PROOF TRANSLATION AND SMT LIB CERTIFICATION Yeting Ge Clark Barrett SMT 2008 July 7 Princeton.

Slides:

Advertisements

Similar presentations

Demand-driven inference of loop invariants in a theorem prover

Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

1 Logic Programming School of Informatics, University of Edinburgh Logic Programming in 50 Minutes The purpose of this lecture is to explain why logic.

Linear real and integer arithmetic. Fixed-size bit-vectors Uninterpreted functions Extensional arrays Quantifiers Model generation Several input formats.

SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Proofs from SAT Solvers Yeting Ge ACSys NYU Nov

A.Darbari¹, B. Fischer², J. Marques-Silva³ ¹ARM, Cambridge ²University of Southampton ³University College Dublin Industrial-Strength.

Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.

Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB.

Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.

Formal verification of safety communication protocol for ETCS Chen Lijie  Introduction  Safety communication protocol in ETCS  CPN model.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute.

Proof translation from CVC3 to Hol light Yeting Ge Acsys Mar 5, 2008.

Interpolants [Craig 1957] G(y,z) F(x,y)

1 Satisfiability Modulo Theories Sinan Hanay. 2 Boolean Satisfiability (SAT) Is there an assignment to the p 1, p 2, …, p n variables such that  evaluates.

Proof-system search ( ` ) Interpretation search ( ² ) Main search strategy DPLL Backtracking Incremental SAT Natural deduction Sequents Resolution Main.

SAT-Based Decision Procedures for Subsets of First-Order Logic

Automated Reasoning Matt Whipple and Brian Vees. Overview What is automated reasoning? What is automated reasoning? Properties of inference procedures.

CVCL Lite: An Efficient Theorem Prover Based on Combination of Decision Procedures Presented by: Sergey Berezin Stanford University, U.S.A.

1 First order theories. 2 Satisfiability The classic SAT problem: given a propositional formula , is  satisfiable ? Example:  Let x 1,x 2 be propositional.

VeriML DARPA CRASH Project Progress Report Antonis Stampoulis October 5 th, 2012 A language-based, dependently-typed, user-extensible approach to proof.

MBSat Satisfiability Program and Heuristics Brief Overview VLSI Testing B Marc Boulé April 2001 McGill University Electrical and Computer Engineering.

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

Author: Graham Hughes, Tevfik Bultan Computer Science Department, University of California, Santa Barbara, CA 93106, USA Source: International Journal.

CEFRIEL Consorzio per la Formazione e la Ricerca in Ingegneria dell’Informazione Politecnico di Milano Model Checking UML Specifications of Real Time Software.

University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Towards Verified Model Transformations Holger Giese 1, Sabine Glesner 2, Johannes.

1 MVD 2010 University of Iowa New York University Comparing Proof Systems for Linear Real Arithmetic Using LFSC Andrew Reynolds September 17, 2010.

© Andrew IrelandDependable Systems Group On the Scalability of Proof Carrying Code for Software Certification Andrew Ireland School of Mathematical & Computer.

Refinements to techniques for verifying shape analysis invariants in Coq Kenneth Roe GBO Presentation 9/30/2013 The Johns Hopkins University.

© Gudmund Grov & Andrew Ireland Dependable Systems Group Planning for System Development Gudmund Grov & Andrew Ireland Dependable Systems Group School.

CS Introduction to AI Tutorial 8 Resolution Tutorial 8 Resolution.

Certifying Intermediate Programming Zhaopeng Li

CSE Winter 2008 Introduction to Program Verification January 31 proofs through simplification.

CS6133 Software Specification and Verification

- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -

Verification & Validation By: Amir Masoud Gharehbaghi

Automated tactics for separation logic VeriML Reconstruct Z3 Proof Safe incremental type checker Certifying code transformation Proof carrying hardware.

1 3 Questions What do we need to do in order to achieve the vision? What is a fuller elaboration of the collection of artifacts required to support the.

Nikolaj Bjørner Microsoft Research DTU Winter course January 2 nd 2012 Organized by Flemming Nielson & Hanne Riis Nielson.

1 First order theories (Chapter 1, Sections 1.4 – 1.5) From the slides for the book “Decision procedures” by D.Kroening and O.Strichman.

Knowledge Repn. & Reasoning Lec. #5: First-Order Logic UIUC CS 498: Section EA Professor: Eyal Amir Fall Semester 2004.

SAFE KERNEL EXTENSIONS WITHOUT RUN-TIME CHECKING George C. Necula Peter Lee Carnegie Mellon U.

CSE Winter 2008 Introduction to Program Verification for-loops; review.

Daniel Kroening and Ofer Strichman Decision Procedures An Algorithmic Point of View Deciding Combined Theories.

Artificial Intelligence: Research and Collaborative Possibilities a presentation by: Dr. Ernest L. McDuffie, Assistant Professor Department of Computer.

1 Lecture 5 PVS commands. 2 Last week Logical formalisms, first-order logic (syntax, semantics). Introduction to PVS. Language of PVS. Proving sequents.

Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View Basic Concepts and Background.

Finding Conflicting Instances of Quantified Formulas in SMT Andrew Reynolds Cesare Tinelli Leonardo De Moura July 18, 2014.

Selected Decision Procedures and Techniques for SMT More on combination – theories sharing sets – convex theory Un-interpreted function symbols (quantifier-free.

Computer Systems Laboratory Stanford University Clark W. Barrett David L. Dill Aaron Stump A Framework for Cooperating Decision Procedures.

Formal Verification – Robust and Efficient Code Lecture 1

Certifying and Synthesizing Membership Equational Proofs Patrick Lincoln (SRI) joint work with Steven Eker (SRI), Jose Meseguer (Urbana) and Grigore Rosu.

