slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Leonardo de Moura Microsoft Research PowerPoint Presentation
Download Presentation
Leonardo de Moura Microsoft Research

Loading in 2 Seconds...

play fullscreen
1 / 113

Leonardo de Moura Microsoft Research - PowerPoint PPT Presentation


  • 93 Views
  • Uploaded on

Satisfiability Modulo Theories (SMT): ideas and applications Universit à Degli Studi Di Milano Scuola di Dottorato in Informatica, 2010. Leonardo de Moura Microsoft Research. Satisfiability Modulo Theories (SMT). Is formula F satisfiable modulo theory T ? .

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Leonardo de Moura Microsoft Research' - cutler


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Satisfiability Modulo Theories (SMT): ideas and applicationsUniversità Degli Studi Di MilanoScuola di Dottorato in Informatica, 2010

Leonardo de Moura

Microsoft Research

satisfiability modulo theories smt
Satisfiability Modulo Theories (SMT)
  • Is formula Fsatisfiable modulo theory T ?

SMT solvers have specialized algorithms for T

satisfiability modulo theories smt1
Satisfiability Modulo Theories (SMT)
  • b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1)
satisfiability modulo theories smt2
Satisfiability Modulo Theories (SMT)
  • b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1)

Arithmetic

satisfiability modulo theories smt3
Satisfiability Modulo Theories (SMT)
  • b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1)

Array Theory

Arithmetic

satisfiability modulo theories smt4
Satisfiability Modulo Theories (SMT)
  • b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1)

Uninterpreted Functions

Array Theory

Arithmetic

satisfiability modulo theories smt5
Satisfiability Modulo Theories (SMT)
  • b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1)
  • Substituting c by b+2
satisfiability modulo theories smt6
Satisfiability Modulo Theories (SMT)
  • b + 2 = c and f(read(write(a,b,3), b+2-2)) ≠ f(b+2-b+1)
  • Simplifying
satisfiability modulo theories smt7
Satisfiability Modulo Theories (SMT)
  • b + 2 = c and f(read(write(a,b,3), b)) ≠ f(3)
satisfiability modulo theories smt8
Satisfiability Modulo Theories (SMT)
  • b + 2 = c and f(read(write(a,b,3), b)) ≠ f(3)
  • Applying array theory axiom
  • foralla,i,v: read(write(a,i,v), i) = v
satisfiability modulo theories smt9
Satisfiability Modulo Theories (SMT)
  • b + 2 = c and f(3) ≠ f(3)
  • Inconsistent
smt lib
SMT-Lib
  • Repository of Benchmarks
  • http://www.smtlib.org
  • Benchmarks are divided in “logics”:
    • QF_UF: unquantified formulas built over a signature of uninterpreted sort, function and predicate symbols.
    • QF_UFLIA: unquantified linear integer arithmetic with uninterpreted sort, function, and predicate symbols.
    • AUFLIA: closed linear formulas over the theory of integer arrays with free sort, function and predicate symbols.
ground formulas
Ground formulas

For most SMT solvers: F is a set of ground formulas

  • Many Applications
  • Bounded Model Checking
  • Test-Case Generation
little engines of proof
Little Engines of Proof

An SMT Solver is a collection of

Little Engines of Proof

little engines of proof1
Little Engines of Proof

An SMT Solver is a collection of

Little Engines of Proof

Examples:

SAT Solver

Equality solver

deciding equality
Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a

b

c

d

e

s

t

deciding equality1
Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a

b

c

d

e

s

t

deciding equality2
Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a,b

c

d

e

s

t

deciding equality3
Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a,b

c

d

e

s

t

deciding equality4
Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a,b,c

d

e

s

t

deciding equality5
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c

d

e

s

t

deciding equality6
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c

d,e

s

t

deciding equality7
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c

d,e

s

t

deciding equality8
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e

t

deciding equality9
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e

t

deciding equality10
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e,t

deciding equality11
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e,t

deciding equality12
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e,t

Unsatisfiable

deciding equality13
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

d,e,t

Model construction

deciding equality14
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

1

2

d,e,t

Model construction

  • |M| = {1 ,2} (universe, aka domain)
deciding equality15
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

1

2

d,e,t

Model construction

  • |M| = {1 ,2} (universe, aka domain)
  • M(a) = 1 (assignment)
deciding equality16
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

