Presentation is loading. Please wait.

Presentation is loading. Please wait.

Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.

Published byKatlyn Kimbell Modified over 10 years ago

Similar presentations

Presentation on theme: "Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14."— Presentation transcript:

1 Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14 2013

2 Lectures Wednesday 2:00pm-2:45pm: An Introduction to SMT with Z3 Thursday 11:00am-11:45am Algorithmic underpinnings of SAT/SMT Friday 9:00am-9:45am Theories, Solvers and Applications

3 Plan I.Satisfiability Modulo Theories in a nutshell II.SMT solving in a nutshell III.SMT by example

4 Takeaways: Modern SMT solvers are a often good fit for program analysis tools. – Handle domains found in programs directly. The selected examples are intended to show instances where sub-tasks are reduced to SMT/Z3.

5 If you use Z3, This could be you

6 – Backed by Proof Plumbers Leonardo de Moura, Nikolaj Bjørner, Christoph Wintersteiger Handbook of Satisfiability Not all is hopeless

7 Background Reading: SAT

8 Background Reading: SMT September 2011

9 SAT IN A NUTSHELL

10 SAT in a nutshell (Tie  Shirt)  (  Tie   Shirt)  (  Tie  Shirt)

11 SMT IN A NUTSHELL

12 Is formula  satisfiable modulo theory T ? SMT solvers have specialized algorithms for T Satisfiability Modulo Theories (SMT)

13 ArithmeticArithmetic Array Theory Uninterpreted Functions Satisfiability Modulo Theories (SMT)

14 SMT SOLVING IN A NUTSHELL Job Shop Scheduling

15 Machines Jobs P = NP?Laundry Tasks

16 Constraints: Precedence: between two tasks of the same job Resource : Machines execute at most one job at a time 4 1 3 2 Job Shop Scheduling

17 4 1 3 2 Not convex Job Shop Scheduling

18

19 case split Efficient solvers: - Floyd-Warshal algorithm - Ford-Fulkerson algorithm

20 THEORIES

21 Theories Uninterpreted functions

22 Arithmetic (linear) Theories

23 Uninterpreted functions Arithmetic (linear) Bit-vectors Theories

24 Uninterpreted functions Arithmetic (linear) Bit-vectors Algebraic data-types Theories

25 Uninterpreted functions Arithmetic (linear) Bit-vectors Algebraic data-types Arrays Theories

26 Uninterpreted functions Arithmetic (linear) Bit-vectors Algebraic data-types Arrays Polynomial Arithmetic Theories

27 QUANTIFIERS

28 Equality-Matching [de Moura, B. CADE 2007]

29 Quantifier Elimination [B. IJCAR 2010] Presburger Arithmetic, Algebraic Data-types, Quadratic polynomials SMT integration to prune branches

30 MBQI: Model based Quantifier Instantiation [de Moura, Ge. CAV 2008] [Bonachnia, Lynch, de Moura CADE 2009] [de Moura, B. IJCAR 2010]

31 Superposition [de Moura, B. IJCAR 2008] (disabled in release 4.1)

32 Horn Clauses [Hoder, B. SAT 2012] mc(x) = x-10 if x > 100 mc(x) = mc(mc(x+11)) if x  100 assert (mc(x)  91)

33 MODELS, PROOFS, CORES & SIMPLIFICATION

34 Logical Formula Sat/Model Models

35 Proofs Logical Formula Unsat/Proof

36 Simplification Simplify Logical Formula

37 Cores Logical Formula Unsat. Core

38 TACTICS, SOLVERS

39 Tactics Composition of tactics: (then t s) (par-then t s) applies t to the input goal and s to every subgoal produced by t in parallel. (or-else t s) (par-or t s) applies t and s in parallel until one of them succeed. (repeat t) (repeat t n) (try-for t ms) (using-params t params) Apply the given tactic using the given parameters.

40 Solvers Tactics take goals and reduce to sub-goals Solvers take tactics and serve as logical contexts. push add check model, core, proof pop

41 APIS C C++ python OCaml.NETJava

42 Summary Z3 supports several theories – Using a default combination – Providing custom tactics for special combinations Z3 is more than sat/unsat – Models, proofs, unsat cores, – simplification, quantifier elimination are tactics Prototype with python/smt-lib2 – Implement using smt-lib2/programmatic API

Download ppt "Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14."

Similar presentations

A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,

A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
SMELS: Sat Modulo Equality with Lazy Superposition Christopher Lynch – Clarkson Duc-Khanh Tran - MPI.

SMELS: Sat Modulo Equality with Lazy Superposition Christopher Lynch – Clarkson Duc-Khanh Tran - MPI.
Satisfiability modulo the Theory of Bit Vectors

Satisfiability modulo the Theory of Bit Vectors
COMP 482: Design and Analysis of Algorithms

COMP 482: Design and Analysis of Algorithms
Syntax-Guided Synthesis Rajeev Alur Joint work with R.Bodik, G.Juniwal, M.Martin, M.Raghothaman, S.Seshia, R.Singh, A.Solar-Lezama, E.Torlak, A.Udupa 1.

Syntax-Guided Synthesis Rajeev Alur Joint work with R.Bodik, G.Juniwal, M.Martin, M.Raghothaman, S.Seshia, R.Singh, A.Solar-Lezama, E.Torlak, A.Udupa 1.
Complexity ©D.Moshkovits 1 Where Can We Draw The Line? On the Hardness of Satisfiability Problems.

Complexity ©D.Moshkovits 1 Where Can We Draw The Line? On the Hardness of Satisfiability Problems.
Linear real and integer arithmetic. Fixed-size bit-vectors Uninterpreted functions Extensional arrays Quantifiers Model generation Several input formats.

Linear real and integer arithmetic. Fixed-size bit-vectors Uninterpreted functions Extensional arrays Quantifiers Model generation Several input formats.
50.530: Software Engineering

50.530: Software Engineering
Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.

Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.
Satisfiability Modulo Theories (An introduction)

Satisfiability Modulo Theories (An introduction)
SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀

SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀
Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.

Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.
Lecture 6: Job Shop Scheduling Introduction

Lecture 6: Job Shop Scheduling Introduction
Proofs from SAT Solvers Yeting Ge ACSys NYU Nov 20 2007.

Proofs from SAT Solvers Yeting Ge ACSys NYU Nov
Programming with Constraint Solvers CS294: Program Synthesis for Everyone Ras Bodik Emina Torlak Division of Computer Science University of California,

Programming with Constraint Solvers CS294: Program Synthesis for Everyone Ras Bodik Emina Torlak Division of Computer Science University of California,
Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.

Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.
Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.

Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.
Leonardo de Moura and Nikolaj Bjørner Microsoft Research.

Leonardo de Moura and Nikolaj Bjørner Microsoft Research.

Similar presentations

Ads by Google