Presentation is loading. Please wait.

Presentation is loading. Please wait.

CVCL Lite: An Efficient Theorem Prover Based on Combination of Decision Procedures Presented by: Sergey Berezin Stanford University, U.S.A.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CVCL Lite: An Efficient Theorem Prover Based on Combination of Decision Procedures Presented by: Sergey Berezin Stanford University, U.S.A."— Presentation transcript:

1 CVCL Lite: An Efficient Theorem Prover Based on Combination of Decision Procedures Presented by: Sergey Berezin Stanford University, U.S.A.

2 People Project leaders: Sergey Berezin, Clark Barrett, David Dill Developers and contributors: Daniel Wichs Ying Hu Mark Zavislak Jim Zhuang Deepak Goyal Jake Donham Sean McLaughlin Vijay Ganesh Mehul Trivedi

3 Outline Theoretical Basis CVCL from User's Point of View –C++ library –Command line –Theory API Architecture and Design Decisions Information Flow in CVCL Other Functionality

4 What is CVC Lite? Validity Checker:  ²  –First-Order Logic with interpreted theories Arithmetic, uninterpreted functions, arrays, etc. –Theorem Prover based on multiple DPs

5 Logic Many-sorted FOL + '=' + Theories x=y ) a[i]+2*y < f(rec.f, 15-3*b[j+1]) –Partial functions (e.g. x/y) –Quantifiers (experimental) Validity Problem: –Is  valid under the set of assumptions  ?  ² 

6 Theoretical Basis: Combination of Decision Procedures Clark Barrett's thesis –Fusion of Nelson-Oppen + Shostak methods T 1 [ T 2 ²  T 1 [ T 2 [ :  ² ? (T 1 [  1 ) [ (T 2 [  2 ) ² ? –Search for an arrangement A over  0 such that (T 1 [  1 ) [ A and (T 2 [  2 ) [ A are SAT

7 Theoretical Basis: Real Implementation Vijay Ganesh's extension of Ghilardi's method: T 1 [ T 2 ²  T 1 [ T 2 [ :  ² ? (T 1 [  1 ) [ (T 2 [  2 ) ² ? T i [  i [ C k ² C k+1, i 2 {1,2} C k are positive ground clauses

8 Outline Theoretical Basis CVCL from User's Point of View –C++ library –Command line –Theory API Architecture and Design Decisions Information Flow in CVCL Other Functionality

9 CVCL as C++ Library API: ValidityChecker class Provides functionality: –Create terms and formulas as CVCL Expr –Manipulate logical context  –Solve  ² 

10 Command Line Executable PVS-like input language Parser and command processor –implemented on top of C++ API CVCL Executable CVCL library Parser & Command Processor User Input CVCL API

11 Theory API (For New Decision Procedures) "Hackability" – very important! All functionality implemented locally in DP –No changes to the Core files CVCL Core ArithUFArrays CVCL Library Theory API

12 Outline Theoretical Basis CVCL from User's Point of View –Command line –C++ library –Theory API Architecture and Design Decisions Information Flow in CVCL Other Functionality

13 CVCL Core ArithUFArrays CVC Lite Architecture SAT Solver Fact Queue Union-Find DB Notify List

14 Union-Find & Notify List x' y' x' = y' => x = y x y 2*x + 3*y => 5*y

15 ... Setup / Update Mechanism + * * x 2 3 y x = y 2*x = 2*y 2*x + 3*y = 5*y update(x=y, 2*x) update(2*x=2*y, 2*x+3*y)

16 Soundness: Theorems and Proof Rules Computing with proof rules –Every proven formula is a Theorem object –Theorems are constructed with Proof Rules –Proof rules comprise Trusted Code Soundness checked on-the-fly Transparent assumption tracking and proof production –Automatically up-to-date

17 Computing with Proof Rules Example: Fourier-Motzkin elimination t 1 · x, x · t 2 => t 1 · t 2 Proof Rule: t 1 · x x · t 2 t 1 · t 2 R C++ Method: R(t 1 · x, x · t 2 ) { return t 1 · t 2 ; }

