z3 a tutorial
play

Z3 - a Tutorial Leonardo de Moura Nikolaj Bjrner Microsoft - PDF document

Jun 14, 2023 •381 likes •1k views

Z3 - a Tutorial Leonardo de Moura Nikolaj Bjrner Microsoft Research Microsoft Research leonardo@microsoft.com nbjorner@microsoft.com Abstract This tutorial introduces the use of the state-of-the-art Satisfiability Modulo Theories Solver

  1. Z3 - a Tutorial Leonardo de Moura Nikolaj Bjørner Microsoft Research Microsoft Research leonardo@microsoft.com nbjorner@microsoft.com Abstract This tutorial introduces the use of the state-of-the-art Satisfiability Modulo Theories Solver Z3. It integrates a host of theory solvers in an expressive and efficient combination. We here introduce the supported theories and their solvers using a collection of examples. Z3 is freely available from Microsoft Research. 1

  2. Z3 - a Tutorial de Moura and Bjørner 2

  3. Z3 - a Tutorial de Moura and Bjørner Contents 1 Introduction 6 2 What is logic? 7 3 What is SMT? 10 4 What is Z3? 11 4.1 Obtaining Z3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 4.2 Installing Z3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 4.3 What is Z3 not? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 5 Satisfiability Modulo Theories - An Appetizer 13 5.1 A Scheduling Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 5.2 A Solver for Difference Arithmetic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 5.3 Scheduling in SMT-LIB v1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 5.4 Scheduling in SMT-LIB v2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 5.5 Scheduling using the C API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 5.6 Scheduling in C# . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 5.7 Scheduling using F# quotations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 5.8 Scheduling in other formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 6 Configuring Z3 20 6.1 Auto Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 6.2 Displaying Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 6.3 Updating Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 7 Propositional Solving 21 7.1 A Propositional Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 8 Relations, Functions and Constants 23 8.1 All functions are total . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 8.2 Uninterpreted functions and constants . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 8.3 Recursive functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 9 Arithmetic 25 9.1 Real linear arithmetic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 9.2 Integer linear arithmetic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 9.3 Mixed linear arithmetic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 9.4 Non-linear arithmetic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 9.5 Quantifier Elimination for Linear Arithmetic . . . . . . . . . . . . . . . . . . . . . . . . 26 10 Data-types 27 10.1 Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 10.2 Scalars (enumeration types) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 10.3 Recursive data-types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 10.4 Mutually recursive data-types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 10.5 You will not get Z3 to prove Inductive facts . . . . . . . . . . . . . . . . . . . . . . . . 29 3

  4. Z3 - a Tutorial de Moura and Bjørner 11 Bit-vectors 30 11.1 Basic Bit-vector Arithmetic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 11.2 Bit-wise Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 11.3 Predicates over Bit-vectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 11.3.1 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 11.3.2 Overflow Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 11.3.3 Bit-wise operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 11.4 Conversions between Bit-vectors and Integers . . . . . . . . . . . . . . . . . . . . . . . 32 12 Arrays 33 12.1 Select and Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 12.2 Constant Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 12.3 Array models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 12.4 Mapping Functions on Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 12.5 Default array values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 12.6 Bags as Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 12.7 Summary of Array operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 13 Quantifiers 38 13.1 Modeling with Quantifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 13.2 Patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 13.2.1 An operational context of pattern-based instantiation . . . . . . . . . . . . . . . 40 13.2.2 Pattern and multi-pattern annotations . . . . . . . . . . . . . . . . . . . . . . . 40 13.2.3 Injective functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 13.2.4 No-patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 13.2.5 Programming with Triggers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 13.3 The Axiom Profiler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 13.4 Saturation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 13.5 Model-based Quantifier Instantiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 13.6 The Array Property Fragment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 14 Simplification 45 14.1 Invoking the Simplifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 14.2 Configuring Simplification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 14.2.1 ELIM QUANTIFIERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 14.2.2 CONTEXT SIMPLIFIER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 14.2.3 STRONG CONTEXT SIMPLIFIER . . . . . . . . . . . . . . . . . . . . . . . . . . 45 15 Implied Equalities 47 16 Unsatisfiable Cores 48 17 Parallel Z3 49 17.1 Portfolio Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 18 Proofs 50 19 External Theory Solvers 51 4

