Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T.

Published byJustin Glenn Modified over 8 years ago

Similar presentations

Presentation on theme: "Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T."— Presentation transcript:

1 Leonardo de Moura Microsoft Research

2 Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T

3 b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1)

4 ArithmeticArithmetic

5 ArithmeticArithmetic Array Theory b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1)

6 ArithmeticArithmetic Array Theory Uninterpreted Functions b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1)

7 Substituting c by b+2

8 b + 2 = c and f(read(write(a,b,3), b+2-2)) ≠ f(b+2-b+1) Simplifying

9 b + 2 = c and f(read(write(a,b,3), b)) ≠ f(3)

10 Applying array theory axiom forall a,i,v: read(write(a,i,v), i) = v

11 b + 2 = c and f(3) ≠ f(3) Inconsistent

12 Repository of Benchmarks http://www.smtlib.org Benchmarks are divided in “logics”: QF_UF: unquantified formulas built over a signature of uninterpreted sort, function and predicate symbols. QF_UFLIA: unquantified linear integer arithmetic with uninterpreted sort, function, and predicate symbols. AUFLIA: closed linear formulas over the theory of integer arrays with free sort, function and predicate symbols.

13 For most SMT solvers: F is a set of ground formulas Many Applications Bounded Model Checking Test-Case Generation

14 An SMT Solver is a collection of Little Engines of Proof

15 An SMT Solver is a collection of Little Engines of Proof Examples: SAT Solver Equality solver Examples: SAT Solver Equality solver

16 a = b, b = c, d = e, b = s, d = t, a  e, a  s a a b b c c d d e e s s t t

17 a a b b c c d d e e s s t t

18 c c d d e e s s t t a,ba,b a,ba,b

19 c c d d e e s s t t a,b

20 a = b, b = c, d = e, b = s, d = t, a  e, a  s d d e e s s t t a,b,c

21 a = b, b = c, d = e, b = s, d = t, a  e, a  s d d e e s s t t a,b,c

22 d,ed,e d,ed,e a = b, b = c, d = e, b = s, d = t, a  e, a  s s s t t a,b,c

23 a = b, b = c, d = e, b = s, d = t, a  e, a  s s s t t a,b,c d,e

24 a,b,c,s a = b, b = c, d = e, b = s, d = t, a  e, a  s t t d,e

25 a = b, b = c, d = e, b = s, d = t, a  e, a  s t t d,e a,b,c,s

26 a = b, b = c, d = e, b = s, d = t, a  e, a  s a,b,c,s d,e,t

27 a = b, b = c, d = e, b = s, d = t, a  e, a  s a,b,c,s d,e,t

28 a = b, b = c, d = e, b = s, d = t, a  e, a  s a,b,c,s d,e,t Unsatisfiable

29 a = b, b = c, d = e, b = s, d = t, a  e a,b,c,s d,e,t Model construction

30 a = b, b = c, d = e, b = s, d = t, a  e a,b,c,s d,e,t Model construction |M| = {  1,  2 } (universe, aka domain) 11 22

31 a = b, b = c, d = e, b = s, d = t, a  e a,b,c,s d,e,t Model construction |M| = {  1,  2 } (universe, aka domain) M(a) =  1 (assignment) 11 22

32 a = b, b = c, d = e, b = s, d = t, a  e a,b,c,s d,e,t Model construction |M| = {  1,  2 } (universe, aka domain) M(a) =  1 (assignment) 11 22 Alternative notation: a M =  1 Alternative notation: a M =  1

33 a = b, b = c, d = e, b = s, d = t, a  e a,b,c,s d,e,t Model construction |M| = {  1,  2 } (universe, aka domain) M(a) = M(b) = M(c) = M(s) =  1 M(d) = M(e) = M(t) =  2 11 22

34 a = b, b = c, d = e, b = s, d = t, a  e a,b,c,s d,e,t Model construction |M| = {  1,  2 } (universe, aka domain) M(a) = M(b) = M(c) = M(s) =  1 M(d) = M(e) = M(t) =  2 11 22

35 Termination: easy Soundness Invariant: all constants in a “ball” are known to be equal. The “ball” merge operation is justified by: Transitivity and Symmetry rules. Completeness We can build a model if an inconsistency was not detected. Proof template (by contradiction): Build a candidate model. Assume a literal was not satisfied. Find contradiction.

