8/2/2018 4:21 AM Lifting SAT to richer theories: bit-vectors, finite bases, and theory combination Christoph M. Wintersteiger © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What is SMT? Satisfiability Modulo Theories SMT Theories Decision procedures for pre-defined theories/logics Theory combination strategy Language standard Benchmark library http://smtlib.org http://github.com/Z3Prover/Z3 SMT Theories Booleans Uninterpreted functions Integers (linear & non-linear) Reals (linear & non-linear) Bit-vectors Arrays Floating-point arithmetic (Datatypes, Strings, Probabilities, … )

The big picture mcSAT DP Nelson/Oppen T/C ADPLL (with learning) DPLL ADPLL(T) Model-based T/C CDCL ACDCL Abstract interpretation B-CSP CSP R. Nieuwenhuis, A. Oliveras, C. Tinelli: Solving SAT and SAT Modulo Theories: From an abstract Davis-Putnam-Logemann-Loveland procedure to DPLL(T). J. ACM 53(6) 2006. R. Nieuwenhuis, A. Oliveras, C. Tinelli: Abstract DPLL and Abstract DPLL Modulo Theories. LPAR 2004. V. D'Silva, L. Haller, D. Kroening: Abstract conflict driven learning. POPL 2013. L. de Moura, D. Jovanović: A Model-Constructing Satisfiability Calculus. VMCAI 2013. N. Creignou, H. Vollmer: Boolean Constraint Satisfaction Problems: When Does Post's Lattice Help? Complexity of Constraints 2008.

Abstract DPLL 𝑀∥𝐹, 𝐶∨𝑙 ⇒ 𝑀𝑙∥𝐹,𝐶∨𝑙 Start at ∅∥𝐹 UnitPropagate: If 𝑀⊨¬𝐶 and 𝑙 is undefined in 𝑀 R. Nieuwenhuis, A. Oliveras, C. Tinelli: Solving SAT and SAT Modulo Theories: From an abstract Davis-Putnam- Logemann-Loveland procedure to DPLL(T). J. ACM 53(6) 2006

Abstract DPLL(T) (One theory; combinations hidden) 𝑀∥𝐹 ⇒ 𝑀∥𝐹, 𝐶 T-Learn: 𝑀∥𝐹 ⇒ 𝑀∥𝐹, 𝐶 If each atom of 𝐶 occurs in 𝐹 or in 𝑀 and 𝐹 ⊨ 𝑇 𝐶. R. Nieuwenhuis, A. Oliveras, C. Tinelli: Solving SAT and SAT Modulo Theories: From an abstract Davis-Putnam- Logemann-Loveland procedure to DPLL(T). J. ACM 53(6) 2006

Model-constructing satisfiability calculus Microsoft Research 2013 8/2/2018 4:21 AM Model-constructing satisfiability calculus Borrows from ADPLL(T) Finite basis 𝔹 A finite number of predicates (for termination, in the worst case) Pick a new predicate at any time Explanations Explain conflicts, implications (usually clauses) Performance depends on Good basis exploration (and coverage?) Good decision making Efficient domain representation L. de Moura, D. Jovanović: A Model-Constructing Satisfiability Calculus. VMCAI 2013. © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

mcSAT clausal rules 𝑀,𝐶 ⇒ 𝑀,𝐿 ,𝐶 Decide: If 𝐿∈𝔹, 𝑣𝑎𝑙𝑢𝑒 𝐿,𝑀 =𝑢𝑛𝑑𝑒𝑓 𝑀,𝐶 ⇒ 𝑀,𝐿 ,𝐶 If 𝐿∈𝔹, 𝑣𝑎𝑙𝑢𝑒 𝐿,𝑀 =𝑢𝑛𝑑𝑒𝑓 L. de Moura, D. Jovanović: A Model-Constructing Satisfiability Calculus. VMCAI 2013.

mcSAT theory rules L. de Moura, D. Jovanović: A Model-Constructing Satisfiability Calculus. VMCAI 2013.

mcSAT crucials Pick any 𝐿∈𝔹 Assign variables T-Backjump-Decide All on one trail Assign variables Boolean or theory Such that the trail stays consistent T-Backjump-Decide Non-asserting clauses Tricky termination arguments explain(…) Contains magic

