1. 1 Satisfiability Modulo Theories Sinan Hanay

2. 2 Boolean Satisfiability (SAT) Is there an assignment to the p 1, p 2, …, p n variables such that  evaluates to 1? Slide taken from [Barret09]

3. 3 Satisfiability Modulo Theories (SMT) Is there an assignment to the x,y,z,w variables s.t.  evaluates to 1? Slide taken from [Barret09]

4. 4 SAT vs SMT SMT extends SAT solving by adding extensions An SMT solver can solve a SAT problem, but not vice-versa. SMT Applications  Analog Circuit Verification  RTL Verification  Software Model Checking

5. 5 Overview Introduction SMT Theories Example: Difference Logic Combining Theories SMT Solvers and SMT Libraries. Conclusion

6. 6 SMT Theories Real or Integer Arithmetic Equality and Uninterpreted Functions  Example: If x1 = x2, then f(x1) = f(x2) else f(x1) ≠ f(x2) Bitvectors and Arrays Properties:  Decidable: An effective procedure exists to check if a formula is a member of a theory T.  Often Quantifier-free: Free from quantifiers such as ( ∃, ∀ )

7. 7 SMT Theories Core Theory  Type: Boolean  Constants: {TRUE, FALSE}  Functions: {AND, OR, XOR}  Functions: Implication (=>) Integer Theory (Ints)  Type: Int  All numerals are Int constants  Functions: { +, -, x, mod, div, abs}

8. 8 SMT Theories Reals Theory  Type: Real  Functions: { +, -, x, / }  Functions: { } Arrays with Extentionality Theory (ArraysEx)  Type: type of index and type of values  Functions: {select, store}

9. 9 Overview Introduction SMT Theories Case Study: Difference Logic Theory SMT Solvers SMT-LIB Conclusion

10. 10 SMT Example I– Difference Logic Can solve problems such as:  Is there a solution {x,y} satisfying x-y 4 x,y can be integers or reals  If x,y are integers (QF_IDL: Integer Difference Logic)  If x,y are reals (QF_RDL : Real Difference Logic)  QF: Quantifier-free

11. 11 SMT Theories– Difference Logic In difference logic [NO05], we are interested in the satisfiability of a conjunction of arithmetic atoms. Each atom is of the form x − y OP c, where x and y are variables, c is a numeric constant, and OP ∈ {=,,≥}. Examples: x-y > 10, y-x < 12 The variables can range over either the integers (QF_IDL) or the reals (QF_RDL). Slide taken from [Barret09]

12. 12 Difference Logic The first step is to rewrite everything in terms of ≤: x − y = c ⇒ x − y ≤ c ∧ x − y ≥ c x − y ≥ c ⇒ y − x ≤ −c x − y > c ⇒ y − x < −c  x − y < c ⇒ x − y ≤ c − 1 (integers)  x − y < c ⇒ x − y ≤ c − δ (reals) Slide adopted from [Barret09]

13. 13 Difference Logic Now we have a conjunction of literals, all of the form x − y ≤ c. From these literals, we form a weighted directed graph with a vertex for each variable. For each literal x − y ≤ c, create an edge The set of literals is satisfiable iff there is no cycle for which the sum of the weights on the edges is negative. There are a number of efficient algorithms for detecting negative cycles in graphs [CG96]. x c y Slide adopted from [Barret09]

14. 14 Difference Logic 1. x− y = 5 2. z − y ≥ 2 3. z − x > 2 4. w − x = 2 5. z − w < 0 1. x − y ≤ 5 ∧ y − x ≤ −5 2. y − z ≤ −2 3. x − z ≤ −3 4. w − x ≤ 2 ∧ x − w ≤ −2 5. z − w ≤ −1 x−y = 5 ∧ z −y ≥ 2 ∧ z −x > 2 ∧ w −x = 2 ∧ z −w < 0 Slide adopted from [Barret09] Transform to a-b ≤ c

15. 15 Difference Logic Slide taken from [Barret09] Is there a negative cycle? Satisfiable if there is not any.