18 Theorem Class Sequent:  ²  class Theorem { // private constructors Formula  ; Assumptions  ; Proof pf; };

19 Trusted Code R(Theorem(  1 ² t 1 · x), Theorem(  2 ² y · t 2 )) { check_sound(x == y); Proof pf =... // Compute the proof object return Theorem(  1 [  2 ² t 1 · t 2, pf); }  1 ² t 1 · x  2 ² x · t 2  1 [  2 ² t 1 · t 2 R

20 Outline Theoretical Basis CVCL from User's Point of View –Command line –C++ library –Theory API Architecture and Design Decisions Information Flow in CVCL Other Functionality

21 SAT Solver + DPs (BCP; DP)* BCP: Unit Clauses DP: T i [  i [ C k ² C k+1 (BCP; DP)* ? s1s1 s2s2 s3s3 ? :s3:s3 :s2:s2 Backtracking Mechanism!

22 Backtracking Mechanism CDO -- generic backtracking object –read, assign CDList -- backtracking stack –push, read-only CDMap – backtracking STL-like map –add, change value; [no deletion] ~1% CPU overhead

23 Completeness of CVC Lite s1s1 (BCP; DP)* s2s2 s3s3 SAT T 1 [ T 2 ²  T 1 [ T 2 [ :  ² ? (T 1 [  1 ) [ (T 2 [  2 ) ² ? T i [  i [ C k ² C k+1, i 2 {1,2} Derived  0 such that: (T i [  i ) [  0 ²  0 ? 2  0 Therefore (T 1 [  1 ) [ (T 2 [  2 ) is SAT Hence, T 1 [ T 2 ² 

24 Efficiency: Tracking Assumptions for Conflict Analysis Splitters:  ²  ²  assump Typical Proof Rule:  1 ²  1  2 ²  2  1 [  2 ²  R Assumptions are proof explications!  ² ?

25 Implication Graph and Conflict Clauses ? :l:l ll1l1 l2l2 l3l3 l7l7 l5l5 l4l4 l6l6 l8l8 l9l9 Conflict Clause: ( : l 1 Ç : l 6 Ç : l 7 )

26 Implication Graph from Theorems ? y<x x<yy<zz<x x<y y<x ? LT ? y<z z<x y<x R

27 Implication Graph from  ² ?² ? x<y y<x ? LT ? y<z z<x y<x R ² x<y ² y<x ² z<x ² y<z

28 Outline Theoretical Basis CVCL from User's Point of View Architecture and Design Decisions Information Flow in CVCL Other Functionality –Proofs –Quantifiers –Partial Functions

29 Proof Production pf[y<x] = R(pf[y<z], pf[z<y]) Curry-Howard Isomorphism: –Proofs are terms –Formulas are types R: (y<z) £ (z<x) ! (y<x) Constructed in proof rules y<z z<x y<x R

30 Outline Theoretical Basis CVCL from User's Point of View Architecture and Design Decisions Information Flow in CVCL Other Functionality –Proofs –Quantifiers –Partial Functions

31 Existential Quantifiers Add "axiom": ( 9 x.  (x)) )  (a) –fresh Skolem constant a Skolemization by Modus Ponens Set of axioms  is eliminated: ,  ²   ²  9E9E

32 Universal Quantifiers Instantiate: Search for terms in current context Cache useful instantiations –Those that derive ? 8 x.  (x)  (t) 8E8E

33 Outline Theoretical Basis CVCL from User's Point of View Architecture and Design Decisions Information Flow in CVCL Other Functionality –Proofs –Quantifiers –Partial Functions

34 Partial Functions & Subtypes True, False or Undefined? x/y · x/y x/y > x/y : (y = 0) => x/y · x/y : (x/y · x/y) => y = 0 x/y > x/y => y = 0

35 Kleene Semantics Values: T, F, ? Connectives: –F Æ ? ´ F, T Æ ? ´ ? –F Ç ? ´ ?, T Ç ? ´ T Most general –Agrees with classical logic –  ´ ? iff value of  depends on particular total extension

36 Type Correctness Conditions (TCCs) TCC[  ] iff  is defined (T or F) TCC[f(t)] =  f (t) Æ TCC[t] TCC[  1 Ç  2 ] = (TCC[  1 ] Æ TCC[  2 ]) Ç (TCC[  1 ] Æ  1 ) Ç (TCC[  2 ] Æ  2 )