1

2

d,e,t

Alternative notation:

  • aM = 1

Model construction

  • |M| = {1 ,2} (universe, aka domain)
  • M(a) = 1 (assignment)
deciding equality17
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

1

2

d,e,t

Model construction

  • |M| = {1 ,2} (universe, aka domain)
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
deciding equality18
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

1

2

d,e,t

Model construction

  • |M| = {1 ,2} (universe, aka domain)
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
deciding equality termination soundness completeness
Deciding Equality:Termination, Soundness, Completeness
  • Termination: easy
  • Soundness
    • Invariant: all constants in a “ball” are known to be equal.
    • The “ball” merge operation is justified by:
      • Transitivity and Symmetry rules.
  • Completeness
    • We can build a model if an inconsistency was not detected.
    • Proof template (by contradiction):
      • Build a candidate model.
      • Assume a literal was not satisfied.
      • Find contradiction.
deciding equality termination soundness completeness1
Deciding Equality:Termination, Soundness, Completeness
  • Completeness
    • We can build a model if an inconsistency was not detected.
    • Instantiating the template for our procedure:
      • Assume some literal c = d is not satisfied by our model.
      • That is, M(c) ≠ M(d).
      • This is impossible, c and d must be in the same “ball”.

c,d,…

i

M(c) = M(d) = i

deciding equality termination soundness completeness2
Deciding Equality:Termination, Soundness, Completeness
  • Completeness
    • We can build a model if an inconsistency was not detected.
    • Instantiating the template for our procedure:
      • Assume some literal c ≠ d is not satisfied by our model.
      • That is, M(c) = M(d).
      • Key property: we only check the disequalities after we processed all equalities.
      • This is impossible, c and d must be in the different “balls”

c,…

d,…

i

j

M(c) = i

M(d) = j

deciding equality uninterpreted functions
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, g(d))  f(b, g(e))

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions1
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, g(d))  f(b, g(e))

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions2
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, g(e))

v1  g(d)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions3
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, g(e))

v1  g(d)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions4
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, v2)

v1  g(d), v2  g(e)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions5
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, v2)

v1  g(d), v2  g(e)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions6
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3  f(b, v2)

v1  g(d), v2  g(e), v3 f(a, v1)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions7
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 f(b, v2)

v1  g(d), v2  g(e), v3  f(a, v1)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions8
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions9
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

d,e,t

v2

v4

v1

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions10
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

d,e,t

v2

v4

v1

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
  • d = e implies g(d) = g(e)
deciding equality uninterpreted functions11
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

d,e,t

v2

v4

v1

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
  • d = e implies v1= v2
deciding equality uninterpreted functions12
Deciding Equality + (uninterpreted) Functions

We say:

  • v1 and v2 are congruent.

a = b,b = c, d = e, b = s, d = t, v3 v4

v1 g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

d,e,t

v4

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
  • d = e implies v1= v2
deciding equality uninterpreted functions13
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

d,e,t

v4

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
  • a = b, v1= v2implies f(a, v1) = f(b, v2)
deciding equality uninterpreted functions14
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4 f(b, v2)

a,b,c,s

v1,v2

d,e,t

v4

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
  • a = b, v1= v2implies v3 = v4
deciding equality uninterpreted functions15
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4 f(b, v2)

a,b,c,s

v1,v2

v3,v4

d,e,t

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
  • a = b, v1= v2implies v3 = v4
deciding equality uninterpreted functions16
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3  v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

v3,v4

d,e,t

Unsatisfiable

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions17
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Changing the problem

a,b,c,s

v1,v2

v3,v4

d,e,t

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions18
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

v3,v4

d,e,t

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions19
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

v3,v4

d,e,t

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions20
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

1

2

3

4

v3,v4

d,e,t

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4
deciding equality uninterpreted functions21
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

1

2

3

4

v3,v4

d,e,t

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4

Missing:

Interpretation for f and g.

deciding equality uninterpreted functions22
Deciding Equality + (uninterpreted) Functions
  • Building the interpretation for function symbols
    • M(g) is a mapping from |M| to |M|
    • Defined as:

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise (k is an arbitrary element)

    • Is M(g) well-defined?
deciding equality uninterpreted functions23
Deciding Equality + (uninterpreted) Functions
  • Building the interpretation for function symbols
    • M(g) is a mapping from |M| to |M|
    • Defined as:

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise (k is an arbitrary element)

    • Is M(g) well-defined?
      • Problem: we may have

v  g(a) and w  g(b) s.t.

