Leonardo de Moura and Nikolaj Bjørner Microsoft Research.

Slides:



Advertisements
Similar presentations
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
Advertisements

SMELS: Sat Modulo Equality with Lazy Superposition Christopher Lynch – Clarkson Duc-Khanh Tran - MPI.
Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.
Demand-driven inference of loop invariants in a theorem prover
Satisfiability modulo the Theory of Bit Vectors
Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June
Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
Using SMT solvers for program analysis Shaz Qadeer Research in Software Engineering Microsoft Research.
Linear real and integer arithmetic. Fixed-size bit-vectors Uninterpreted functions Extensional arrays Quantifiers Model generation Several input formats.
50.530: Software Engineering
Satisfiability Modulo Theories (An introduction)
SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀
Verification of Functional Programs in Scala Philippe Suter (joint work w/ Ali Sinan Köksal and Viktor Kuncak) ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE,
Α ϒ ʎ …… Reachability Modulo Theories Akash Lal Shaz Qadeer, Shuvendu Lahiri Microsoft Research.
Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.
Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.
Proofs from Tests Nels E. Beckman Aditya V. Nori Sriram K. Rajamani Robert J. Simmons Carnegie Mellon UniversityMicrosoft Research India Carnegie Mellon.
Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.
Johannes Kepler University Linz, Austria 2008 Leonardo de Moura and Nikolaj Bjørner Microsoft Research.
Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.
1 Satisfiability Modulo Theories Sinan Hanay. 2 Boolean Satisfiability (SAT) Is there an assignment to the p 1, p 2, …, p n variables such that  evaluates.
1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.
1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University.
Nikolaj Bjørner Microsoft Research Lecture 1. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Introduction to encoding problems with Z3.
Yeting Ge Leonardo de Moura New York University Microsoft Research.
Counterexample Generation for Separation-Logic-Based Proofs Arlen Cox Samin Ishtiaq Josh Berdine Christoph Wintersteiger.
Nikolaj Bjørner Microsoft Research FSE &. Using Decision Engines for Microsoft. Dynamic Symbolic Execution Bit-precise Scalable Static Analysis.
Program Exploration with Pex Nikolai Tillmann, Peli de Halleux Pex
Back to the Future: Revisiting Precise Program Verification Using SMT Solvers Shuvendu Lahiri Shaz Qadeer Microsoft Research, Redmond Presented earlier.
Nikolaj Bjørner Leonardo de Moura Nikolai Tillmann Microsoft Research August 11’th 2008.
Quantifier Elimination Procedures in Z3 Support for Non-linear arithmetic Fixed-points – features and a preview.
1 A propositional world Ofer Strichman School of Computer Science, Carnegie Mellon University.
Austin, Texas 2011 Theorem Proving Tools for Program Analysis SMT Solvers: Yices & Z3 Austin, Texas 2011 Nikolaj Bjørner 2, Bruno Dutertre 1, Leonardo.
Leonardo de Moura Microsoft Research. Many approaches Graph-based for difference logic: a – b  3 Fourier-Motzkin elimination: Standard Simplex General.
Nikolaj Bjørner and Leonardo de Moura Microsoft Research Microsoft Corporation McMaster University, November 28, 2007.
Leonardo de Moura Microsoft Research. Quantifiers in Satisfiability Modulo Theories Logic is “The Calculus of Computer Science” (Z. Manna). High computational.
Nikolaj Bjørner, Leonardo de Moura Microsoft Research Bruno Dutertre SRI International.
1 Decision Procedures for Linear Arithmetic Presented By Omer Katz 01/04/14 Based on slides by Ofer Strichman.
From SAT to SMT A Tutorial Nikolaj Bjørner Microsoft Research Dagstuhl April 23, 2015.
1 A Combination Method for Generating Interpolants Greta Yorsh Madan Musuvathi Tel Aviv University, Israel Microsoft Research, Redmond, US CAV’05.
SAT and SMT solvers Ayrat Khalimov (based on Georg Hofferek‘s slides) AKDV 2014.
Leonardo de Moura and Nikolaj Bjørner Microsoft Research.
Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball
Introduction to Satisfiability Modulo Theories
Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T.
Victor Kuliamin Institute for System Programming Russian Academy of Sciences Moscow.
SAT & SMT. Software Verification & Testing SAT & SMT Test case generation Predicate Abstraction Verifying Compilers.
Leonardo de Moura Microsoft Research. SATTheoriesSMT Arithmetic Bit-vectors Arrays …
Leonardo de Moura Microsoft Research. Quantifiers in Satisfiability Modulo Theories Logic is “The Calculus of Computer Science” (Z. Manna). High computational.
Decision methods for arithmetic Third summer school on formal methods Leonardo de Moura Microsoft Research.
Boolean Satisfiability Present and Future
Leonardo de Moura and Nikolaj Bjørner Microsoft Research.
Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015Information Security, CS 5261.
Welcome to CS 477 Formal Methods in Software Development Spring 2011 Madhusudan Parthasarathy ( Madhu )
Nikolaj Bjørner Microsoft Research DTU Winter course January 2 nd 2012 Organized by Flemming Nielson & Hanne Riis Nielson.
Planning as Satisfiability (SAT-Plan). SAT-Plan Translate the planning problem into a satisfiability problem for length n of Plan garb 0 (proposition)present.
Leonardo de Moura Microsoft Research. Applications and Challenges in Satisfiability Modulo Theories Verification/Analysis tools need some form of Symbolic.
K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 15 Nov 2007 Chalmers Göteborg, Sweden.
Logic Engines as a Service Leonardo de Moura and Nikolaj Bjørner Microsoft Research.
Finding Conflicting Instances of Quantified Formulas in SMT Andrew Reynolds Cesare Tinelli Leonardo De Moura July 18, 2014.
Selected Decision Procedures and Techniques for SMT More on combination – theories sharing sets – convex theory Un-interpreted function symbols (quantifier-free.
Nikolaj Bjørner Microsoft Research DTU Winter course January 4 th 2012 Organized by Hanne Riis Nielson, Flemming Nielson.
Satisfiability Modulo Theories and DPLL(T) Andrew Reynolds March 18, 2015.
Satisfiability Modulo Theories
Lazy Proofs for DPLL(T)-Based SMT Solvers
Solving Linear Arithmetic with SAT-based MC
Satisfiability Modulo Theories
A Progressive Approach for Satisfiability Modulo Theories
The SMT-LIB Initiative
Presentation transcript:

Leonardo de Moura and Nikolaj Bjørner Microsoft Research

Z3 is a Satisfiability Modulo Theories (SMT) solver. Z3 integrates several decision procedures. Z3 is used in several program analysis, verification, test- case generation projects at Microsoft. Z3 1.2 is freely available for academic research: Z3: An Efficient SMT Solver

ArithmeticArithmetic Array Theory Uninterpreted Functions

Linear real and integer arithmetic. Fixed-size bit-vectors Uninterpreted functions Extensional arrays Quantifiers Model generation Several input formats (Simplify, SMT-LIB, Z3, Dimacs) Extensive API (C/C++,.Net, OCaml) Z3: An Efficient SMT Solver

Theories Core Theory SAT solver Rewriting Simplification Bit-Vectors Arithmetic Partial orders Tuples E-matching Arrays OCaml Text.NET C C

Z3: An Efficient SMT Solver VCC Boogie Hyper-V Rustan Leino, Mike Barnet, Michal Mosƙal, Shaz Qadeer, Shuvendu Lahiri, Herman Venter, Peter Muller, Wolfram Schulte, Ernie Cohen Verification condition Bug path HAVOC

Quantifiers, quantifiers, quantifiers, … Modeling the runtime Frame axioms (“what didn’t change”) Users provided assertions (e.g., the array is sorted) Prototyping decision procedures (e.g., reachability, heaps, …) Solver must be fast in satisfiable instances. Trade-off between precision and performance. Candidate (Potential) Models Z3: An Efficient SMT Solver

Execution Path Run Test and Monitor Path Condition Unexplored path Solve seed New input Test Inputs Nikolai Tillmann, Peli de Halleux, Patrice Godefroid Aditya Nori, Jean Philippe Martin, Miguel Castro, Manuel Costa, Lintao Zhang Constraint System Known Paths Vigilante

Formulas may be a big conjunction Pre-processing step Eliminate variables and simplify input format Incremental: solve several similar formulas New constraints are asserted. push and pop: (user) backtracking Lemma reuse “Small Models” Given a formula F, find a model M, that minimizes the value of the variables x 0 … x n Z3: An Efficient SMT Solver

Ella Bounimova, Vlad Levin, Jakob Lichtenberg, Tom Ball, Sriram Rajamani, Byron Cook Z3 is part of SDV 2.0 (Windows 7) It is used for: Predicate abstraction (c2bp) Counterexample refinement (newton)

All-SAT Fast Predicate Abstraction Unsatisfiable cores Why the abstract path is not feasible? Z3: An Efficient SMT Solver

Bounded model-checking of model programs Termination Security protocols Business application modeling Cryptography Model Based Testing (SQL-Server) Your killer-application here Z3: An Efficient SMT Solver

Model-based Theory Combination How to efficiently combine theory solvers? Use models to control Theory Combination. E-matching abstract machine Term indexing data-structures for incremental matching modulo equalities. Relevancy propagation Use Tableau advantages with DPLL engine Z3: An Efficient SMT Solver

Given arrays: bool a1[bool]; bool a2[bool]; bool a3[bool]; bool a4[bool]; All can be distinct. Add: bool a5[bool]; Two of a1,..,a5 must be equal.

Coming soon (Z3 2.0): Proofs & Unsat cores Superposition Calculus Decidable Fragments Machine Learning Non linear arithmetic (Gröbner Bases) Inductive Datatypes Improved Array & Bit-vector theories Several performance improvements More “customers” & Applications Z3: An Efficient SMT Solver

Z3 is a new SMT solver from Microsoft Research. Z3 is used in several projects. Z3 is freely available for academic research: Z3: An Efficient SMT Solver

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.