Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Slides:



Advertisements
Similar presentations
Demand-driven inference of loop invariants in a theorem prover
Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Course Summary What have we learned and what are we expected to know?
Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June
Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”
50.530: Software Engineering
Satisfiability Modulo Theories (An introduction)
Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.
UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.
Propositional and First Order Reasoning. Terminology Propositional variable: boolean variable (p) Literal: propositional variable or its negation p 
On Solving Presburger and Linear Arithmetic with SAT Ofer Strichman Carnegie Mellon University.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
Introduction to Algorithms
CPSC 422, Lecture 21Slide 1 Intelligent Systems (AI-2) Computer Science cpsc422, Lecture 21 Mar, 4, 2015 Slide credit: some slides adapted from Stuart.
Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.
Leonardo de Moura and Nikolaj Bjørner Microsoft Research.
Basic Feasible Solutions: Recap MS&E 211. WILL FOLLOW A CELEBRATED INTELLECTUAL TEACHING TRADITION.
Nikolaj Bjørner Microsoft Research Lecture 4. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
Daniel Kroening and Ofer Strichman Decision Procedures An Algorithmic Point of View Gaussian Elimination and Simplex.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.
Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.
ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 5.
1 Satisfiability Modulo Theories Sinan Hanay. 2 Boolean Satisfiability (SAT) Is there an assignment to the p 1, p 2, …, p n variables such that  evaluates.
1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University.
Presented by Ed Clarke Slides borrowed from P. Chauhan and C. Bartzis
Prof. Necula CS Lecture 121 Decision-Procedure Based Theorem Provers Tactic-Based Theorem Proving Inferring Loop Invariants CS Lecture 12.
GRASP-an efficient SAT solver Pankaj Chauhan. 6/19/ : GRASP and Chaff2 What is SAT? Given a propositional formula in CNF, find an assignment.
Technion 1 Generating minimum transitivity constraints in P-time for deciding Equality Logic Ofer Strichman and Mirron Rozanov Technion, Haifa, Israel.
GRASP SAT solver Presented by Constantinos Bartzis Slides borrowed from Pankaj Chauhan J. Marques-Silva and K. Sakallah.
1 A theory-based decision heuristic for DPLL(T) Dan Goldwasser Ofer Strichman Shai Fine Haifa university TechnionIBM-HRL.
Technion 1 (Yet another) decision procedure for Equality Logic Ofer Strichman and Orly Meir Technion.
ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 4.
1 A propositional world Ofer Strichman School of Computer Science, Carnegie Mellon University.
On Solving Presburger and Linear Arithmetic with SAT Ofer Strichman Carnegie Mellon University.
Daniel Kroening and Ofer Strichman Decision Procedures An Algorithmic Point of View Deciding ILPs with Branch & Bound ILP References: ‘Integer Programming’
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
Leonardo de Moura Microsoft Research. Many approaches Graph-based for difference logic: a – b  3 Fourier-Motzkin elimination: Standard Simplex General.
Decision Procedures An Algorithmic Point of View
1 Decision Procedures for Linear Arithmetic Presented By Omer Katz 01/04/14 Based on slides by Ofer Strichman.
Boolean Satisfiability and SAT Solvers
SAT and SMT solvers Ayrat Khalimov (based on Georg Hofferek‘s slides) AKDV 2014.
Simplex method (algebraic interpretation)
Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball
Solvers for the Problem of Boolean Satisfiability (SAT) Will Klieber Aug 31, 2011 TexPoint fonts used in EMF. Read the TexPoint manual before you.
Pareto Linear Programming The Problem: P-opt Cx s.t Ax ≤ b x ≥ 0 where C is a kxn matrix so that Cx = (c (1) x, c (2) x,..., c (k) x) where c.
Lazy Annotation for Program Testing and Verification Speaker: Chen-Hsuan Adonis Lin Advisor: Jie-Hong Roland Jiang November 26,
3.3 Implementation (1) naive implementation (2) revised simplex method
On the Relation between SAT and BDDs for Equivalence Checking Sherief Reda Rolf Drechsler Alex Orailoglu Computer Science & Engineering Dept. University.
Solving Non-linear Arithmetic Dejan Jovanovic and Leonadro de Moura Presented by Boris Trayvas.
Decision methods for arithmetic Third summer school on formal methods Leonardo de Moura Microsoft Research.
Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015Information Security, CS 5261.
Nikolaj Bjørner Microsoft Research DTU Winter course January 2 nd 2012 Organized by Flemming Nielson & Hanne Riis Nielson.
This Week Lecture on relational semantics Exercises on logic and relations Labs on using Isabelle to do proofs.
Logic Engines as a Service Leonardo de Moura and Nikolaj Bjørner Microsoft Research.
TU/e Algorithms (2IL15) – Lecture 12 1 Linear Programming.
1 A framework for eager encoding Daniel Kroening ETH, Switzerland Ofer Strichman Technion, Israel (Executive summary) (submitted to: Formal Aspects of.
Knowledge Repn. & Reasoning Lecture #9: Propositional Logic UIUC CS 498: Section EA Professor: Eyal Amir Fall Semester 2005.
TU/e Algorithms (2IL15) – Lecture 12 1 Linear Programming.
Satisfiability Modulo Theories and DPLL(T) Andrew Reynolds March 18, 2015.
Integer Programming An integer linear program (ILP) is defined exactly as a linear program except that values of variables in a feasible solution have.
Chap 10. Sensitivity Analysis
Satisfiability Modulo Theories
Computability and Complexity
A theory-based decision heuristic for DPLL(T)
Satisfiability Modulo Theories
Complexity 6-1 The Class P Complexity Andrei Bulatov.
2. Generating All Valid Inequalities
GRASP-an efficient SAT solver
Presentation transcript:

Nikolaj Bjørner Microsoft Research Lecture 3

DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3 2Congruence closureProgram exploration with Pex 3A solver for arithmetic.Encoding arithmetic problems 4Theory combination. Arrays (part 1) Arrays 5Arrays, (part 2) and quantifiers Build a theory solver on top of Z3

A solver for Arithmetic Lab: Explore Pex Rush hour and bounded model checking

Slides for Lecture 5 contains a comprehensive list of references Default pointer, with pointers to pointers:

Find x, y such that: For reals: Solution: For integers: No solution

The set of terms T LA and atoms A LA : t  T LA ::= r  xx   F r  Int/Rational | t + t’ t, t’  T LA Shorthand: x instead of 1  x a  A LA ::= t  t’ t, t’  T LA |t < t’ |t = t’

Constraints are of the form x – y  4y – z  7 Example unsatisfiable constraints: x 1 - x 2  -3, x 2 - x 3  1, x 3 - x 4  -2, x 4 - x 1  3 Proof: 0 = (x 1 - x 2 )+(x 2 - x 3 )+(x 3 - x 4 )+(x 4 - x 1 )= – = -1

Graph interpretation: Variables are nodes. Atoms x – y  c are weighted edges A set of literals is satisfiable iff there is no negative cycle: where C := c 1 + c 2 + c 3 + c 4 < 0. A negative cycle implies a contradiction 0  C < 0.

How to find negative cycles? Bellman-Ford style algorithm O(nm), where n – # vertices, m – # edges. Floyd-Warshall O(n 3 ), works OK when m  n 2 for : cost[x,y] := c, else cost[x,y] =  for x  V: for y  V: for z  V: cost[x,y] := min(cost[x,y], cost[x,z] + cost[z,y]) Check that  x. cost[x,x]  0

What about  (x – y  c)  (y – x < -c)? x, y integers: (y – x < -c)  (y – x  -c-1) x,y reals: Use infinitesimals . (y – x < -c)  (y – x  -c-  ) Formally, constants are pairs  c,c’  with interpretation c + c’  Sample negative cycle:

Not all linear arithmetic uses only two variables per inequality

Fourier-Motzkin: Quantifier elimination procedure  x (t  ax  t’  bx  cx  t’’)  ct  at’  ct’  bt’’ Polynomial for difference logic. Generally: exponential space, doubly exponential time. Simplex: Worst-case exponential, but Time-tried practical efficiency. Linear space

Simplex general form Pre-processing step Algorithm based on Dual Simplex Efficient backtracking Efficient Theory propagation The following material is from: Dutetre & de Moura CAV 2006

General form: Ax = s, l j  x j, s j  u j Example: Only bounds (e.g., s 1  0 ) are asserted during search.

Tableau Ax = s is built during pre-processing Bounds are asserted and un-asserted during search

Tableau Ax = s is built during pre-processing Bounds are asserted and un-asserted during search Backtracking should be cheap – and it is: Let  (x 1 ) = 0,  (x 2 ) = -1,  (s 2 ) = 0  satisfies x 1  4, x 2  -1, -3  s 2 then  satisfies x 1  4, x 2  -1

Tableau Ax = s from pre-processing. Initial assignment , where  (x i ) = 0,  (s i ) = 0 satisfies tableau. What do we do when bounds are asserted? We pivot.

Terminology: Ax = s The s variables are basic. The x variables are non-basic. Invariant on Ax = s,  : For non-basic variables: l j   (x j )  u j The role of pivoting: also satisfy bounds on non- basic variables.