M(a) = M(b) = 1 and M(v) = 2 ≠ 3 = M(w)

So, is M(g)(1) = 2 or M(g)(1) = 3?

deciding equality uninterpreted functions24
Deciding Equality + (uninterpreted) Functions
  • Building the interpretation for function symbols
    • M(g) is a mapping from |M| to |M|
    • Defined as:

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise (k is an arbitrary element)

    • Is M(g) well-defined?
      • Problem: we may have

v  g(a) and w  g(b) s.t.

M(a) = M(b) = 1 and M(v) = 2 ≠ 3 = M(w)

So, is M(g)(1) = 2 or M(g)(1) = 3?

This is impossible because of the congruence rule!

a and b are in the same “ball”, then so are v and w

deciding equality uninterpreted functions25
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

1

2

3

4

v3,v4

d,e,t

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4
deciding equality uninterpreted functions26
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise

deciding equality uninterpreted functions27
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4
  • M(g) = {2 →3}

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise

deciding equality uninterpreted functions28
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4
  • M(g) = {2 →3}

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise

deciding equality uninterpreted functions29
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4
  • M(g) = {2 →3, else →1}

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise

deciding equality uninterpreted functions30
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4
  • M(g) = {2 →3, else →1}
  • M(f) = { (1 ,3)→4, else →1}

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise

deciding equality uninterpreted functions31
Deciding Equality + (uninterpreted) Functions

It is possible to implement our procedure in

O(n log n)

deciding equality uninterpreted functions32
Deciding Equality + (uninterpreted) Functions

a s

d,e,t

Sets (equivalence classes)

d,e

d,e,t

t

=

Union

a,b,c,s

Membership

deciding equality uninterpreted functions33
Deciding Equality + (uninterpreted) Functions

a s

Key observation:

The sets are disjoint!

d,e,t

Sets (equivalence classes)

d,e

d,e,t

t

=

Union

a,b,c,s

Membership

deciding equality uninterpreted functions34
Deciding Equality + (uninterpreted) Functions

Union-Find data-structure

Every set (equivalence class) has a root element (representative).

root

a,b,c,s,r

s

b

r

a

c

We say: find(c) is b

deciding equality uninterpreted functions35
Deciding Equality + (uninterpreted) Functions

Union-Find data-structure

a,b,c,s,r

a,b,c

s,r

=

s

b

s

r

b

a

c

r

a

c

deciding equality uninterpreted functions36
Deciding Equality + (uninterpreted) Functions

Tracking the equivalence classes size is important!

a1

a2

a3

=

a1

a2

a3

a4

=

a1

a2

a3

a4

a1

a2

a3

a1

a2

a3

an-1

an

=

a1

a2

a3

an-1

an

deciding equality uninterpreted functions37
Deciding Equality + (uninterpreted) Functions

Tracking the equivalence classes size is important!

a1

a2

a3

=

a1

a2

a3

a4

=

a1

a2

a3

a1

a2

a3

a4

a2

a2

=

an

an

a1

an-1

a3

a1

an-1

a3

deciding equality uninterpreted functions38
Deciding Equality + (uninterpreted) Functions

Tracking the equivalence classes size is important!

We can do n merges in O(n log n)

a1

a2

a3

=

a1

a2

a3

a4

=

a1

a2

a3

a1

a2

a3

a4

a2

a2

=

an

an

a1

an-1

a3

a1

an-1

a3

Each constant has two fields: find and size.

deciding equality uninterpreted functions39
Deciding Equality + (uninterpreted) Functions

Implementing the congruence rule.

Occurrences of a constant: we say a occurs in viffv  f(…,a,…)

When we “merge” two equivalence classes we can traverse these occurrences to find new congruences.

s

b

r

a

c

Occurrences(b) = { v1  g(b), v2  f(a) }

Occurrences(s) = { v3  f(r) }

deciding equality uninterpreted functions40
Deciding Equality + (uninterpreted) Functions

Implementing the congruence rule.

