Proof translation and smt lib certification
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

Proof translation and SMT LIB certification PowerPoint PPT Presentation


  • 75 Views
  • Uploaded on
  • Presentation posted in: General

Proof translation and SMT LIB certification. Yeting Ge Clark Barrett SMT 2008 July 7 Princeton. SMT solvers are more complicated. CVC3 contains over 100,000 lines of code Are SMT solvers correct?. Quest for correct SMT solvers?. To verify a SMT solver is correct?

Download Presentation

Proof translation and SMT LIB certification

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Proof translation and smt lib certification

Proof translation and SMT LIB certification

YetingGe Clark Barrett

SMT 2008

July 7 Princeton


Smt solvers are more complicated

SMT solvers are more complicated

CVC3 contains over 100,000 lines of code

  • Are SMT solvers correct?


Quest for correct smt solvers

Quest for correct SMT solvers?

  • To verify a SMT solver is correct?

  • To develop a correct SMT solver?


Good news we have proofs

Good news: we have proofs

  • Some SMT solvers could produce proofs

  • Proof checking should be easier than proving the correctness of a SMT solver

    • A proof could be represented as a proof tree


Bad news proof checking for smt solvers is not so easy

Bad news: Proof checking for SMT solvers is not so easy

  • Theory proof rules require the proof checker to have theory reasoning ability

    • a/2 = b

  • Choice of proof rules

    • A small set of simple proof rules?

      • Good for proof checking

    • Large set of complex proof rules?

      • Good for performance (CVC3 has 298 rules)

      • The correctness of the proof checker becomes questionable

  • SMT solvers are in constant change


The idea

The idea

Use a second prover to check the proof

  • Translate the proof into the second prover

  • The benefits

    • Could easily handle both simple and complex proof rules

    • Flexible

  • The challenges

    • A suitable second prover

      • The correctness is reduced to the second prover

    • Efficiency

    • Translation

      This is feasible!


Smt lib certification

SMT LIB certification

  • SMT LIB

    • A collection of over 40,000 SMT benchmarks, most of which from industry applications

    • Each file contains a status field

    • Some files are incorrectly labeled

  • The proof in the second prover is a certificate

  • A certified SMT LIB will be beneficial to SMT community

  • Prove as many unsatisfiable cases as possible

(benchmark tmp

:source {piVC}

:status unsat

:category { industrial } :difficulty { 0 } :logic AUFLIA :extrafuns ((V_6 Int))


Proof translation and smt lib certification

CVC3

  • A proof is a tree

  • A proof rule maps a set of proofs to a proof

  • Some proof rules are rather complex


The second prover hol light

The second prover: HOL Light

  • Simple

    • The core:

      • 430 lines of Ocaml, 10 inference rules, 3 axioms

    • Definitional extension guarantees correctness

      • Except equality, all logic symbols are defined

    • All proofs in HOL Light can be broken down into the 10 rules and 3 axioms, if needed

  • “it sets a very exacting standard of correctness”

    • Efforts to verify the correctness of the core


Hol light

HOL Light

  • Powerful

    • Capable of formalizing most mathematics (up to axiom of choice)

  • Flexible

    • Programmable

      • Ocaml as meta-language

    • A number of built-in theories

      • Reals, integers

    • A lot of useful tools

      • Decision procedures for first-order logic, propositional logic

      • Decision procedures for reals, integers, …


Translation of terms

Translation of terms

  • HOL Light and CVC3 are connected through C API functions of CVC3

  • distinct(x1,x2,…,xn)

    • Define a predicate on the fly

  • Mixed integers and reals

    • Lift to reals

  • Skolem constant

    • Choice operator (@x.P)


Translation of proof rules

Translation of proof rules

  • An Ocaml function for each proof rule

  • Naïve method

    • call HOL Light’s decision procedure

  • Exploit HOL Light’s capability of higher order reasoning

    • Prove a meta-theorem off-line

    • During the translation, instantiate the meta-theorem

  • Engineering the translation of a proof rule


Propositional reasoning

Propositional reasoning

  • SAT solvers can dump a resolution proof

  • Sequent representation

  • Definitional CNF and ITE


Results

Results

Hard cases in simplify1: CVC3 spent more than 20 seconds


Results1

Results

  • Found one proof rule that does not preserve validity in CVC3

  • Found one faulty proof rule in CVC3

  • Found two mis-labled SMT LIB cases in AUFLIA


Discussion

Discussion

  • Instantiating a meta-theorem in HOL Light is almost like rewriting

  • Most proof rules can be converted into some meta-theorem

  • Other methods to improve efficiency

    • Compiling

      HOL Light


Conclusion

Conclusion

  • It is feasible to translate proofs from CVC3 into HOL Light

  • It is possible to certify many SMT LIB cases in HOL Light


Future works

Future works

  • Prove more SMT LIB cases

  • Improve the translation of arithmetic proof rules

  • Support more proof rules

  • Support more theories

  • Improve the proof rules of CVC3


Thanks

Thanks

  • John Harrison for help with HOL Ligh

  • Sean McLaughlin for writing the first version of the translator


Reference

Reference

  • C. Barrett and C. Tinelli. CVC3. In W. Damm and H. Hermanns, editors, Proceedings of the 19th International Conference on Computer Aided Verification (CAV ’07), LNCS 4590, pages 298–302. Springer-Verlag, July 2007. Berlin, Germany.

  • J. Harrison. Hol light: A tutorial introduction. In M. K. Srivas and A. J.Camilleri, editors, FMCAD, LNCS 1166, pages 265–269. Springer, 1996.

  • S. McLaughlin, C. Barrett, and Y. Ge. Cooperating theorem provers: A case study combining HOL-Light and CVC Lite. In A. Armando and A. Cimatti, editors, Proceedings of the 3rd Workshop on Pragmatics of Decision Procedures in Automated Reasoning (PDPAR ’05), volume 144(2) of Electronic Notes in Theoretical Computer Science, pages 43–51. Elsevier, Jan. 2006. Edinburgh, Scotland.

  • M. Moskal. Rocket-fast proof checking for smt solvers. In K. Jesen and A. Podelski, editors, TACAS, LNCS 4963, pages 486–500. Springer, 2008.

  • T. Weber. Efficiently checking propositional resolution proofs in isabelle/hol. volume 212 of CEUR Workshop Proceedings, 2006.


  • Login