36 Completeness We can build a model if an inconsistency was not detected. Instantiating the template for our procedure: Assume some literal c = d is not satisfied by our model. That is, M(c) ≠ M(d). This is impossible, c and d must be in the same “ball”. c,d,… ii M(c) = M(d) =  i

37 Completeness We can build a model if an inconsistency was not detected. Instantiating the template for our procedure: Assume some literal c ≠ d is not satisfied by our model. That is, M(c) = M(d). Key property: we only check the disequalities after we processed all equalities. This is impossible, c and d must be in the different “balls” c,… M(c) =  i M(d) =  j ii d,… jj

38 a = b, b = c, d = e, b = s, d = t, f(a, g(d))  f(b, g(e)) Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n )

39 a = b, b = c, d = e, b = s, d = t, f(a, g(d))  f(b, g(e)) First Step: “Naming” subterms Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n )

40 a = b, b = c, d = e, b = s, d = t, f(a, v 1 )  f(b, g(e)) v 1  g(d) First Step: “Naming” subterms Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n )

41 a = b, b = c, d = e, b = s, d = t, f(a, v 1 )  f(b, g(e)) v 1  g(d) First Step: “Naming” subterms Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n )

42 a = b, b = c, d = e, b = s, d = t, f(a, v 1 )  f(b, v 2 ) v 1  g(d), v 2  g(e) First Step: “Naming” subterms Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n )

43 a = b, b = c, d = e, b = s, d = t, f(a, v 1 )  f(b, v 2 ) v 1  g(d), v 2  g(e) First Step: “Naming” subterms Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n )

44 a = b, b = c, d = e, b = s, d = t, v 3  f(b, v 2 ) v 1  g(d), v 2  g(e), v 3  f(a, v 1 ) First Step: “Naming” subterms Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n )

45 a = b, b = c, d = e, b = s, d = t, v 3  f(b, v 2 ) v 1  g(d), v 2  g(e), v 3  f(a, v 1 ) First Step: “Naming” subterms Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n )

46 a = b, b = c, d = e, b = s, d = t, v 3  v 4 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) First Step: “Naming” subterms Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n )

47 a = b, b = c, d = e, b = s, d = t, v 3  v 4 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n ) a,b,c,s d,e,t v1v1 v1v1 v2v2 v2v2 v3v3 v3v3 v4v4 v4v4

48 a = b, b = c, d = e, b = s, d = t, v 3  v 4 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n ) d = e implies g(d) = g(e) a,b,c,s d,e,t v1v1 v1v1 v2v2 v2v2 v3v3 v3v3 v4v4 v4v4

49 a = b, b = c, d = e, b = s, d = t, v 3  v 4 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n ) d = e implies v 1 = v 2 a,b,c,s d,e,t v1v1 v1v1 v2v2 v2v2 v3v3 v3v3 v4v4 v4v4

50 a = b, b = c, d = e, b = s, d = t, v 3  v 4 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n ) d = e implies v 1 = v 2 a,b,c,s d,e,t v1,v2v1,v2 v1,v2v1,v2 v3v3 v3v3 v4v4 v4v4 We say: v 1 and v 2 are congruent. We say: v 1 and v 2 are congruent.

51 a = b, b = c, d = e, b = s, d = t, v 3  v 4 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n ) a = b, v 1 = v 2 implies f(a, v 1 ) = f(b, v 2 ) a,b,c,s d,e,t v1,v2v1,v2 v1,v2v1,v2 v3v3 v3v3 v4v4 v4v4

52 a = b, b = c, d = e, b = s, d = t, v 3  v 4 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n ) a = b, v 1 = v 2 implies v 3 = v 4 a,b,c,s d,e,t v1,v2v1,v2 v1,v2v1,v2 v3v3 v3v3 v4v4 v4v4

53 a = b, b = c, d = e, b = s, d = t, v 3  v 4 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n ) a = b, v 1 = v 2 implies v 3 = v 4 a,b,c,s d,e,t v1,v2v1,v2 v1,v2v1,v2 v3,v4v3,v4 v3,v4v3,v4

54 a = b, b = c, d = e, b = s, d = t, v 3  v 4 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n ) a,b,c,s d,e,t v 1,v 2 v3,v4v3,v4 v3,v4v3,v4 Unsatisfiable

55 a = b, b = c, d = e, b = s, d = t, a  v 4, v 2  v 3 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n ) a,b,c,s d,e,t v 1,v 2 v 3, v 4 Changing the problem