Occurrences of a constant: we say a occurs in viffv  f(…,a,…)

When we “merge” two equivalence classes we can traverse these occurrences to find new congruences.

Inefficient version:

for each v in occurrences(b)

for each w in occurrences(s)

if v and w are congruent

add (v,w) to todo queue

s

b

r

a

c

occurrences(b) = { v1  g(b), v2  f(a) }

occurrences(s) = { v3  f(r) }

A queue of pairs that need to be merged.

deciding equality uninterpreted functions41
Deciding Equality + (uninterpreted) Functions

s

b

r

a

c

occurrences(b) = { v1  g(b), v2  f(a) }

occurrences(s) = { v3  f(r) }

We also need to merge occurrences(b) with occurrences(s).

This can be done in constant time:

Use circular lists to represent the occurrences. (More later)

v1

v1

v3

=

v3

v2

v2

deciding equality uninterpreted functions42
Deciding Equality + (uninterpreted) Functions

Avoiding the nested loop:

for each v in occurrences(b)

for each w in occurrences(s)

Avoiding the nested loop:

Use a hash table to store the elements v1  f(a1, …, an).

Each constant has an identifier (e.g., natural number).

Compute hash code using the identifier of the (equivalence class) roots of the arguments.

hash(v1) = hash-tuple(id(f), id(root(a1)), …, id(root(an)))

deciding equality uninterpreted functions43
Deciding Equality + (uninterpreted) Functions

Avoiding the nested loop:

for each v in occurrences(b)

for each w in occurrences(s)

Avoiding the nested loop:

Use a hash table to store the elements v1  f(a1, …, an).

Each constant has an identifier (e.g., natural number).

Compute hash code using the identifier of the (equivalence class) roots of the arguments.

hash(v1) = hash-tuple(id(f), id(root(a1)), …, id(root(an)))

hash-tuple can be the Jenkin’s hash function for strings.

Just adding the ids produces a very bad hash-code!

deciding equality uninterpreted functions44
Deciding Equality + (uninterpreted) Functions

Efficient implementation of the congruence rule.

Merging the equivalences classes with roots: a1 and a2

Assume a2 is smaller than a1

Before merging the equivalence classes: a1 and a2

for each v in occurrences(a2)

remove v from the hash table (its hashcode will change)

After merging the equivalence classes: a1 and a2

for each v in occurrences(a2)

if there is w congruent to v in the hash-table

add (v,w) to todo queue

else add v to hash-table

deciding equality uninterpreted functions45
Deciding Equality + (uninterpreted) Functions

Trick:

Use dynamic arrays to represent the occurrences

Efficient implementation of the congruence rule.

Merging the equivalences classes with roots: a1 and a2

Assume a2 is smaller than a1

Before merging the equivalence classes: a1 and a2

for each v in occurrences(a2)

remove v from the hash table (its hashcode will change)

After merging the equivalence classes: a1 and a2

for each v in occurrences(a2)

if there is w congruent to v in the hash-table

add (v,w) to todo queue

else add v to hash-table

add v to occurrences(a1)

deciding equality uninterpreted functions46
Deciding Equality + (uninterpreted) Functions

The efficient version is not optimal (in theory).

Problem: we may have v = f(a1, …, an) with “huge” n.

Solution: currying

Use only binary functions, and represent f(a1, a2,a3,a4) as

f(a1, h(a2, h(a3, a4)))

This is not necessary in practice, since the n above is small.

deciding equality uninterpreted functions47
Deciding Equality + (uninterpreted) Functions

Each constant has now three fields:

find, size, and occurrences.

We also has use a hash-table for implementing the congruence rule.

We will need many more improvements!

case analysis
Case Analysis

Many verification/analysis problems require: case-analysis

  • x  0, y = x + 1, (y > 2  y < 1)
case analysis1
Case Analysis

Many verification/analysis problems require: case-analysis

  • x  0, y = x + 1, (y > 2  y < 1)

Naïve Solution: Convert to DNF

  • (x  0, y = x + 1, y > 2)  (x  0, y = x + 1, y < 1)
case analysis2
Case Analysis

Many verification/analysis problems require: case-analysis

  • x  0, y = x + 1, (y > 2  y < 1)

Naïve Solution: Convert to DNF

  • (x  0, y = x + 1, y > 2)  (x  0, y = x + 1, y < 1)

Too Inefficient!

