[PPT] - Satisfiability Modulo Theories and Z3 Nikolaj Bjrner Microsoft PowerPoint Presentation

SLIDE 1

Satisfiability Modulo Theories and Z3

Nikolaj Bjørner Microsoft Research

ReRISE Winter School, Linz, Austria February 3, 2014

SLIDE 2

SAT Theory Solvers SMT

SMT : Basic Architecture

Equality + UF Arithmetic Bit-vectors …

Case Analysis

Nikolaj is Sober ∨ Nikolaj is Somber ∨ (Nikolaj is Drunk ∧ Nikolaj is Happy) Theory[Alcohol]: Sober ⊗ Drunk Theory[Moodswings]: Somber ⊗ Happy

SLIDE 3

Plan

Mon An invitation to SMT with Z3 Tue Equalities and Theory Combination Wed Theories: Arithmetic, Arrays, Data types Thu Quantifiers and Theories Fri Programming Z3: Interfacing and Solving

SLIDE 4

Part 1

I. Satisfiability Modulo Theories in a nutshell II. SMT solving in a nutshell

III. SMT by example

SLIDE 5

Takeaways:

Modern SMT solvers are a often good fit for

program analysis tools.

– Handle domains found in programs directly.

The selected examples are intended to show

instances where sub-tasks are reduced to SMT/Z3.

SLIDE 6

SLIDE 7

SLIDE 8

– Backed by Proof Plumbers

Leonardo de Moura, Nikolaj Bjørner, Christoph Wintersteiger Not all is hopeless

SLIDE 9

Background Reading: SMT

September 2011

SLIDE 10

Program Verification Auditing Type Safety Over- Approximation Under- Approximation Testing Analysis Synthesis

SAGE

HAVOC

SLAyer

BEK

Some Microsoft Tools based on

SLIDE 11

SLIDE 12

SMT IN A NUTSHELL

SLIDE 13

Is formula  satisfiable modulo theory T ?

SMT solvers have specialized algorithms for T

Satisfiability Modulo Theories (SMT)

SLIDE 14

Arithmetic Array Theory Uninterpreted Functions

𝑡𝑓𝑚𝑓𝑑𝑢(𝑡𝑢𝑝𝑠𝑓 𝑏, 𝑗, 𝑤 , 𝑗) = 𝑤 𝑗 ≠ 𝑘 ⇒ 𝑡𝑓𝑚𝑓𝑑𝑢(𝑡𝑢𝑝𝑠𝑓 𝑏, 𝑗, 𝑤 , 𝑘) = 𝑡𝑓𝑚𝑓𝑑𝑢(𝑏, 𝑘)

𝑦 + 2 = 𝑧 ⇒ 𝑔 𝑡𝑓𝑚𝑓𝑑𝑢 𝑡𝑢𝑝𝑠𝑓 𝑏, 𝑦, 3 , 𝑧 − 2 = 𝑔(𝑧 − 𝑦 + 1)

Satisfiability Modulo Theories (SMT)

SLIDE 15

SMT SOLVING IN A NUTSHELL

Job Shop Scheduling

SLIDE 16

Job Shop Scheduling

Machines Jobs P = NP? Laundry

𝜂 𝑡 = 0 ⇒ 𝑡 = 1 2 + 𝑗𝑠

Tasks

SLIDE 17

Constraints:

Precedence: between two tasks of the same

job

Resource: Machines execute at most one job

at a time

4 1 3 2 𝑡𝑢𝑏𝑠𝑢2,2. . 𝑓𝑜𝑒2,2 ∩ 𝑡𝑢𝑏𝑠𝑢4,2. . 𝑓𝑜𝑒4,2 = ∅

Job Shop Scheduling

SLIDE 18

Constraints: Encoding:

Precedence:

𝑢2,3 - start time of job 2 on mach 3 𝑒2,3 - duration of job 2 on mach 3 𝑢2,3 + 𝑒2,3 ≤ 𝑢2,4

Resource:

4 1 3 2 𝑡𝑢𝑏𝑠𝑢2,2. . 𝑓𝑜𝑒2,2 ∩ 𝑡𝑢𝑏𝑠𝑢4,2. . 𝑓𝑜𝑒4,2 = ∅

𝑢2,2 + 𝑒2,2 ≤ 𝑢4,2 ∨ 𝑢4,2 + d4,2 ≤ 𝑢2,2

Not convex

Job Shop Scheduling

SLIDE 19

Job Shop Scheduling

SLIDE 20

Job Shop Scheduling

case split case split Efficient solvers:

Floyd-Warshal algorithm
Ford-Fulkerson algorithm

𝑨 − 𝑨 = 5 – 2 – 3 – 2 = −2 < 0

SLIDE 21

THEORIES

SLIDE 22

Theories

Uninterpreted functions

SLIDE 23

Uninterpreted functions Arithmetic (linear)

Theories

SLIDE 24

Uninterpreted functions Arithmetic (linear) Bit-vectors

Theories

SLIDE 25

Uninterpreted functions Arithmetic (linear) Bit-vectors Algebraic data-types

Theories

SLIDE 26

Uninterpreted functions Arithmetic (linear) Bit-vectors Algebraic data-types Arrays

Theories

SLIDE 27

Uninterpreted functions Arithmetic (linear) Bit-vectors Algebraic data-types Arrays Polynomial Arithmetic

Theories

SLIDE 28

QUANTIFIERS

SLIDE 29

Equality-Matching

(∀𝑦 𝑔 𝑕 𝑑, 𝑦 = 𝑦) ∧ 𝑏 = 𝑕 𝑐, 𝑐 ∧ 𝑐 = 𝑑 ∧ 𝑔 𝑏 ≠ 𝑑 ∧ ∀𝑦 𝑔 𝑕 𝑑, 𝑦 = 𝑦 → 𝑔 𝑕 𝑑, 𝑐 = 𝑐

𝑕 𝑑, 𝑦 matches 𝑕 𝑐, 𝑐 with substitution 𝑦 ↦ 𝑐 modulo 𝑐 = 𝑑

[de Moura, B. CADE 2007]

𝑞(∀ …) ∧ 𝑏 = 𝑕 𝑐, 𝑐 ∧ 𝑐 = 𝑑 ∧ 𝑔 𝑏 ≠ 𝑑 ∧ 𝑞(∀𝑦 ...) → 𝑔 𝑕 𝑑, 𝑐 = 𝑐

SLIDE 30

Quantifier Elimination

[B. IJCAR 2010] Presburger Arithmetic, Algebraic Data-types, Quadratic polynomials SMT integration to prune branches

SLIDE 31

MBQI: Model based Quantifier Instantiation

[de Moura, Ge. CAV 2008] [Bonachnia, Lynch, de Moura CADE 2009] [de Moura, B. IJCAR 2010]

SLIDE 32

Horn Clauses

[Hoder, B. SAT 2012]

∀𝒀. 𝒀 > 𝟐𝟏𝟏  mc(𝒀, 𝒀 − 𝟐𝟏) ∀𝒀, 𝒁, 𝑺. 𝒀 ≤ 𝟐𝟏𝟏  mc(𝒀 + 𝟐𝟐, 𝒁)  mc(𝒁, 𝑺)  mc(𝒀, 𝑺) ∀𝒀, 𝑺. mc(𝒀, 𝑺) ∧ 𝒀 ≤ 𝟐𝟏𝟐 → 𝑺 = 𝟘𝟐

Solver finds solution for mc mc(x) = x-10 if x > 100 mc(x) = mc(mc(x+11)) if x  100 assert (mc(x)  91)

SLIDE 33

MODELS, PROOFS, CORES & SIMPLIFICATION

SLIDE 34

Logical Formula

Sat/Model

Models

SLIDE 35

Proofs

Logical Formula

Unsat/Proof

SLIDE 36

Simplification

Simplify

Logical Formula

SLIDE 37

Cores

Logical Formula

Unsat. Core

SLIDE 38

TACTICS, SOLVERS

SLIDE 39

Tactics

Composi

siti

tion

n of tacti

ctics: cs:

(then t s)
(par-then t s) applies t to the input goal and s to every subgoal produced by t in parallel.
(or-else t s)
(par-or t s) applies t and s in parallel until one of them succeed.
(repeat t)
(repeat t n)
(try-for t ms)
(using-params t params) Apply the given tactic using the given parameters.

SLIDE 40

Solvers

Tactics take goals and reduce to sub-goals
Solvers take tactics and serve as logical contexts.
push
add
check
model, core, proof
pop

SLIDE 41

APIS C

C++

python

OCaml

.NET Java

SLIDE 42

SMT SOLVING

SLIDE 43

SAT Theory Solvers SMT

SMT : Basic Architecture

Equality + UF Arithmetic Bit-vectors …

Case Analysis

SLIDE 44

SAT + Theory solvers

Basic Idea

x  0, y = x + 1, (y > 2  y < 1) p1, p2, (p3  p4) Abstract (aka “naming” atoms) p1  (x  0), p2  (y = x + 1), p3  (y > 2), p4  (y < 1)

SLIDE 45

SAT + Theory solvers

Basic Idea

x  0, y = x + 1, (y > 2  y < 1) p1, p2, (p3  p4) Abstract (aka “naming” atoms) p1  (x  0), p2  (y = x + 1), p3  (y > 2), p4  (y < 1) SAT Solver