  5. Z3 - a Tutorial de Moura and Bjørner 20 Some Applications 55 20.1 Dynamic Symbolic Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 20.2 Program Model Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 20.3 Static Program Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 20.4 Program Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 20.5 Modeling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 20.6 Qex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 20.7 VS3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 20.8 Program Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 5

  6. Z3 - a Tutorial de Moura and Bjørner 1 Introduction Logic is the “Calculus of Computer Science”. Zohar Manna Modern software analysis and model-based tools are increasingly complex and multi-faceted soft- ware systems. However, at their core is invariably a component using logical formulas for describing states and transformations between system states. In a nutshell, symbolic logic is the calculus of compu- tation. The state-of-the art Satisfiability Modulo Theories (SMT) solver, Z3, from Microsoft Research, can be used to check the satisfiability of logical formulas over one or more theories. SMT solvers of- fer a compelling match for software tools, since several common software constructs map directly into supported theories. This tutorial introduces the use of the state-of-the-art Satisfiability Modulo Theories Solver Z3 from Microsoft Research. The main objective of the tutorial is to introduce the reader on how to use Z3 effectively for logical modeling and solving. The tutorial provides some general background on logical modeling, but we have to defer a full introduction to first-order logic and decision procedures to excellent text-books [18, 4, 23]. Z3 is a low level tool. It is best used as a component in the context of other tools that require solving logical formulas. Consequently, Z3 exposes a number of API facilities to make it convenient for tools to map into Z3, but there are no stand-alone editors or user-centric facilities for interacting with Z3. The language syntax used in the front ends favor simplicity in contrast to linguistic convenience. 6

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A GAMS TUTORIAL A GAMS TUTORIAL A GAMS TUTORIAL WHAT IS GAMS ? General Algebraic Modeling

A GAMS TUTORIAL A GAMS TUTORIAL A GAMS TUTORIAL WHAT IS GAMS ? General Algebraic Modeling

A GAMS TUTORIAL A GAMS TUTORIAL A GAMS TUTORIAL WHAT IS GAMS ? General Algebraic Modeling System Modeling linear, nonlinear and mixed integer optimization problems Useful with large, complex problems A GAMS TUTORIAL A GAMS TUTORIAL

274 views • 24 slides
This tutorial is part of an upcoming publication on knifemaking. Please visit

This tutorial is part of an upcoming publication on knifemaking. Please visit

This tutorial teaches you how to make a narrow tang knife. ABS Matersmith, Kevin Harvey, created both the knife and the tutorial to promote the 2019 Non -guild Members Competition of the Knifemakers Guild of Southern Africa. This tutorial

2.01k views • 151 slides
Comp 1402 Winter 2008 Tutorial #1 Tutorial 1 The objectives of this tutorial will be:

Comp 1402 Winter 2008 Tutorial #1 Tutorial 1 The objectives of this tutorial will be:

Comp 1402 Winter 2008 Tutorial #1 Tutorial 1 The objectives of this tutorial will be: Create and access your Linux account. Become familiar with the Linux terminal. Become familiar with the vi text editor. Compile a

264 views • 8 slides
Excel Tutorial 1 Getting Started with Excel Tutorial 2 Formatting a Workbook Tutorial 3

Excel Tutorial 1 Getting Started with Excel Tutorial 2 Formatting a Workbook Tutorial 3

Excel Tutorial 1 Getting Started with Excel Tutorial 2 Formatting a Workbook Tutorial 3 Working with Formulas and Functions COMPREHENSIVE Excel Tutorial 1 Getting Started with Excel COMPREHENSIVE Objectives XP XP Understand

1.18k views • 81 slides
UPPAAL Tutorial UPPAAL Tutorial UPPAAL Tutorial Introduction Introduction Alexandre David

UPPAAL Tutorial UPPAAL Tutorial UPPAAL Tutorial Introduction Introduction Alexandre David

UPPAAL Tutorial UPPAAL Tutorial UPPAAL Tutorial Introduction Introduction Alexandre David Paul Pettersson RTSS05 Collaborators @UPPsala @AALborg Wang Yi Kim G Larsen Paul Pettersson Gerd Behrman John Hkansson

926 views • 36 slides
Tutorial 1: Overview of CS 136 1 CS 136 Spring 2020 Tutorial 1 Course Personnel

Tutorial 1: Overview of CS 136 1 CS 136 Spring 2020 Tutorial 1 Course Personnel

Tutorial 1: Overview of CS 136 1 CS 136 Spring 2020 Tutorial 1 Course Personnel Instructors: Adrian Reetz, John Akinyemi Course Coordinator: Scott King (Full-Time) Instructional Support Assistants (ISA)s: Jack Bai, Jiayi Wang