56 a = b, b = c, d = e, b = s, d = t, a  v 4, v 2  v 3 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n ) a,b,c,s d,e,t v 1,v 2 v 3, v 4

57 a = b, b = c, d = e, b = s, d = t, a  v 4, v 2  v 3 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Congruence Rule: x 1 = y 1, …, x n = y n implies f(x 1, …, x n ) = f(y 1, …, y n ) a,b,c,s d,e,t v1,v2v1,v2 v1,v2v1,v2 v3,v4v3,v4 v3,v4v3,v4

58 a = b, b = c, d = e, b = s, d = t, a  v 4, v 2  v 3 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Model construction: |M| = {  1,  2,  3,  4 } M(a) = M(b) = M(c) = M(s) =  1 M(d) = M(e) = M(t) =  2 M(v 1 ) = M(v 2 ) =  3 M(v 3 ) = M(v 4 ) =  4 a,b,c,s d,e,t v 1,v 2 v 3, v 4 11 22 33 44

59 a = b, b = c, d = e, b = s, d = t, a  v 4, v 2  v 3 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Model construction: |M| = {  1,  2,  3,  4 } M(a) = M(b) = M(c) = M(s) =  1 M(d) = M(e) = M(t) =  2 M(v 1 ) = M(v 2 ) =  3 M(v 3 ) = M(v 4 ) =  4 a,b,c,s d,e,t v 1,v 2 v 3, v 4 11 22 33 44 Missing: Interpretation for f and g. Missing: Interpretation for f and g.

60 Building the interpretation for function symbols M(g) is a mapping from |M| to |M| Defined as: M(g)(  i ) =  j if there is v  g(a) s.t. M(a) =  i M(v) =  j =  k, otherwise (  k is an arbitrary element) Is M(g) well-defined?

61 Building the interpretation for function symbols M(g) is a mapping from |M| to |M| Defined as: M(g)(  i ) =  j if there is v  g(a) s.t. M(a) =  i M(v) =  j =  k, otherwise (  k is an arbitrary element) Is M(g) well-defined? Problem: we may have v  g(a) and w  g(b) s.t. M(a) = M(b) =  1 and M(v) =  2 ≠  3 = M(w) So, is M(g)(  1 ) =  2 or M(g)(  1 ) =  3 ?

62 Building the interpretation for function symbols M(g) is a mapping from |M| to |M| Defined as: M(g)(  i ) =  j if there is v  g(a) s.t. M(a) =  i M(v) =  j =  k, otherwise (  k is an arbitrary element) Is M(g) well-defined? Problem: we may have v  g(a) and w  g(b) s.t. M(a) = M(b) =  1 and M(v) =  2 ≠  3 = M(w) So, is M(g)(  1 ) =  2 or M(g)(  1 ) =  3 ? This is impossible because of the congruence rule! a and b are in the same “ball”, then so are v and w This is impossible because of the congruence rule! a and b are in the same “ball”, then so are v and w

63 a = b, b = c, d = e, b = s, d = t, a  v 4, v 2  v 3 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Model construction: |M| = {  1,  2,  3,  4 } M(a) = M(b) = M(c) = M(s) =  1 M(d) = M(e) = M(t) =  2 M(v 1 ) = M(v 2 ) =  3 M(v 3 ) = M(v 4 ) =  4 a,b,c,s d,e,t v 1,v 2 v 3, v 4 11 22 33 44

64 a = b, b = c, d = e, b = s, d = t, a  v 4, v 2  v 3 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Model construction: |M| = {  1,  2,  3,  4 } M(a) = M(b) = M(c) = M(s) =  1 M(d) = M(e) = M(t) =  2 M(v 1 ) = M(v 2 ) =  3 M(v 3 ) = M(v 4 ) =  4 M(g)(  i ) =  j if there is v  g(a) s.t. M(a) =  i M(v) =  j =  k, otherwise

65 a = b, b = c, d = e, b = s, d = t, a  v 4, v 2  v 3 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Model construction: |M| = {  1,  2,  3,  4 } M(a) = M(b) = M(c) = M(s) =  1 M(d) = M(e) = M(t) =  2 M(v 1 ) = M(v 2 ) =  3 M(v 3 ) = M(v 4 ) =  4 M(g) = {  2 →  3 } M(g)(  i ) =  j if there is v  g(a) s.t. M(a) =  i M(v) =  j =  k, otherwise

