1. Satisfiability Modulo Theories
9/12/2018 8:37 PM
Satisfiability Modulo Theories
Nikolaj Bjørner
Microsoft Research
Marktoberdorf Summer School
August
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. Lectures
Mon: An Introduction to SMT with Z3 Wed: Algorithmic underpinnings of SAT/SMT Thu: Theories, Solvers and Applications Fri: Topics: Horn Clauses, Quantifiers, Optimization

3. Plan Satisfiability Modulo Theories in a nutshell
SMT solving in a nutshell
SMT by example

4. Takeaways:
Modern SMT solvers are a often good fit for program analysis tools.
Handle domains found in programs directly.
The selected examples are intended to show instances where sub-tasks are reduced to SMT/Z3.

5. If you use Z3,
This could be you

6. – Backed by Proof Plumbers
Handbook of Satisfiability
Not all is hopeless
Leonardo de Moura, Nikolaj Bjørner, Christoph Wintersteiger

7. Background Reading: SAT

8. Background Reading: SMT
September 2011

9. Background Reading
Tractability and Modern Satisfiability Modulo Theories Solver Bjørner and de Moura, Handbook of Tractability 2013.
Applications of SMT solvers Bjørner and de Moura, Notes 2013.
Horn Clause Solvers for Program Verification Bjørner, Gurfinkel, McMillan, Rybalchenko YuriFest 2015.

10. SAT in a nutshell

11. SAT in a nutshell
(Tie  Shirt)  (Tie  Shirt)  (Tie  Shirt)

12. SMT in a nutshell

13. Is formula  satisfiable modulo theory T ?
Satisfiability Modulo Theories (SMT)
Is formula  satisfiable modulo theory T ?
SMT solvers have specialized algorithms for T

14. Satisfiability Modulo Theories (SMT)
𝑥+2=𝑦⇒𝑓 𝑠𝑒𝑙𝑒𝑐𝑡 𝑠𝑡𝑜𝑟𝑒 𝑎,𝑥,3 ,𝑦−2 =𝑓(𝑦−𝑥+1)
Array Theory
Arithmetic
Uninterpreted Functions
𝑠𝑒𝑙𝑒𝑐𝑡(𝑠𝑡𝑜𝑟𝑒 𝑎,𝑖,𝑣 ,𝑖)=𝑣
𝑖≠𝑗⇒𝑠𝑒𝑙𝑒𝑐𝑡(𝑠𝑡𝑜𝑟𝑒 𝑎,𝑖,𝑣 ,𝑗)=𝑠𝑒𝑙𝑒𝑐𝑡(𝑎,𝑗)

15. SMT Solving in a nutshell
Job Shop Scheduling
SMT Solving in a nutshell

16. Job Shop Scheduling Machines Tasks Jobs P = NP? Laundry
𝜁 𝑠 =0⇒𝑠= 1 2 +𝑖𝑟

17. Job Shop Scheduling Constraints:
Precedence: between two tasks of the same job
Resource: Machines execute at most one job at a time 3 1 2 4
𝑠𝑡𝑎𝑟 𝑡 2,2 ..𝑒𝑛 𝑑 2,2 ∩ 𝑠𝑡𝑎𝑟 𝑡 4,2 ..𝑒𝑛 𝑑 4,2 =∅

18. Job Shop Scheduling Constraints: Encoding:
Precedence: 𝑡 2,3 - start time of job 2 on mach 3
𝑑 2,3 - duration of job 2 on mach 3
𝑡 2,3 + 𝑑 2,3 ≤ 𝑡 2,4
Resource: 3 1 2 4
Not convex
𝑡 2,2 + 𝑑 2,2 ≤ 𝑡 4,2 ∨
𝑡 4,2 + d 4,2 ≤ 𝑡 2,2
𝑠𝑡𝑎𝑟 𝑡 2,2 ..𝑒𝑛 𝑑 2,2 ∩ 𝑠𝑡𝑎𝑟 𝑡 4,2 ..𝑒𝑛 𝑑 4,2 =∅

19. Job Shop Scheduling

20. Job Shop Scheduling Efficient solvers: - Floyd-Warshal algorithm
- Ford-Fulkerson algorithm
case split
case split
𝑧 −𝑧= 5 – 2 – 3 – 2 = −2 < 0

21. Theories

22. Theories
Uninterpreted functions

23. Theories
Uninterpreted functions Arithmetic (linear)

24. Theories
Uninterpreted functions Arithmetic (linear) Bit-vectors

25. Theories
Uninterpreted functions Arithmetic (linear) Bit-vectors Algebraic data-types

26. Theories
Uninterpreted functions Arithmetic (linear) Bit-vectors Algebraic data-types Arrays

27. Theories
Uninterpreted functions Arithmetic (linear) Bit-vectors Algebraic data-types Arrays Polynomial Arithmetic

28. QUANTIFIERS

29. Equality-Matching 𝑔 𝑐,𝑥 matches 𝑔 𝑏,𝑏 with substitution 𝑥↦𝑏 modulo 𝑏=𝑐
𝑝 (∀…) ∧ 𝑎=𝑔 𝑏,𝑏 ∧ 𝑏=𝑐 ∧ 𝑓 𝑎 ≠𝑐 ∧ 𝑝 (∀𝑥 ...) →𝑓 𝑔 𝑐,𝑏 =𝑏
(∀𝑥 𝑓 𝑔 𝑐,𝑥 =𝑥) ∧ 𝑎=𝑔 𝑏,𝑏 ∧ 𝑏=𝑐 ∧ 𝑓 𝑎 ≠𝑐 ∧ ∀𝑥 𝑓 𝑔 𝑐,𝑥 =𝑥 →𝑓 𝑔 𝑐,𝑏 =𝑏
𝑔 𝑐,𝑥 matches 𝑔 𝑏,𝑏 with substitution 𝑥↦𝑏 modulo 𝑏=𝑐
[de Moura, B. CADE 2007]

30. Quantifier Elimination
Presburger Arithmetic, Algebraic Data-types,
Quadratic polynomials
SMT integration to prune branches
[B. IJCAR 2010]

31. MBQI: Model based Quantifier Instantiation
[de Moura, Ge. CAV 2008]
[Bonachnia, Lynch, de Moura CADE 2009]
[de Moura, B. IJCAR 2010]

32. Horn Clauses
mc(x) = x-10 if x > 100 mc(x) = mc(mc(x+11)) if x  100 assert (mc(x)  91)
∀𝑿. 𝑿 > 𝟏𝟎𝟎  mc(𝑿,𝑿−𝟏𝟎)
∀𝑿,𝒀,𝑹. 𝑿≤ 𝟏𝟎𝟎  mc(𝑿+𝟏𝟏,𝒀)  mc(𝒀,𝑹)  mc(𝑿,𝑹)
∀𝑿,𝑹. mc(𝑿,𝑹) ∧𝑿≤𝟏𝟎𝟏→𝑹= 𝟗𝟏
Solver finds solution for mc
[Hoder, B. SAT 2012]

33. MODELS, Proofs, Cores & Simplification

34. Models
Logical Formula
Sat/Model

35. Cores
Logical Formula
Unsat. Core

36. APIs C
C++
python
OCaml
.NET
Java

37. Summary Z3 supports several theories Z3 is more than sat/unsat
Using a default combination
Providing custom tactics for special combinations
Z3 is more than sat/unsat
Models, proofs, unsat cores,
simplification, quantifier elimination are tactics
Prototype with python/smt-lib2
Implement using smt-lib2/programmatic API