284 views • 26 slides
Do Fifty- Two Motivation Overview of the Language

Do Fifty- Two Motivation Overview of the Language

Do Fifty- Two Motivation Overview of the Language Tutorial Tutorial Tutorial Tutorial Tutorial Tutorial //A Sample Program configure numberOfPlayers: 2 configure

568 views • 34 slides
PROGRAMMING TUTORIAL Thierry Lepley, April 4 th 2016 TUTORIAL GOAL Intermediate Tutorial for

PROGRAMMING TUTORIAL Thierry Lepley, April 4 th 2016 TUTORIAL GOAL Intermediate Tutorial for

April 4-7, 2016 | Silicon Valley PROGRAMMING TUTORIAL Thierry Lepley, April 4 th 2016 TUTORIAL GOAL Intermediate Tutorial for Developers Understand philosophy of the API Understand main features of the API Start developing with VisionWorks

1.52k views • 92 slides
Tutorial Files for this tutorial can be downloaded from:

Tutorial Files for this tutorial can be downloaded from:

Cadence First Encounter Tutorial Files for this tutorial can be downloaded from: www.cs.wright.edu/~emmert/tutorials/enc_files.tar.gz Dr. J M Emmert Configuration File This file contains information used to setup your

560 views • 18 slides
UCL Tutorial on: Deep Belief Nets (An updated and extended version of my 2007 NIPS tutorial)

UCL Tutorial on: Deep Belief Nets (An updated and extended version of my 2007 NIPS tutorial)

UCL Tutorial on: Deep Belief Nets (An updated and extended version of my 2007 NIPS tutorial) Geoffrey Hinton Canadian Institute for Advanced Research & Department of Computer Science University of Toronto Schedule for the Tutorial

1.66k views • 126 slides
Tutorial: TF-Ranking for sparse features Tutorial: TF-Ranking for sparse features This tutorial

Tutorial: TF-Ranking for sparse features Tutorial: TF-Ranking for sparse features This tutorial

Tutorial: TF-Ranking for sparse features Tutorial: TF-Ranking for sparse features This tutorial is an end-to-end walkthrough of training a TensorFlow Ranking (TF-Ranking) neural network model which incorporates sparse textual features.

257 views • 24 slides
Coin Branch and Cut A tutorial J ohn Forrest J uly 18 2006 Outline of Cbc tutorial

Coin Branch and Cut A tutorial J ohn Forrest J uly 18 2006 Outline of Cbc tutorial

Coin Branch and Cut A tutorial J ohn Forrest J uly 18 2006 Outline of Cbc tutorial Background Some concepts Stand- alone solver and AMPL interface Example C+ + code Less structured part: Q & A More examples Future -

892 views • 35 slides
Coin LP A tutorial J ohn Forrest J uly 17 2006 Outline of Clp tutorial Background Some

Coin LP A tutorial J ohn Forrest J uly 17 2006 Outline of Clp tutorial Background Some

Coin LP A tutorial J ohn Forrest J uly 17 2006 Outline of Clp tutorial Background Some concepts Example C+ + code Stand- alone solver Less structured part: Q & A More examples Future - What can I do for you? What

467 views • 33 slides
Tutorial Description Tutorial Description Introduction to XML With your HTML knowledge, you have

Tutorial Description Tutorial Description Introduction to XML With your HTML knowledge, you have

Tutorial Description Tutorial Description Introduction to XML With your HTML knowledge, you have a solid foundation for working with markup languages. However, unlike HTML, XML is more flexible, Bebo White allowing for custom tag creation.

1.27k views • 92 slides
TUTORIAL Recording a Presentation to Zoom Cloud In this tutorial, you are going to learn how to

TUTORIAL Recording a Presentation to Zoom Cloud In this tutorial, you are going to learn how to

Department of Information Technology TUTORIAL Recording a Presentation to Zoom Cloud In this tutorial, you are going to learn how to record a lecture presentation with live auto-captioning without having students on your session if so desired.