66 a = b, b = c, d = e, b = s, d = t, a  v 4, v 2  v 3 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Model construction: |M| = {  1,  2,  3,  4 } M(a) = M(b) = M(c) = M(s) =  1 M(d) = M(e) = M(t) =  2 M(v 1 ) = M(v 2 ) =  3 M(v 3 ) = M(v 4 ) =  4 M(g) = {  2 →  3 } M(g)(  i ) =  j if there is v  g(a) s.t. M(a) =  i M(v) =  j =  k, otherwise

67 a = b, b = c, d = e, b = s, d = t, a  v 4, v 2  v 3 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Model construction: |M| = {  1,  2,  3,  4 } M(a) = M(b) = M(c) = M(s) =  1 M(d) = M(e) = M(t) =  2 M(v 1 ) = M(v 2 ) =  3 M(v 3 ) = M(v 4 ) =  4 M(g) = {  2 →  3, else →  1 } M(g)(  i ) =  j if there is v  g(a) s.t. M(a) =  i M(v) =  j =  k, otherwise

68 a = b, b = c, d = e, b = s, d = t, a  v 4, v 2  v 3 v 1  g(d), v 2  g(e), v 3  f(a, v 1 ), v 4  f(b, v 2 ) Model construction: |M| = {  1,  2,  3,  4 } M(a) = M(b) = M(c) = M(s) =  1 M(d) = M(e) = M(t) =  2 M(v 1 ) = M(v 2 ) =  3 M(v 3 ) = M(v 4 ) =  4 M(g) = {  2 →  3, else →  1 } M(f) = { (  1,  3 ) →  4, else →  1 } M(g)(  i ) =  j if there is v  g(a) s.t. M(a) =  i M(v) =  j =  k, otherwise

69 It is possible to implement our procedure in O(n log n)

70 d,e,t Sets (equivalence classes) t t d,e  = d,e,t Union a  s a,b,c,s Membership

71 Sets (equivalence classes) d,e,t t t d,e  = d,e,t Union a  s a,b,c,s Membership Key observation: The sets are disjoint! Key observation: The sets are disjoint!

72 Union-Find data-structure Every set (equivalence class) has a root element (representative). a,b,c,s,r a b c s r root We say: find(c) is b

73 Union-Find data-structure a,b,c a b c s r s,r  = a b c s r a,b,c,s,r

74 Tracking the equivalence classes size is important! a1a1 a2a2  a3a3 =a1a1 a2a2 a3a3 a1a1 a2a2 a3a3  a4a4 =a1a1 a2a2 a3a3 a4a4 … a1a1 a2a2 a3a3  anan = … a n-1 a1a1 a2a2 a3a3 … anan

75 Tracking the equivalence classes size is important! a1a1 a2a2  a3a3 =a1a1 a2a2 a3a3 a1a1 a2a2 a3a3  a4a4 =a1a1 a2a2 a3a3 a4a4 … a1a1 a2a2 a3a3  anan = … a n-1 a1a1 a2a2 a3a3 … anan

76 Tracking the equivalence classes size is important! a1a1 a2a2  a3a3 =a1a1 a2a2 a3a3 a1a1 a2a2 a3a3  a4a4 =a1a1 a2a2 a3a3 a4a4 … a1a1 a2a2 a3a3  anan = … a n-1 a1a1 a2a2 a3a3 … anan We can do n merges in O(n log n) Each constant has two fields: find and size.

77 Implementing the congruence rule. Occurrences of a constant: we say a occurs in v iff v  f(…,a,…) When we “merge” two equivalence classes we can traverse these occurrences to find new congruences. a b c s r  Occurrences(b) = { v 1  g(b), v 2  f(a) } Occurrences(s) = { v 3  f(r) }

78 Implementing the congruence rule. Occurrences of a constant: we say a occurs in v iff v  f(…,a,…) When we “merge” two equivalence classes we can traverse these occurrences to find new congruences. a b c s r  occurrences(b) = { v 1  g(b), v 2  f(a) } occurrences(s) = { v 3  f(r) } Inefficient version: for each v in occurrences(b) for each w in occurrences(s) if v and w are congruent add (v,w) to todo queue A queue of pairs that need to be merged.