16. 16 Combining Theories QF_UFLIA How to Combine Theory Solvers? 1 ≤ x ∧ x ≤ 2 ∧ f(x) ≠ f(1) ∧ f(x) ≠ f(2) Linear Integer Arithmetic (LIA)Uninterpreted Functions(UF)

17. 17 Combining Theory Solvers Theory solvers become much more useful if they can be used together. mux_sel = 0 → mux_out = select(regfile, addr) mux_sel = 1 → mux_out = ALU(alu0, alu1) For such formulas, we are interested in satisfiability with respect to a combination of theories. Fortunately, there exist methods for combining theory solvers. The standard technique for this is the Nelson-Oppen method [NO79, TH96]. Slide taken from [Barret09]

18. 18 The Nelson-Oppen Method Suppose that T1 and T2 are theories and that Sat 1 is a theory solver for T1-satisfiability and Sat 2 for T2-satisfiability. We wish to determine if φ is T1 ∪ T2-satisfiable. 1. Convert φ to its separate form φ1 ∧ φ2. 2. Let S be the set of variables shared between φ1 and φ2. 3. For each arrangement D of S: 1. Run Sat 1 on φ1 ∪ D. 2. Run Sat 2 on φ2 ∪ D. Slide taken from [Barret09]

19. 19 Combining Theories QF_UFLIA φ =1 ≤ x ∧ x ≤ 2 ∧ f(x) ≠ f(1) ∧ f(x) ≠ f(2) We first convert φ to a separate form: φ UF = f(x) ≠ f(y) ∧ f(x) ≠ f(z) φ LIA = 1 ≤ x ∧ x ≤ 2 ∧ y = 1 ∧ z = 2 Slide taken from [Barret09]

20. 20 Combining Theories φ UF = f(x) ≠ f(y) ∧ f(x) ≠ f(z) φ LIA = 1 ≤ x ∧ x ≤ 2 ∧ y = 1 ∧ z = 2 {x, y, z} can have 5 possible arrangements based on equivalence classes of x, y, and z 1. Assume All Variables Equal: 1. {x = y, x = z, y = z} inconsistent with φ UF 2. Assume Two Variables Equal, One Different 1. {x = y, x ≠ z, y ≠ z} inconsistent with φ UF 2. {x ≠ y, x = z, y ≠ z} inconsistent with φ UF 3. {x ≠ y, x ≠ z, y = z} inconsistent with φ LIA 3. Assume All Variables Different: 1. {x ≠ y, x ≠ z, y ≠ z} inconsistent with φ LIA Slide adopted from [Barret09] Φ IS UNSAT

21. 21 Overview Introduction SMT Theories Case Study: Difference Logic Theory SMT Solvers and Libraries Summary

22. 22 SMT-LIB SMT Library Provides standard rigorous descriptions of background theories Common input and output languages for SMT solvers Provides a library of benchmarks Ref: The SMT-LIB Standard

23. 23 SMT Solvers Proprietary  Z3, Yices, Barcelogic, MathSAT Open Source  Open-SMT, CVC3, Boolector Some SMT-LIB Compatibility Solvers (Even partially)  CVC3, Open-SMT, MathSAT5, Sonolar

24. 24 SMT-LIB Example Check if (p AND p’) is satisfiable? UNSATISFIABLE Ref: SMT-LIB Tutorial by David R. Cok and GrammaTech Inc. UNINTERPRETED FUNCTIONS

25. 25 SMT-LIB Example Is there a solution to x+2y = 20 and x-y = 2 LINEAR INTEGER ARITHMETIC SATISFIABLE x=8, y= 6

26. 26 SUMMARY SMT problems include a wider range of problems than SAT. SMT-LIB initiative to bring standards to solvers. SMT Applications Include:  Analog, Mixed-Signal Circuit Checker [Walter07]  Software Testing  RTL Verification Nelson-Oppen Method for Combining Theory Solvers

27. 27 Trivia SMT Competition (SMT-COMP)  SMT Solvers Competition  Since 2005  2010 Winners: CVC3, OpenSMT, MathSAT 5, test_pmathsat, MiniSmt, simplifyingSTP. First International SAT/SMT Solver Summer School 2011  June 12- 17 at MIT.  Free for students.

28. 28 References [Barret09] Clark Barrett, Sanjit A. Seshia, ICCAD Tutorial 2009 [NO79] Greg Nelson and Derek C. Oppen. Simplification by cooperating decision procedures. ACM Trans. on Programming Languages and Systems, 1(2):245–257, October 1979 [Walter07] David Walter, Scott Little, Chris Meyers, “Bounded model checking of analog and mixed- signal circuits using an SMT solver”, Proceeding ATVA'07.

29. 29 Questions Thank you.

30. 30 Equivalence Checking of Programs int fun1(int y) { int x, z; z = y; y = x; x = z; return x*x; } int fun2(int y) { return y*y; } What if we use SAT to check equivalence? SMT formula  Satisfiable iff programs non-equivalent ( z = y ∧ y1 = x ∧ x1 = z ∧ ret1 = x1*x1) ∧ ( ret2 = y*y ) ∧ ( ret1  ret2 ) Using SAT to check equivalence (w/ Minisat) 32 bits for y: Did not finish in over 5 hours 16 bits for y: 37 sec. 8 bits for y: 0.5 sec. SMT: Using EUF solver: 0.01 sec Slide adopted from [Barret09]