 5 02 Alpha Cloud M I L 03 Company Introduction 04

2018.06 01 SMILE5 Introduction S E 5 02 Alpha Cloud M I L 03 Company Introduction 04

2018.06 01 SMILE5 Introduction S E 5 02 Alpha Cloud M I L 03 Company Introduction 04 Project References S E 5 PART.1 SMILE5 Introduction M I L Introduction STORION-SMILE5 Residential Energy Storage System Inverter 5kW Output Input

1.06k views • 25 slides
Introduction to CICS Course introduction Course introduction What is CICS? What is an

Introduction to CICS Course introduction Course introduction What is CICS? What is an

Introduction to CICS Course introduction Course introduction What is CICS? What is an application server? Why use an application server? Course introduction Services provided by CICS How CICS applications are defined Scaling CICS to meet

1.84k views • 146 slides
Network Visualization Introduction Presented by Shahed Introduction Introduction Basic

Network Visualization Introduction Presented by Shahed Introduction Introduction Basic

Network Visualization Introduction Presented by Shahed Introduction Introduction Basic building blocks Node Links (relationship between nodes) Spatial information Network data

584 views • 9 slides
Introduction Introduction (1) Main argument of the paper: universities are not only

Introduction Introduction (1) Main argument of the paper: universities are not only

Le jugement des pairs comme outil de management des universits Peer-review as a management tool Christine Musselin (CSO, Sciences Po et CNRS) Avril 2013, Lirrsistible ascension du capitalisme acadmique Introduction Introduction (1)

590 views • 28 slides
Introduction Introduction to storage and to storage and filesystems filesystems Introduction

Introduction Introduction to storage and to storage and filesystems filesystems Introduction

Moreno Baricevic Gilberto Daz Axel Kohlmeyer Stefano Cozzini ULA ICTP CNR-IOM DEMOCRITOS Merida, VENEZUELA Trieste, ITALY Trieste, ITALY Introduction Introduction to storage and to storage and filesystems filesystems Introduction

1.19k views • 51 slides
JABLOTRON JA-100 introduction November 2011 Introduction Todays goals First introduction of

JABLOTRON JA-100 introduction November 2011 Introduction Todays goals First introduction of

JABLOTRON JA-100 introduction November 2011 Introduction Todays goals First introduction of the brand new JA-100 alarm system Visions Basic architecture System components Setting Help us with final validations You are the FIRST ones

1.69k views • 111 slides
Leonardo de Moura and Nikolaj Bjrner Microsoft Research Verification/Analysis tools need some

Leonardo de Moura and Nikolaj Bjrner Microsoft Research Verification/Analysis tools need some

Leonardo de Moura and Nikolaj Bjrner Microsoft Research Verification/Analysis tools need some form of Symbolic Reasoning Verification/Analysis tools need some form of Symbolic Reasoning Many Flavors: SAT Solvers SMT Solvers First-order

1.19k views • 55 slides
EuroPython 2020 c e d o Real Time Machine Learning with Python Alejandro Saucedo |

EuroPython 2020 c e d o Real Time Machine Learning with Python Alejandro Saucedo |

@ A x S a u EuroPython 2020 c e d o Real Time Machine Learning with Python Alejandro Saucedo | as@seldon.io Twitter: @AxSaucedo @ my name is Alejandro A Hello, x S a u c e d o Engineering Director Seldon Technologies

500 views • 32 slides
Modelling and Verification Timed Automata: A Formalism for Real-time Systems Labelled transition

Modelling and Verification Timed Automata: A Formalism for Real-time Systems Labelled transition

Timed Transition Systems Timed Automata Networks of Timed Automata Equivalence Checking Problems Regions and Region Graph Modelling and Verification Timed Automata: A Formalism for Real-time Systems Labelled transition systems with time

1.21k views • 62 slides
A Nivat Theorem for Weighted Timed Automata and Weighted Relative Distance Logic Manfred Droste

A Nivat Theorem for Weighted Timed Automata and Weighted Relative Distance Logic Manfred Droste

A Nivat Theorem for Weighted Timed Automata and Weighted Relative Distance Logic Manfred Droste and Vitaly Perevoshchikov Leipzig University ICALP, Track B 9 th of July 2014 Timed automata 1 Nondeterministic finite automata A with clocks a ,

947 views • 32 slides
Real-time Model Checking Timed Temporal Logics Nicolas M ARKEY Lav. Sp ecification

Real-time Model Checking Timed Temporal Logics Nicolas M ARKEY Lav. Sp ecification

Real-time Model Checking Timed Temporal Logics Nicolas M ARKEY Lav. Sp ecification &amp; V erification CNRS &amp; ENS Cachan France March 3, 2010 (Quantitative) Model checking system: property: Always ( safe )

1.28k views • 102 slides
INVARIANTS FOR FINITE INSTANCES AND BEYOND October, 21 st 2013 Sylvain Conchon, Amit Goel, Sava

INVARIANTS FOR FINITE INSTANCES AND BEYOND October, 21 st 2013 Sylvain Conchon, Amit Goel, Sava

INVARIANTS FOR FINITE INSTANCES AND BEYOND October, 21 st 2013 Sylvain Conchon, Amit Goel, Sava Kristi c, Alain Mebsout , Fatiha Za di LRI, Universit e Paris-Sud Strategic CAD Labs, Intel Corporation Challenge How to prove safety of

948 views • 76 slides
Testing Deep Neural Networks Xiaowei Huang, University of Liverpool Outline Safety Problem of AI

Testing Deep Neural Networks Xiaowei Huang, University of Liverpool Outline Safety Problem of AI

Testing Deep Neural Networks Xiaowei Huang, University of Liverpool Outline Safety Problem of AI Verification (brief) Testing Conclusions and Future Works Human-Level Intelligence Robotics and Autonomous Systems Deep neural networks all

1.5k views • 63 slides
CS137: Today Electronic Design Automation Specification/Implementation Abstraction

CS137: Today Electronic Design Automation Specification/Implementation Abstraction

CS137: Today Electronic Design Automation Specification/Implementation Abstraction Functions Correctness Condition Day 15: February 13, 2006 Verification Processor Verification Self-Consistency 1 2 CALTECH CS137

334 views • 7 slides

More recommend