79 a b c s r  occurrences(b) = { v 1  g(b), v 2  f(a) } occurrences(s) = { v 3  f(r) } We also need to merge occurrences(b) with occurrences(s). This can be done in constant time: Use circular lists to represent the occurrences. (More later) v1v1 v2v2 v3v3  = v1v1 v2v2 v3v3

80 Avoiding the nested loop: for each v in occurrences(b) for each w in occurrences(s) … Avoiding the nested loop: Use a hash table to store the elements v 1  f(a 1, …, a n ). Each constant has an identifier (e.g., natural number). Compute hash code using the identifier of the (equivalence class) roots of the arguments. hash(v 1 ) = hash-tuple(id(f), id(root(a 1 )), …, id(root(a n )))

81 Avoiding the nested loop: for each v in occurrences(b) for each w in occurrences(s) … Avoiding the nested loop: Use a hash table to store the elements v 1  f(a 1, …, a n ). Each constant has an identifier (e.g., natural number). Compute hash code using the identifier of the (equivalence class) roots of the arguments. hash(v 1 ) = hash-tuple(id(f), id(root(a 1 )), …, id(root(a n ))) hash-tuple can be the Jenkin’s hash function for strings. Just adding the ids produces a very bad hash-code! hash-tuple can be the Jenkin’s hash function for strings. Just adding the ids produces a very bad hash-code!

82 Efficient implementation of the congruence rule. Merging the equivalences classes with roots: a 1 and a 2 Assume a 2 is smaller than a 1 Before merging the equivalence classes: a 1 and a 2 for each v in occurrences(a 2 ) remove v from the hash table (its hashcode will change) After merging the equivalence classes: a 1 and a 2 for each v in occurrences(a 2 ) if there is w congruent to v in the hash-table add (v,w) to todo queue else add v to hash-table

83 Efficient implementation of the congruence rule. Merging the equivalences classes with roots: a 1 and a 2 Assume a 2 is smaller than a 1 Before merging the equivalence classes: a 1 and a 2 for each v in occurrences(a 2 ) remove v from the hash table (its hashcode will change) After merging the equivalence classes: a 1 and a 2 for each v in occurrences(a 2 ) if there is w congruent to v in the hash-table add (v,w) to todo queue else add v to hash-table add v to occurrences(a 1 ) Trick: Use dynamic arrays to represent the occurrences Trick: Use dynamic arrays to represent the occurrences

84 The efficient version is not optimal (in theory). Problem: we may have v = f(a 1, …, a n ) with “huge” n. Solution: currying Use only binary functions, and represent f(a 1, a 2,a 3,a 4 ) as f(a 1, h(a 2, h(a 3, a 4 ))) This is not necessary in practice, since the n above is small.

85 Each constant has now three fields: find, size, and occurrences. We also has use a hash-table for implementing the congruence rule. We will need many more improvements!

86 Many verification/analysis problems require: case-analysis x  0, y = x + 1, (y > 2  y < 1)

87 Many verification/analysis problems require: case-analysis x  0, y = x + 1, (y > 2  y < 1) Naïve Solution: Convert to DNF (x  0, y = x + 1, y > 2)  (x  0, y = x + 1, y < 1)

88 Many verification/analysis problems require: case-analysis x  0, y = x + 1, (y > 2  y < 1) Naïve Solution: Convert to DNF (x  0, y = x + 1, y > 2)  (x  0, y = x + 1, y < 1) Too Inefficient! (exponential blowup) Too Inefficient! (exponential blowup)

89 SAT Theory Solvers SMT Equality + UF Arithmetic Bit-vectors … Case Analysis

90 M | F Partial model Set of clauses

91 Guessing p,  q | p  q,  q  r p | p  q,  q  r

92 Deducing p, s| p  q,  p  s p | p  q,  p  s

93 Backtracking p, s| p  q, s  q,  p   q p,  s, q | p  q, s  q,  p   q

94 Efficient indexing (two-watch literal) Non-chronological backtracking (backjumping) Lemma learning

95 Basic Idea x  0, y = x + 1, (y > 2  y < 1) p 1, p 2, (p 3  p 4 ) Abstract (aka “naming” atoms) p 1  (x  0), p 2  (y = x + 1), p 3  (y > 2), p 4  (y < 1)

96 Basic Idea x  0, y = x + 1, (y > 2  y < 1) p 1, p 2, (p 3  p 4 ) Abstract (aka “naming” atoms) p 1  (x  0), p 2  (y = x + 1), p 3  (y > 2), p 4  (y < 1) SAT Solver SAT Solver