37 Total Extensions with TCCs If TCC[  ] ´ T, Then M ²  iff M total ²  E.g. arithmetic: x / 0 = 0

38 Partial Functions with Subtypes Subtypes: NAT = { x: REAL | int(x) Æ x ¸ 0 } R 0 = { x : REAL | x != 0 } x / y: REAL £ R 0 ! REAL TCC[x/y] = (y != 0)

39 Example of TCC TCC[y=0 Ç x/y · x/y] ´ (T Æ y != 0) Ç (T Æ y=0) Ç ( y != 0 Æ x/y · x/y) ´ T´ T Therefore: y!=0 ) x/y · x/y ´ T

40 Decision Procedure: Any Total Extension CVCL Core ArithUFArrays CVCL Library Theory API TCCs User Input

41 Hack to the Future New Decision Procedures –Bit Vectors, Datatypes Functionality –Symbolic Simulation –Interpolation? Predicate Abstraction? Interface –Multiple input languages Performance –Raw speed –SAT heuristics (DP-specific?)

42 CVCL Theory UI Architecture SAT TCCs 8, 9 C++ lib cvc.exe Theory API Core DP Theorems  ²  Completeness Impl Graph Backtracking x / 0 NAT v INT Kleene T i [ C k ² C k+1  ²  ²  8 x.  (x)  (t) 8E8E 9 x.  (x) )  (a) Notify List DPs: 2x+3y<8, f(x)=g(y), a[i], r.f, 8 x.  (x) Questions?

43 Thank you!

44 Other Important Features Efficient backtracking mechanism Partial Functions and Subtypes –Kleene semantics (most general) Quantifiers (experimental) Symbolic Simulator (in progress) Proof Production

45 Adding Decision Procedures Core files need not be modified All functionality is coded locally in DP –Type checking –TCCs (partial functions) –Specialized expressions –Parsing aid –Pretty-printing Distribution of responsibility among developers

Download ppt "CVCL Lite: An Efficient Theorem Prover Based on Combination of Decision Procedures Presented by: Sergey Berezin Stanford University, U.S.A."

Similar presentations

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Chaff: Engineering an Efficient SAT Solver Matthew W.Moskewicz, Concor F. Madigan, Ying Zhao, Lintao Zhang, Sharad Malik Princeton University Modified.

Chaff: Engineering an Efficient SAT Solver Matthew W.Moskewicz, Concor F. Madigan, Ying Zhao, Lintao Zhang, Sharad Malik Princeton University Modified.
Presented by Monissa Mohan 1.  A highly optimized BCP algorithm  Two watched literals  Fast Backtracking  Efficient Decision Heuristic  Focused on.

Presented by Monissa Mohan 1.  A highly optimized BCP algorithm  Two watched literals  Fast Backtracking  Efficient Decision Heuristic  Focused on.
Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.

Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.
Satisfiability Modulo Theories (An introduction)

Satisfiability Modulo Theories (An introduction)
Proofs from SAT Solvers Yeting Ge ACSys NYU Nov 20 2007.

Proofs from SAT Solvers Yeting Ge ACSys NYU Nov
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
Logic Use mathematical deduction to derive new knowledge.

Logic Use mathematical deduction to derive new knowledge.
Propositional Logic Reading: C. 7.4-7.8, C. 8. 2 Logic: Outline Propositional Logic Inference in Propositional Logic First-order logic.

Propositional Logic Reading: C , C Logic: Outline Propositional Logic Inference in Propositional Logic First-order logic.
Logic.

Logic.
Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.

Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Proof translation from CVC3 to Hol light Yeting Ge Acsys Mar 5, 2008.

Proof translation from CVC3 to Hol light Yeting Ge Acsys Mar 5, 2008.
PROOF TRANSLATION AND SMT LIB CERTIFICATION Yeting Ge Clark Barrett SMT 2008 July 7 Princeton.

PROOF TRANSLATION AND SMT LIB CERTIFICATION Yeting Ge Clark Barrett SMT 2008 July 7 Princeton.
Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.

Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.
What’s left in the course. The course in a nutshell Logics Techniques Applications.

What’s left in the course. The course in a nutshell Logics Techniques Applications.
Last time Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search strategy.

Last time Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search strategy.
Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Similar presentations

Ads by Google