387 views • 6 slides
Tutorial Tutorial A2 is out, its called Inpainting Tutorial Tutorial A2 is out, its called

Tutorial Tutorial A2 is out, its called Inpainting Tutorial Tutorial A2 is out, its called

Tutorial Tutorial A2 is out, its called Inpainting Tutorial Tutorial A2 is out, its called Inpainting Tutorial Tutorial A2 is out, its called Inpainting How do you think this can be done? Due to popular demand, theres no new GUI to

400 views • 25 slides
On Securely Manipulating XML Data Houari Mahfoud and Abdessamad Imine Houari Mahfoud and

On Securely Manipulating XML Data Houari Mahfoud and Abdessamad Imine Houari Mahfoud and

On Securely Manipulating XML Data Houari Mahfoud and Abdessamad Imine Houari Mahfoud and Abdessamad Imine CASSIS Team CASSIS Team INRIA-LORIA Grand-Est, Nancy, France INRIA-LORIA Grand-Est, Nancy, France 5TH INTERNATIONAL SYMPOSIUM ON

905 views • 30 slides
Verification techniques for cryptographic protocols eronique Cortier 1 V RTA08 1 LORIA, CNRS

Verification techniques for cryptographic protocols eronique Cortier 1 V RTA08 1 LORIA, CNRS

Introduction Formal models Adding equational theories Towards more guarantees Verification techniques for cryptographic protocols eronique Cortier 1 V RTA08 1 LORIA, CNRS - INRIA Cassis project, Nancy Universities 1/45 V eronique

785 views • 76 slides
Resource Guarantees and PCC 50 ways* to say it with a proof Ian Stark Laboratory for Foundations

Resource Guarantees and PCC 50 ways* to say it with a proof Ian Stark Laboratory for Foundations

Resource Guarantees and PCC 50 ways* to say it with a proof Ian Stark Laboratory for Foundations of Computer Science School of Informatics The University of Edinburgh Proof Carrying Code workshop Friday 11 August 2006

469 views • 36 slides
Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008 Timothe Martiel Research Topics in Software Engineering 1 / 19 Outline 1 From Separation Logic to Inheritance 2 Beyond Separation Logic 3 What About

553 views • 24 slides
Models and proofs for security protocols eronique Cortier 1 V 1 LORIA, CNRS - INRIA Cassis

Models and proofs for security protocols eronique Cortier 1 V 1 LORIA, CNRS - INRIA Cassis

Terms Intruder Decidability Models and proofs for security protocols eronique Cortier 1 V 1 LORIA, CNRS - INRIA Cassis project, Universit e de Lorraine 1/13 Terms Intruder Decidability Messages Messages are abstracted by terms. Agents

295 views • 27 slides
YAPA: A generic tool for computing intruder knowledge Mathieu Baudet 1 eronique Cortier 2 and St

YAPA: A generic tool for computing intruder knowledge Mathieu Baudet 1 eronique Cortier 2 and St

YAPA: A generic tool for computing intruder knowledge Mathieu Baudet 1 eronique Cortier 2 and St ephanie Delaune 3 Joint work with V 1 DCSSI, France 2 LORIA, CNRS & INRIA project Cassis, France 3 LSV, ENS Cachan & CNRS & INRIA,

763 views • 41 slides
Hardest-to-Round Cases Part 2 Vincent LEFVRE AriC, INRIA Grenoble Rhne-Alpes / LIP,

Hardest-to-Round Cases Part 2 Vincent LEFVRE AriC, INRIA Grenoble Rhne-Alpes / LIP,

Hardest-to-Round Cases Part 2 Vincent LEFVRE AriC, INRIA Grenoble Rhne-Alpes / LIP, ENS-Lyon Journes TaMaDi, Lyon, 2013-10-08 [tamadi2013.tex 64039 2013-10-08 01:41:24Z vinc17/xvii] Outline Hardest-to-Round Cases in binary64

572 views • 30 slides
Security Analysis of Electronic Exams Rosario Giustolisi 4 , Ali Kassem 1 , Gabriele Lenzini 4 ,

Security Analysis of Electronic Exams Rosario Giustolisi 4 , Ali Kassem 1 , Gabriele Lenzini 4 ,

Security Analysis of Electronic Exams Rosario Giustolisi 4 , Ali Kassem 1 , Gabriele Lenzini 4 , Peter Y. A. Ryan 4 , Jannik Dreier 3 , Ylis Falcone 2 and Pascal Lafourcade 5 1 Univ. Grenoble Alpes, VERIMAG, Grenoble, France 2 Univ. Grenoble

1.16k views • 111 slides

More recommend