97 Basic Idea x  0, y = x + 1, (y > 2  y < 1) p 1, p 2, (p 3  p 4 ) Abstract (aka “naming” atoms) p 1  (x  0), p 2  (y = x + 1), p 3  (y > 2), p 4  (y < 1) SAT Solver SAT Solver Assignment p 1, p 2,  p 3, p 4

98 Basic Idea x  0, y = x + 1, (y > 2  y < 1) p 1, p 2, (p 3  p 4 ) Abstract (aka “naming” atoms) p 1  (x  0), p 2  (y = x + 1), p 3  (y > 2), p 4  (y < 1) SAT Solver SAT Solver Assignment p 1, p 2,  p 3, p 4 x  0, y = x + 1,  (y > 2), y < 1

99 Basic Idea x  0, y = x + 1, (y > 2  y < 1) p 1, p 2, (p 3  p 4 ) Abstract (aka “naming” atoms) p 1  (x  0), p 2  (y = x + 1), p 3  (y > 2), p 4  (y < 1) SAT Solver SAT Solver Assignment p 1, p 2,  p 3, p 4 x  0, y = x + 1,  (y > 2), y < 1 Theory Solver Theory Solver Unsatisfiable x  0, y = x + 1, y < 1

100 Basic Idea x  0, y = x + 1, (y > 2  y < 1) p 1, p 2, (p 3  p 4 ) Abstract (aka “naming” atoms) p 1  (x  0), p 2  (y = x + 1), p 3  (y > 2), p 4  (y < 1) SAT Solver SAT Solver Assignment p 1, p 2,  p 3, p 4 x  0, y = x + 1,  (y > 2), y < 1 Theory Solver Theory Solver Unsatisfiable x  0, y = x + 1, y < 1 New Lemma  p 1  p 2  p 4

101 Theory Solver Theory Solver Unsatisfiable x  0, y = x + 1, y < 1 New Lemma  p 1  p 2  p 4 AKA Theory conflict AKA Theory conflict

102 procedure SmtSolver(F) (F p, M) := Abstract(F) loop (R, A) := SAT_solver(F p ) if R = UNSAT then return UNSAT S := Concretize(A, M) (R, S’) := Theory_solver(S) if R = SAT then return SAT L := New_Lemma(S’, M) Add L to F p

103 Basic Idea F: x  0, y = x + 1, (y > 2  y < 1) F p : p 1, p 2, (p 3  p 4 ) Abstract (aka “naming” atoms) M: p 1  (x  0), p 2  (y = x + 1), p 3  (y > 2), p 4  (y < 1) SAT Solver SAT Solver A: Assignment p 1, p 2,  p 3, p 4 S: x  0, y = x + 1,  (y > 2), y < 1 Theory Solver Theory Solver S’: Unsatisfiable x  0, y = x + 1, y < 1 L: New Lemma  p 1  p 2  p 4

104 F: x  0, y = x + 1, (y > 2  y < 1) F p : p 1, p 2, (p 3  p 4 ) Abstract (aka “naming” atoms) M: p 1  (x  0), p 2  (y = x + 1), p 3  (y > 2), p 4  (y < 1) SAT Solver SAT Solver A: Assignment p 1, p 2,  p 3, p 4 S: x  0, y = x + 1,  (y > 2), y < 1 Theory Solver Theory Solver S’: Unsatisfiable x  0, y = x + 1, y < 1 L: New Lemma  p 1  p 2  p 4 procedure SMT_Solver(F) (F p, M) := Abstract(F) loop (R, A) := SAT_solver(F p ) if R = UNSAT then return UNSAT S = Concretize(A, M) (R, S’) := Theory_solver(S) if R = SAT then return SAT L := New_Lemma(S, M) Add L to F p “Lazy translation” to DNF “Lazy translation” to DNF

105 State-of-the-art SMT solvers implement many improvements.

106 Incrementality Send the literals to the Theory solver as they are assigned by the SAT solver p 1, p 2, p 4 | p 1, p 2, (p 3  p 4 ), (p 5   p 4 ) p 1  (x  0), p 2  (y = x + 1), p 3  (y > 2), p 4  (y < 1), p 5  (x < 2), Partial assignment is already Theory inconsistent. Partial assignment is already Theory inconsistent.