(exponential blowup)

smt basic architecture
SMT : Basic Architecture
  • Equality + UF
  • Arithmetic
  • Bit-vectors

Case Analysis

dpll abstract view
M | FDPLL (abstract view)

Partial model

Set of clauses

dpll abstract view1
GuessingDPLL (abstract view)
  • p | p  q, q  r

p, q | p  q, q  r

dpll abstract view2
DeducingDPLL (abstract view)
  • p | p  q, p  s

p, s| p  q, p  s

dpll abstract view3
BacktrackingDPLL (abstract view)
  • p, s, q | p  q, s  q, p q

p, s| p  q, s  q, p q

modern dpll
Efficient indexing (two-watch literal)

Non-chronological backtracking (backjumping)

Lemma learning

Modern DPLL
sat theory solvers
SAT + Theory solvers

Basic Idea

x 0, y = x + 1, (y > 2  y < 1)

  • Abstract (aka “naming” atoms)
  • p1  (x  0), p2  (y = x + 1),
  • p3  (y> 2), p4  (y < 1)
  • p1, p2, (p3  p4)
sat theory solvers1
SAT + Theory solvers

Basic Idea

x 0, y = x + 1, (y > 2  y < 1)

  • Abstract (aka “naming” atoms)
  • p1  (x  0), p2  (y = x + 1),
  • p3  (y> 2), p4  (y < 1)
  • p1, p2, (p3  p4)

SAT

Solver

sat theory solvers2
SAT + Theory solvers

Basic Idea

x 0, y = x + 1, (y > 2  y < 1)

  • Abstract (aka “naming” atoms)
  • p1  (x  0), p2  (y = x + 1),
  • p3  (y> 2), p4  (y < 1)
  • p1, p2, (p3  p4)
  • Assignment
  • p1, p2, p3, p4

SAT

Solver

sat theory solvers3
SAT + Theory solvers

Basic Idea

x 0, y = x + 1, (y > 2  y < 1)

  • Abstract (aka “naming” atoms)
  • p1  (x  0), p2  (y = x + 1),
  • p3  (y> 2), p4  (y < 1)
  • p1, p2, (p3  p4)
  • Assignment
  • p1, p2, p3, p4

SAT

Solver

  • x  0, y = x + 1,
  • (y> 2), y < 1
sat theory solvers4
SAT + Theory solvers

Basic Idea

x 0, y = x + 1, (y > 2  y < 1)

  • Abstract (aka “naming” atoms)
  • p1  (x  0), p2  (y = x + 1),
  • p3  (y> 2), p4  (y < 1)
  • p1, p2, (p3  p4)
  • Assignment
  • p1, p2, p3, p4

SAT

Solver

  • x  0, y = x + 1,
  • (y> 2), y < 1

Theory

Solver

  • Unsatisfiable
  • x  0, y = x + 1, y < 1
sat theory solvers5
SAT + Theory solvers

Basic Idea

x 0, y = x + 1, (y > 2  y < 1)

  • Abstract (aka “naming” atoms)
  • p1  (x  0), p2  (y = x + 1),
  • p3  (y> 2), p4  (y < 1)
  • p1, p2, (p3  p4)
  • Assignment
  • p1, p2, p3, p4

SAT

Solver

  • x  0, y = x + 1,
  • (y> 2), y < 1

Theory

Solver

  • New Lemma
  • p1p2p4
  • Unsatisfiable
  • x  0, y = x + 1, y < 1
sat theory solvers6
SAT + Theory solvers

Theory

Solver

  • New Lemma
  • p1p2p4
  • Unsatisfiable
  • x  0, y = x + 1, y < 1

AKA

Theory conflict

sat theory solvers main loop
SAT + Theory solvers: Main loop

procedureSmtSolver(F)

(Fp, M) := Abstract(F)

loop

  • (R, A) := SAT_solver(Fp)
  • if R = UNSAT then return UNSAT
  • S := Concretize(A, M)
  • (R, S’) := Theory_solver(S)
  • if R = SAT then return SAT
  • L := New_Lemma(S’, M)
  • Add L to Fp
sat theory solvers7
SAT + Theory solvers

