Satisfiability Modulo Theories 9/12/2018 8:37 PM Satisfiability Modulo Theories Nikolaj Bjørner Microsoft Research Marktoberdorf Summer School August 10 - 2015 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Lectures Mon: An Introduction to SMT with Z3 Wed: Algorithmic underpinnings of SAT/SMT Thu: Theories, Solvers and Applications Fri: Topics: Horn Clauses, Quantifiers, Optimization

Plan Satisfiability Modulo Theories in a nutshell SMT solving in a nutshell SMT by example

Takeaways: Modern SMT solvers are a often good fit for program analysis tools. Handle domains found in programs directly. The selected examples are intended to show instances where sub-tasks are reduced to SMT/Z3.

If you use Z3, This could be you

– Backed by Proof Plumbers Handbook of Satisfiability Not all is hopeless Leonardo de Moura, Nikolaj Bjørner, Christoph Wintersteiger

Background Reading: SAT

Background Reading: SMT September 2011

Background Reading Tractability and Modern Satisfiability Modulo Theories Solver Bjørner and de Moura, Handbook of Tractability 2013. Applications of SMT solvers Bjørner and de Moura, Notes 2013. Horn Clause Solvers for Program Verification Bjørner, Gurfinkel, McMillan, Rybalchenko YuriFest 2015.

SAT in a nutshell

SAT in a nutshell (Tie  Shirt)  (Tie  Shirt)  (Tie  Shirt)

SMT in a nutshell

Is formula  satisfiable modulo theory T ? Satisfiability Modulo Theories (SMT) Is formula  satisfiable modulo theory T ? SMT solvers have specialized algorithms for T

Satisfiability Modulo Theories (SMT) 𝑥+2=𝑦⇒𝑓 𝑠𝑒𝑙𝑒𝑐𝑡 𝑠𝑡𝑜𝑟𝑒 𝑎,𝑥,3 ,𝑦−2 =𝑓(𝑦−𝑥+1) Array Theory Arithmetic Uninterpreted Functions 𝑠𝑒𝑙𝑒𝑐𝑡(𝑠𝑡𝑜𝑟𝑒 𝑎,𝑖,𝑣 ,𝑖)=𝑣 𝑖≠𝑗⇒𝑠𝑒𝑙𝑒𝑐𝑡(𝑠𝑡𝑜𝑟𝑒 𝑎,𝑖,𝑣 ,𝑗)=𝑠𝑒𝑙𝑒𝑐𝑡(𝑎,𝑗)

SMT Solving in a nutshell Job Shop Scheduling SMT Solving in a nutshell

Job Shop Scheduling Machines Tasks Jobs P = NP? Laundry 𝜁 𝑠 =0⇒𝑠= 1 2 +𝑖𝑟

Job Shop Scheduling Constraints: Precedence: between two tasks of the same job Resource: Machines execute at most one job at a time 3 1 2 4 𝑠𝑡𝑎𝑟 𝑡 2,2 ..𝑒𝑛 𝑑 2,2 ∩ 𝑠𝑡𝑎𝑟 𝑡 4,2 ..𝑒𝑛 𝑑 4,2 =∅

Job Shop Scheduling Constraints: Encoding: Precedence: 𝑡 2,3 - start time of job 2 on mach 3 𝑑 2,3 - duration of job 2 on mach 3 𝑡 2,3 + 𝑑 2,3 ≤ 𝑡 2,4 Resource: 3 1 2 4 Not convex 𝑡 2,2 + 𝑑 2,2 ≤ 𝑡 4,2 ∨ 𝑡 4,2 + d 4,2 ≤ 𝑡 2,2 𝑠𝑡𝑎𝑟 𝑡 2,2 ..𝑒𝑛 𝑑 2,2 ∩ 𝑠𝑡𝑎𝑟 𝑡 4,2 ..𝑒𝑛 𝑑 4,2 =∅

Job Shop Scheduling

Job Shop Scheduling Efficient solvers: - Floyd-Warshal algorithm - Ford-Fulkerson algorithm case split case split 𝑧 −𝑧= 5 – 2 – 3 – 2 = −2 < 0

Theories

Theories Uninterpreted functions

Theories Uninterpreted functions Arithmetic (linear)

Theories Uninterpreted functions Arithmetic (linear) Bit-vectors

Theories Uninterpreted functions Arithmetic (linear) Bit-vectors Algebraic data-types

Theories Uninterpreted functions Arithmetic (linear) Bit-vectors Algebraic data-types Arrays

Theories Uninterpreted functions Arithmetic (linear) Bit-vectors Algebraic data-types Arrays Polynomial Arithmetic

QUANTIFIERS

Equality-Matching 𝑔 𝑐,𝑥 matches 𝑔 𝑏,𝑏 with substitution 𝑥↦𝑏 modulo 𝑏=𝑐 𝑝 (∀…) ∧ 𝑎=𝑔 𝑏,𝑏 ∧ 𝑏=𝑐 ∧ 𝑓 𝑎 ≠𝑐 ∧ 𝑝 (∀𝑥 ...) →𝑓 𝑔 𝑐,𝑏 =𝑏 (∀𝑥 𝑓 𝑔 𝑐,𝑥 =𝑥) ∧ 𝑎=𝑔 𝑏,𝑏 ∧ 𝑏=𝑐 ∧ 𝑓 𝑎 ≠𝑐 ∧ ∀𝑥 𝑓 𝑔 𝑐,𝑥 =𝑥 →𝑓 𝑔 𝑐,𝑏 =𝑏 𝑔 𝑐,𝑥 matches 𝑔 𝑏,𝑏 with substitution 𝑥↦𝑏 modulo 𝑏=𝑐 [de Moura, B. CADE 2007]

Quantifier Elimination Presburger Arithmetic, Algebraic Data-types, Quadratic polynomials SMT integration to prune branches [B. IJCAR 2010]

MBQI: Model based Quantifier Instantiation [de Moura, Ge. CAV 2008] [Bonachnia, Lynch, de Moura CADE 2009] [de Moura, B. IJCAR 2010]

Horn Clauses mc(x) = x-10 if x > 100 mc(x) = mc(mc(x+11)) if x  100 assert (mc(x)  91) ∀𝑿. 𝑿 > 𝟏𝟎𝟎  mc(𝑿,𝑿−𝟏𝟎) ∀𝑿,𝒀,𝑹. 𝑿≤ 𝟏𝟎𝟎  mc(𝑿+𝟏𝟏,𝒀)  mc(𝒀,𝑹)  mc(𝑿,𝑹) ∀𝑿,𝑹. mc(𝑿,𝑹) ∧𝑿≤𝟏𝟎𝟏→𝑹= 𝟗𝟏 Solver finds solution for mc [Hoder, B. SAT 2012]

MODELS, Proofs, Cores & Simplification

Models Logical Formula Sat/Model

Cores Logical Formula Unsat. Core

APIs C C++ python OCaml .NET Java

Summary Z3 supports several theories Z3 is more than sat/unsat Using a default combination Providing custom tactics for special combinations Z3 is more than sat/unsat Models, proofs, unsat cores, simplification, quantifier elimination are tactics Prototype with python/smt-lib2 Implement using smt-lib2/programmatic API