From Classical Proof Theory to P vs. NP

Matching Logic An Alternative to Hoare/Floyd Logic

SS 2017 Software Verification Software Model Checking 2 - Parallelism

Lazy Proofs for DPLL(T)-Based SMT Solvers

Solving Linear Arithmetic with SAT-based MC

Automating Induction for Solving Horn Clauses

Jared Davis The University of Texas at Austin April 6, 2006

Lecture 2 Propositional Logic

Satisfiability Modulo Theories

Lifting Propositional Interpolants to the Word-Level

Clark Barrett Analysis of Computer Systems Group

The SMT-LIB Initiative

Rich Model Toolkit – An Infrastructure for Reliable Computer Systems

Presentation transcript:

PROOF TRANSLATION AND SMT LIB CERTIFICATION Yeting Ge Clark Barrett SMT 2008 July 7 Princeton

SMT solvers are more complicated CVC3 contains over 100,000 lines of code  Are SMT solvers correct? 

Quest for correct SMT solvers?  To verify a SMT solver is correct?  To develop a correct SMT solver?

Good news: we have proofs  Some SMT solvers could produce proofs  Proof checking should be easier than proving the correctness of a SMT solver  A proof could be represented as a proof tree

Bad news: Proof checking for SMT solvers is not so easy  Theory proof rules require the proof checker to have theory reasoning ability  a/2 = b  Choice of proof rules  A small set of simple proof rules? Good for proof checking  Large set of complex proof rules? Good for performance (CVC3 has 298 rules) The correctness of the proof checker becomes questionable  SMT solvers are in constant change

The idea Use a second prover to check the proof  Translate the proof into the second prover  The benefits  Could easily handle both simple and complex proof rules  Flexible  The challenges  A suitable second prover The correctness is reduced to the second prover  Efficiency  Translation This is feasible!

SMT LIB certification  SMT LIB  A collection of over 40,000 SMT benchmarks, most of which from industry applications  Each file contains a status field  Some files are incorrectly labeled  The proof in the second prover is a certificate  A certified SMT LIB will be beneficial to SMT community  Prove as many unsatisfiable cases as possible (benchmark tmp :source {piVC} :status unsat :category { industrial } :difficulty { 0 } :logic AUFLIA :extrafuns ((V_6 Int))

CVC3  A proof is a tree  A proof rule maps a set of proofs to a proof  Some proof rules are rather complex

The second prover: HOL Light  Simple  The core: 430 lines of Ocaml, 10 inference rules, 3 axioms  Definitional extension guarantees correctness Except equality, all logic symbols are defined  All proofs in HOL Light can be broken down into the 10 rules and 3 axioms, if needed  “it sets a very exacting standard of correctness”  Efforts to verify the correctness of the core

HOL Light  Powerful  Capable of formalizing most mathematics (up to axiom of choice)  Flexible  Programmable Ocaml as meta-language  A number of built-in theories Reals, integers  A lot of useful tools Decision procedures for first-order logic, propositional logic Decision procedures for reals, integers, …

Translation of terms  HOL Light and CVC3 are connected through C API functions of CVC3  distinct(x 1,x 2,…,x n )  Define a predicate on the fly  Mixed integers and reals  Lift to reals  Skolem constant  Choice operator

Translation of proof rules  An Ocaml function for each proof rule  Naïve method  call HOL Light’s decision procedure  Exploit HOL Light’s capability of higher order reasoning  Prove a meta-theorem off-line  During the translation, instantiate the meta-theorem  Engineering the translation of a proof rule

Propositional reasoning  SAT solvers can dump a resolution proof  Sequent representation  Definitional CNF and ITE

Results catetorycasesCVC3Translation provedAve timeprovedAve time simplify Simplify burns ricart piVc Hard casesCVC3Translation No Prep With Prep Hard cases in simplify1: CVC3 spent more than 20 seconds

Results  Found one proof rule that does not preserve validity in CVC3  Found one faulty proof rule in CVC3  Found two mis-labled SMT LIB cases in AUFLIA

Discussion  Instantiating a meta-theorem in HOL Light is almost like rewriting  Most proof rules can be converted into some meta-theorem  Other methods to improve efficiency  Compiling HOL Light

Conclusion  It is feasible to translate proofs from CVC3 into HOL Light  It is possible to certify many SMT LIB cases in HOL Light

Future works  Prove more SMT LIB cases  Improve the translation of arithmetic proof rules  Support more proof rules  Support more theories  Improve the proof rules of CVC3

Thanks  John Harrison for help with HOL Ligh  Sean McLaughlin for writing the first version of the translator

Reference  C. Barrett and C. Tinelli. CVC3. In W. Damm and H. Hermanns, editors, Proceedings of the 19th International Conference on Computer Aided Verification (CAV ’07), LNCS 4590, pages 298–302. Springer-Verlag, July Berlin, Germany.  J. Harrison. Hol light: A tutorial introduction. In M. K. Srivas and A. J.Camilleri, editors, FMCAD, LNCS 1166, pages 265–269. Springer,  S. McLaughlin, C. Barrett, and Y. Ge. Cooperating theorem provers: A case study combining HOL-Light and CVC Lite. In A. Armando and A. Cimatti, editors, Proceedings of the 3rd Workshop on Pragmatics of Decision Procedures in Automated Reasoning (PDPAR ’05), volume 144(2) of Electronic Notes in Theoretical Computer Science, pages 43–51. Elsevier, Jan Edinburgh, Scotland.  M. Moskal. Rocket-fast proof checking for smt solvers. In K. Jesen and A. Podelski, editors, TACAS, LNCS 4963, pages 486–500. Springer,  T. Weber. Efficiently checking propositional resolution proofs in isabelle/hol. volume 212 of CEUR Workshop Proceedings, 2006.