Basic Idea

F:x 0, y = x + 1, (y > 2  y < 1)

  • Abstract (aka “naming” atoms)
  • M: p1  (x  0), p2  (y = x + 1),
  • p3  (y> 2), p4  (y < 1)
  • Fp: p1, p2, (p3  p4)
  • A: Assignment
  • p1, p2, p3, p4

SAT

Solver

  • S: x  0, y = x + 1,
  • (y> 2), y < 1

Theory

Solver

  • L: New Lemma
  • p1p2p4
  • S’: Unsatisfiable
  • x  0, y = x + 1, y < 1
sat theory solvers8
SAT + Theory solvers

F:x 0, y = x + 1, (y > 2  y < 1)

  • Abstract (aka “naming” atoms)
  • M: p1  (x  0), p2  (y = x + 1),
  • p3  (y> 2), p4  (y < 1)
  • Fp: p1, p2, (p3  p4)

procedureSMT_Solver(F)

(Fp, M) := Abstract(F)

loop

  • (R, A) := SAT_solver(Fp)
  • ifR = UNSAT then return UNSAT
  • S = Concretize(A, M)
  • (R, S’) := Theory_solver(S)
  • if R = SAT then return SAT
  • L := New_Lemma(S, M)
  • Add L to Fp
  • A: Assignment
  • p1, p2, p3, p4

SAT

Solver

  • S: x  0, y = x + 1,
  • (y> 2), y < 1

“Lazy translation” to

DNF

Theory

Solver

  • L: New Lemma
  • p1p2p4
  • S’: Unsatisfiable
  • x  0, y = x + 1, y < 1
sat theory solvers9
SAT + Theory solvers

State-of-the-art SMT solvers implement

many improvements.

sat theory solvers10
SAT + Theory solvers

Incrementality

Send the literals to the Theory solver as they are assigned by the SAT solver

  • p1  (x  0), p2  (y = x + 1),
  • p3  (y> 2), p4  (y < 1), p5  (x < 2),
  • p1, p2, p4 | p1, p2, (p3  p4), (p5  p4)

Partial assignment is already

Theory inconsistent.

sat theory solvers11
SAT + Theory solvers

Efficient Backtracking

We don’t want to restart from scratch after each backtracking operation.

sat theory solvers12
SAT + Theory solvers

Efficient Lemma Generation (computing a small S’)

Avoid lemmas containing redundant literals.

  • p1  (x  0), p2  (y = x + 1),
  • p3  (y> 2), p4  (y < 1), p5  (x < 2),
  • p1, p2, p3, p4 | p1, p2, (p3  p4), (p5  p4)

Imprecise Lemma

p1p2p3 p4

sat theory solvers13
SAT + Theory solvers

Theory Propagation

It is the SMT equivalent of unit propagation.

  • p1  (x  0), p2  (y = x + 1),
  • p3  (y> 2), p4  (y < 1), p5  (x < 2),
  • p1, p2| p1, p2, (p3  p4), (p5  p4)

p1, p2 imply p4 by theory propagation

  • p1, p2 , p4| p1, p2, (p3  p4), (p5  p4)
sat theory solvers14
SAT + Theory solvers

Theory Propagation

It is the SMT equivalent of unit propagation.

  • p1  (x  0), p2  (y = x + 1),
  • p3  (y> 2), p4  (y < 1), p5  (x < 2),
  • p1, p2| p1, p2, (p3  p4), (p5  p4)

p1, p2 imply p4 by theory propagation

  • p1, p2 , p4| p1, p2, (p3  p4), (p5  p4)

Tradeoff between precision  performance.

an architecture the core
An Architecture: the core

Core

Arithmetic

Bit-Vectors

Scalar Values

Equality

Uninterpreted Functions

SAT Solver

an architecture the core1
An Architecture: the core

Core

Arithmetic

Bit-Vectors

Scalar Values

Equality

Uninterpreted Functions

Case Analysis

SAT Solver

an architecture the core2
An Architecture: the core

Core

Arithmetic

Bit-Vectors

Scalar Values

Equality

Uninterpreted Functions

Blackboard:

equalities, disequalities,

predicates

SAT Solver