SLIDE 46

SAT + Theory solvers

Basic Idea

x  0, y = x + 1, (y > 2  y < 1) p1, p2, (p3  p4) Abstract (aka “naming” atoms) p1  (x  0), p2  (y = x + 1), p3  (y > 2), p4  (y < 1) SAT Solver Assignment p1, p2, p3, p4

SLIDE 47

SAT + Theory solvers

Basic Idea

x  0, y = x + 1, (y > 2  y < 1) p1, p2, (p3  p4) Abstract (aka “naming” atoms) p1  (x  0), p2  (y = x + 1), p3  (y > 2), p4  (y < 1) SAT Solver Assignment p1, p2, p3, p4 x  0, y = x + 1,

(y > 2), y < 1

SLIDE 48

SAT + Theory solvers

Basic Idea

x  0, y = x + 1, (y > 2  y < 1) p1, p2, (p3  p4) Abstract (aka “naming” atoms) p1  (x  0), p2  (y = x + 1), p3  (y > 2), p4  (y < 1) SAT Solver Assignment p1, p2, p3, p4 x  0, y = x + 1,

(y > 2), y < 1

Theory Solver Unsatisfiable x  0, y = x + 1, y < 1

SLIDE 49

SAT + Theory solvers

Basic Idea

x  0, y = x + 1, (y > 2  y < 1) p1, p2, (p3  p4) Abstract (aka “naming” atoms) p1  (x  0), p2  (y = x + 1), p3  (y > 2), p4  (y < 1) SAT Solver Assignment p1, p2, p3, p4 x  0, y = x + 1,

(y > 2), y < 1

Theory Solver Unsatisfiable x  0, y = x + 1, y < 1 New Lemma

p1p2p4

SLIDE 50

SAT + Theory solvers

Theory Solver Unsatisfiable x  0, y = x + 1, y < 1 New Lemma

p1p2p4

AKA Theory conflict

SLIDE 51

SAT/SMT SOLVING USING DPLL(T)/CDCL

SLIDE 52

Proofs

Conflict Clauses

Models

literal assignments

Backjump Propagate

Mile High: Modern SAT/SMT search

SLIDE 53

Core Engine in Z3: Modern DPLL/CDCL

Initialize 𝜗| 𝐺 𝐺 𝑗𝑡 𝑏 𝑡𝑓𝑢 𝑝𝑔 𝑑𝑚𝑏𝑣𝑡𝑓𝑡 Decide 𝑁 𝐺 ⟹ 𝑁, ℓ 𝐺 ℓ 𝑗𝑡 𝑣𝑜𝑏𝑡𝑡𝑗𝑕𝑜𝑓𝑒 Propagate 𝑁 𝐺, 𝐷 ∨ ℓ ⟹ 𝑁, ℓ𝐷∨ℓ 𝐺, 𝐷 ∨ ℓ 𝐷 𝑗𝑡 𝑔𝑏𝑚𝑡𝑓 𝑣𝑜𝑒𝑓𝑠 𝑁 Sat 𝑁 |𝐺 ⟹ 𝑁 𝐺 𝑢𝑠𝑣𝑓 𝑣𝑜𝑒𝑓𝑠 𝑁 Conflict 𝑁 𝐺, 𝐷 ⟹ 𝑁 𝐺, 𝐷 | 𝐷 𝐷 𝑗𝑡 𝑔𝑏𝑚𝑡𝑓 𝑣𝑜𝑒𝑓𝑠 𝑁 Learn 𝑁 𝐺 | 𝐷 ⟹ 𝑁 𝐺, 𝐷 | 𝐷 Unsat 𝑁 𝐺 ∅ ⟹ 𝑉𝑜𝑡𝑏𝑢 Backjump 𝑁𝑁′ 𝐺 | 𝐷 ∨ ℓ ⟹ 𝑁ℓ𝐷∨ℓ 𝐺 𝐷 ⊆ 𝑁, ¬ℓ ∈ 𝑁′ Resolve 𝑁 𝐺 | 𝐷′ ∨ ¬ℓ ⟹ 𝑁 𝐺 | 𝐷′ ∨ 𝐷 ℓ𝐷∨ℓ ∈ 𝑁 Forget 𝑁 𝐺, 𝐷 ⟹ 𝑁 𝐺 𝐷 is a learned clause Restart 𝑁 𝐺 ⟹ 𝜗 𝐺 [Nieuwenhuis, Oliveras, Tinelli J.ACM 06] customized

SLIDE 54

DPLL(T) solver interaction

SLIDE 55