A word on ACDCL Based on Abstract Interpretation (A different “abstract”) Roughly: abstract domains implement theories Greatest fix-point implements (Boolean) constraint propagation Least fix-point implements conflict resolution Theory combination Adapted Nelson/Oppen Cartesian product of domains V. D'Silva, L. Haller, D. Kroening: Abstract conflict driven learning. POPL 2013

A bit-blasting challenge (set-logic QF_BV) (declare-fun x () (_ BitVec 29980)) (declare-fun y () (_ BitVec 29980)) (assert (and (bvuge x y) (bvule (bvadd x (_ bv1 29980)) y))) 𝑥 ≥ 𝑢 𝑦 ∧ 𝑥+1 ≤ 𝑢 𝑦 (QF_BV/pspace/ndist.b.29980.smt2; SAT; model: x=1…1, y=0…0)

mcBV Decision procedure for the theory of bit-vectors based on mcSAT Microsoft Research 2013 8/2/2018 4:21 AM mcBV Decision procedure for the theory of bit-vectors based on mcSAT avoids bit-blasting (often) preserves word-level structure using tailor-made conflict driven learning theory lemmas ~ conflict explanations A. Zeljić, C. M. Wintersteiger, P. Rümmer: Deciding Bit-Vector Formulas with mcSAT. SAT 2016. © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

mcSAT requirements Finite basis of literals/predicates B Can be large Possibly the cross-product of multiple bases Explain function Returns a valid clause which evaluates to false under the trail Literals are not necessarily on the trail, but must be from B Value function Can evaluate any literal/predicate Definition affects the strength of propagation

mcBV news I Theory decisions Projections Decide on theory variables, e.g., 𝑥=0𝑥2𝐴 Projections 𝑥 7:4 =0𝑥𝐴

mcBV news II Two model assignment representations Run-length encoded bit-patterns 𝑥= 1 3 0 4 ∗ 2 0 1 Sound & complete Bounds 1<𝑥<42 Sound Cross-theory Propagation Conflicts Explanations, (some) generalization

Experiments I

Experiments II

Lessons learned Implementation complexity Heuristics Explanations Underestimated by all involved parties Abstract rules cannot be implemented directly Efficient data structures yet to be discovered Heuristics Unclear what works And what should work Explanations Extensions Generalization (Craig) Interpolation …> cat *.fs | wc -l 10633 …> cat *.fs | sed "/^\s*$/d" | wc -l 8846

Theory combination Nelson/Oppen Model-based theory combination Theory solvers deduce and exchange (disjunctions of) interface equalities (Can be delayed) Model-based theory combination “Optimistic approach” Propagates/exchanges all equalities implied by a candidate model (Interpolation) Cross-products of Abstract domains Finite bases

Wishlist Personal In theory & practice (Lazy) data structures Quantifiers, regular expressions over bit-vectors In theory & practice Extensions; at least some sub-class of Theory and understanding of heuristics Logic fragments/theory classes, sub-theories, finite bases Cross-theory interpolation/extensions Better complexity theory (Lazy) data structures Critical for any implementation Parallel/Distributed Decomposition (ideally cross-theory)

8/2/2018 4:21 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Bit-vector logic All variables are (existential) bit-vectors E.g., 𝑥 may be a 32-bit value The usual bit-vector operations +, −, ∗, /, extract, concat, zero-extend, … <, >, =, ≤,≥ (with overflows) Example: 𝑥+1=0 ∨ 𝑦∗2=1

Bit-vector explosion example Suppose ∀𝑥∈ 𝐵 32 ∃𝑦∈ 𝐵 32 . 𝑥=𝑦 Bit-blast into ∀ 𝑥 31 … 𝑥 0 ∃ 𝑦 31 … 𝑦 0 . 𝑥 31 = 𝑦 31 ∧ …∧ 𝑥 0 = 𝑦 0 100000 = 6 bits 2 6 =32 bits

Complexity UFBV QF_BV QBF SAT 2-NEXPTIME NEXPTIME EXPSPACE EXPTIME NP P UFBV QF_BV QBF SAT Kovásznai, Fröhlich, Biere: On the Complexity of Fixed-Size Bit-Vector Logics with Binary Encoded Bit-Width. SMT@IJCAR 2012 Fröhlich, Kovásznai, Biere: More on the Complexity of Quantifier-Free Fixed-Size Bit-Vector Logics with Binary Encoding. CSR 2013