107 Efficient Backtracking We don’t want to restart from scratch after each backtracking operation.

108 Efficient Lemma Generation (computing a small S’) Avoid lemmas containing redundant literals. p 1, p 2, p 3, p 4 | p 1, p 2, (p 3  p 4 ), (p 5   p 4 ) p 1  (x  0), p 2  (y = x + 1), p 3  (y > 2), p 4  (y < 1), p 5  (x < 2),  p 1  p 2  p 3  p 4 Imprecise Lemma

109 Theory Propagation It is the SMT equivalent of unit propagation. p 1, p 2 | p 1, p 2, (p 3  p 4 ), (p 5   p 4 ) p 1  (x  0), p 2  (y = x + 1), p 3  (y > 2), p 4  (y < 1), p 5  (x < 2), p 1, p 2 imply  p 4 by theory propagation p 1, p 2,  p 4 | p 1, p 2, (p 3  p 4 ), (p 5   p 4 )

110 Theory Propagation It is the SMT equivalent of unit propagation. p 1, p 2 | p 1, p 2, (p 3  p 4 ), (p 5   p 4 ) p 1  (x  0), p 2  (y = x + 1), p 3  (y > 2), p 4  (y < 1), p 5  (x < 2), p 1, p 2 imply  p 4 by theory propagation p 1, p 2,  p 4 | p 1, p 2, (p 3  p 4 ), (p 5   p 4 ) Tradeoff between precision  performance.

111 Core SAT Solver Equality Uninterpreted Functions Equality Uninterpreted Functions Arithmetic Bit-Vectors Scalar Values

112 Core SAT Solver Equality Uninterpreted Functions Equality Uninterpreted Functions Arithmetic Bit-Vectors Scalar Values Case Analysis

113 Core SAT Solver Equality Uninterpreted Functions Equality Uninterpreted Functions Arithmetic Bit-Vectors Scalar Values Blackboard: equalities, disequalities, predicates Blackboard: equalities, disequalities, predicates

Download ppt "Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T."

Similar presentations

SMELS: Sat Modulo Equality with Lazy Superposition Christopher Lynch – Clarkson Duc-Khanh Tran - MPI.

SMELS: Sat Modulo Equality with Lazy Superposition Christopher Lynch – Clarkson Duc-Khanh Tran - MPI.
Completeness and Expressiveness

Completeness and Expressiveness
Satisfiability Modulo Theories (An introduction)

Satisfiability Modulo Theories (An introduction)
SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀

SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀
Propositional and First Order Reasoning. Terminology Propositional variable: boolean variable (p) Literal: propositional variable or its negation p 

Propositional and First Order Reasoning. Terminology Propositional variable: boolean variable (p) Literal: propositional variable or its negation p 
Proofs from SAT Solvers Yeting Ge ACSys NYU Nov 20 2007.

Proofs from SAT Solvers Yeting Ge ACSys NYU Nov
Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
Leonardo de Moura and Nikolaj Bjørner Microsoft Research.

Leonardo de Moura and Nikolaj Bjørner Microsoft Research.
Deciding Equality with Uninterpreted Functions using Congruence Closure Constantinos Bartzis.

Deciding Equality with Uninterpreted Functions using Congruence Closure Constantinos Bartzis.
Number Theory and Cryptography

Number Theory and Cryptography
Nikolaj Bjørner Microsoft Research Lecture 4. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Nikolaj Bjørner Microsoft Research Lecture 4. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.

Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
Last time Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search strategy.

Last time Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search strategy.
Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.
Interpolants [Craig 1957] G(y,z) F(x,y)

Interpolants [Craig 1957] G(y,z) F(x,y)
1 Satisfiability Modulo Theories Sinan Hanay. 2 Boolean Satisfiability (SAT) Is there an assignment to the p 1, p 2, …, p n variables such that  evaluates.

1 Satisfiability Modulo Theories Sinan Hanay. 2 Boolean Satisfiability (SAT) Is there an assignment to the p 1, p 2, …, p n variables such that  evaluates.
Automated Theorem Proving Lecture 4.   Formula := A |  |    A  Atom := b | t = 0 | t < 0 | t  0 t  Term := c | x | t + t | t – t | ct | Select(m,t)

Automated Theorem Proving Lecture 4.   Formula := A |  |    A  Atom := b | t = 0 | t < 0 | t  0 t  Term := c | x | t + t | t – t | ct | Select(m,t)
Yeting Ge Leonardo de Moura New York University Microsoft Research.

Yeting Ge Leonardo de Moura New York University Microsoft Research.

Similar presentations

Ads by Google