New bound x j  u is asserted. Set  (x j )  min(  (x j ), u) Check each row with x j if bounds on non-basic variables are satisfied. If not, pivot and update

Asserting Assignment EquationsBounds

Asserting assignment does not satisfy bounds Assignment EquationsBounds

Asserting pivot s and x (s is a dependent variable) Assignment EquationsBounds

Asserting pivot s and x (s is a dependent variable) Assignment EquationsBounds

Asserting pivot s and x (s is a dependent variable) Assignment EquationsBounds

Asserting update dependent variable assignment Assignment EquationsBounds

Asserting update dependent variable assignment Assignment EquationsBounds

Asserting Assignment EquationsBounds

Asserting assignment satisfies new bound Assignment EquationsBounds

Case split Assignment EquationsBounds

Case split bounds do not satisfy assignment Assignment EquationsBounds

Case split update assignment Assignment EquationsBounds

Case split update dependent assignment Assignment EquationsBounds

Bound violation Assignment EquationsBounds

Bound violation pivot x and s (x is a dependent variable) Assignment EquationsBounds

Bound violation pivot x and s (x is a dependent variable) Assignment EquationsBounds

Bound violation pivot x and s (x is a dependent variable) Assignment EquationsBounds

Bound violation pivot x and s (x is a dependent variable) Assignment EquationsBounds

Bound violation update assignment Assignment EquationsBounds

Theory propagation: Assignment EquationsBounds

Theory propagation: Assignment EquationsBounds

Boolean propagation: Assignment EquationsBounds

Theory propagation: Assignment EquationsBounds

Conflict Assignment EquationsBounds

Backtrack Assignment EquationsBounds

Assert y  1 assignment does not satisfy bound Assignment EquationsBounds

Assert y  1 update assignment Assignment EquationsBounds

Theory propagation Assignment EquationsBounds

Boolean propagation Assignment EquationsBounds

Assignment does not satisfy bounds Assignment EquationsBounds

Pivot v and x ( v is a dependent variable) Assignment EquationsBounds

Pivot v and x ( v is a dependent variable) Assignment EquationsBounds

Update assignment to v Assignment EquationsBounds

Update all other assignments Assignment EquationsBounds

Boolean propagation Assignment EquationsBounds

Bound violation assignment to u does not satisfy bounds. Assignment EquationsBounds

Bound violation pivot u and v (u is a dependent variable) Assignment EquationsBounds

Bound violation pivot u and v (u is a dependent variable) Assignment EquationsBounds

Bound violation update assignment Assignment EquationsBounds

Bound violation update assignment on dependent variables Assignment EquationsBounds

Bound violation bounds on s are violated Assignment EquationsBounds

Bound violation pivot s and y (s is a dependent variable) Assignment EquationsBounds

Bound violation update value of s Assignment EquationsBounds

Propagate pivot to other rows Assignment EquationsBounds

Propagate assignment to dependent variables Assignment EquationsBounds

Tableau is feasible, constraints are satisfied Assignment EquationsBounds

New bound x j  u is asserted. Set  (x j )  min(  (x j ), u) Check each row with x j if bounds on non-basic variables are satisfied. Tableau is infeasible if some row: s = 3x 1 + 4x 2 - 5x 3 Either l s > 3u x1 + 4u x2 - 5l x3, Or u s < 3l x1 + 4l x2 - 5u x3 A tableau may still be feasible even if  on non- basic variable is not satisfied.

New bound x j  u is asserted. Set  (x j )  min(  (x j ), u) A tableau may still be feasible even if  on non-basic variable is not satisfied. Restore feasible tableau: Pivoting Exchange basic and non-basic variables in row where basic variable can be fixed. Substitute new basic variable everywhere else Update assignment 

GCD test Gomory Cut Branch and Bound

Mostly encountered in SMT applications of Hybrid systems. Decision problem is doubly exponential. Tools: CAD: Cylindric Algebraic Decomposition Gröbner Basis computation Symbolic solutions (using non-standard numerals)

Choice of solver (and when to apply it) depends on: Problem characteristics: Difference logic Dense difference logic – Floyd Warshall. Full linear arithmetic Solver must work in the context of: Backtracking search engine Producing succinct explanations

Source Language C# + goodies = Spec# Specifications method contracts, invariants, field and type annotations. Program Logic: Dijkstra’s weakest preconditions. Automatic Verification type checking, verification condition generation (VCG), automatic theorem proving (SMT) Spec# (annotated C#) Boogie PL Spec# Compiler VC Generator Formulas Automatic Theorem Prover

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.