Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leonardo de Moura and Nikolaj Bjørner Microsoft Research.

Published byDeborah Hicks Modified over 9 years ago

Similar presentations

Presentation on theme: "Leonardo de Moura and Nikolaj Bjørner Microsoft Research."— Presentation transcript:

1 Leonardo de Moura and Nikolaj Bjørner Microsoft Research

2 Z3 is a Satisfiability Modulo Theories (SMT) solver. Z3 integrates several decision procedures. Z3 is used in several program analysis, verification, test- case generation projects at Microsoft. Z3 1.2 is freely available for academic research: http://research.microsoft.com/projects/z3 Z3: An Efficient SMT Solver

3 ArithmeticArithmetic Array Theory Uninterpreted Functions

4 Linear real and integer arithmetic. Fixed-size bit-vectors Uninterpreted functions Extensional arrays Quantifiers Model generation Several input formats (Simplify, SMT-LIB, Z3, Dimacs) Extensive API (C/C++,.Net, OCaml) Z3: An Efficient SMT Solver

5 Theories Core Theory SAT solver Rewriting Simplification Bit-Vectors Arithmetic Partial orders Tuples E-matching Arrays OCaml Text.NET C C

6 Z3: An Efficient SMT Solver VCC Boogie Hyper-V Rustan Leino, Mike Barnet, Michal Mosƙal, Shaz Qadeer, Shuvendu Lahiri, Herman Venter, Peter Muller, Wolfram Schulte, Ernie Cohen Verification condition Bug path HAVOC

7 Quantifiers, quantifiers, quantifiers, … Modeling the runtime Frame axioms (“what didn’t change”) Users provided assertions (e.g., the array is sorted) Prototyping decision procedures (e.g., reachability, heaps, …) Solver must be fast in satisfiable instances. Trade-off between precision and performance. Candidate (Potential) Models Z3: An Efficient SMT Solver

8 Execution Path Run Test and Monitor Path Condition Unexplored path Solve seed New input Test Inputs Nikolai Tillmann, Peli de Halleux, Patrice Godefroid Aditya Nori, Jean Philippe Martin, Miguel Castro, Manuel Costa, Lintao Zhang Constraint System Known Paths Vigilante

9 Formulas may be a big conjunction Pre-processing step Eliminate variables and simplify input format Incremental: solve several similar formulas New constraints are asserted. push and pop: (user) backtracking Lemma reuse “Small Models” Given a formula F, find a model M, that minimizes the value of the variables x 0 … x n Z3: An Efficient SMT Solver

10 Ella Bounimova, Vlad Levin, Jakob Lichtenberg, Tom Ball, Sriram Rajamani, Byron Cook Z3 is part of SDV 2.0 (Windows 7) It is used for: Predicate abstraction (c2bp) Counterexample refinement (newton)

11 All-SAT Fast Predicate Abstraction Unsatisfiable cores Why the abstract path is not feasible? Z3: An Efficient SMT Solver

12 Bounded model-checking of model programs Termination Security protocols Business application modeling Cryptography Model Based Testing (SQL-Server) Your killer-application here Z3: An Efficient SMT Solver

13 Model-based Theory Combination How to efficiently combine theory solvers? Use models to control Theory Combination. E-matching abstract machine Term indexing data-structures for incremental matching modulo equalities. Relevancy propagation Use Tableau advantages with DPLL engine Z3: An Efficient SMT Solver

14 Given arrays: bool a1[bool]; bool a2[bool]; bool a3[bool]; bool a4[bool]; All can be distinct. Add: bool a5[bool]; Two of a1,..,a5 must be equal.

15 Coming soon (Z3 2.0): Proofs & Unsat cores Superposition Calculus Decidable Fragments Machine Learning Non linear arithmetic (Gröbner Bases) Inductive Datatypes Improved Array & Bit-vector theories Several performance improvements More “customers” & Applications Z3: An Efficient SMT Solver

16 Z3 is a new SMT solver from Microsoft Research. Z3 is used in several projects. Z3 is freely available for academic research: http://research.microsoft.com/projects/z3 Z3: An Efficient SMT Solver

Download ppt "Leonardo de Moura and Nikolaj Bjørner Microsoft Research."

Similar presentations

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
SMELS: Sat Modulo Equality with Lazy Superposition Christopher Lynch – Clarkson Duc-Khanh Tran - MPI.

SMELS: Sat Modulo Equality with Lazy Superposition Christopher Lynch – Clarkson Duc-Khanh Tran - MPI.
Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.

Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.
Demand-driven inference of loop invariants in a theorem prover

Demand-driven inference of loop invariants in a theorem prover
Satisfiability modulo the Theory of Bit Vectors

Satisfiability modulo the Theory of Bit Vectors
Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.

Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June
Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
Using SMT solvers for program analysis Shaz Qadeer Research in Software Engineering Microsoft Research.

Using SMT solvers for program analysis Shaz Qadeer Research in Software Engineering Microsoft Research.
Linear real and integer arithmetic. Fixed-size bit-vectors Uninterpreted functions Extensional arrays Quantifiers Model generation Several input formats.

Linear real and integer arithmetic. Fixed-size bit-vectors Uninterpreted functions Extensional arrays Quantifiers Model generation Several input formats.
50.530: Software Engineering

50.530: Software Engineering
Satisfiability Modulo Theories (An introduction)

Satisfiability Modulo Theories (An introduction)
SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀

SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀
Verification of Functional Programs in Scala Philippe Suter (joint work w/ Ali Sinan Köksal and Viktor Kuncak) ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE,

Verification of Functional Programs in Scala Philippe Suter (joint work w/ Ali Sinan Köksal and Viktor Kuncak) ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE,
Α ϒ ʎ …… Reachability Modulo Theories Akash Lal Shaz Qadeer, Shuvendu Lahiri Microsoft Research.

Α ϒ ʎ …… Reachability Modulo Theories Akash Lal Shaz Qadeer, Shuvendu Lahiri Microsoft Research.
Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.

Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.
Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.

Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.
Proofs from Tests Nels E. Beckman Aditya V. Nori Sriram K. Rajamani Robert J. Simmons Carnegie Mellon UniversityMicrosoft Research India Carnegie Mellon.

Proofs from Tests Nels E. Beckman Aditya V. Nori Sriram K. Rajamani Robert J. Simmons Carnegie Mellon UniversityMicrosoft Research India Carnegie Mellon.
Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.

Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.
Johannes Kepler University Linz, Austria 2008 Leonardo de Moura and Nikolaj Bjørner Microsoft Research.

Johannes Kepler University Linz, Austria 2008 Leonardo de Moura and Nikolaj Bjørner Microsoft Research.

Similar presentations

Ads by Google