1 / 113

Leonardo de Moura Microsoft Research

Satisfiability Modulo Theories (SMT): ideas and applications Universit à Degli Studi Di Milano Scuola di Dottorato in Informatica, 2010. Leonardo de Moura Microsoft Research. Satisfiability Modulo Theories (SMT). Is formula F satisfiable modulo theory T ? .

cutler
Download Presentation

Leonardo de Moura Microsoft Research

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Satisfiability Modulo Theories (SMT): ideas and applicationsUniversità Degli Studi Di MilanoScuola di Dottorato in Informatica, 2010 Leonardo de Moura Microsoft Research

  2. Satisfiability Modulo Theories (SMT) • Is formula Fsatisfiable modulo theory T ? SMT solvers have specialized algorithms for T

  3. Satisfiability Modulo Theories (SMT) • b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1)

  4. Satisfiability Modulo Theories (SMT) • b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1) Arithmetic

  5. Satisfiability Modulo Theories (SMT) • b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1) Array Theory Arithmetic

  6. Satisfiability Modulo Theories (SMT) • b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1) Uninterpreted Functions Array Theory Arithmetic

  7. Satisfiability Modulo Theories (SMT) • b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1) • Substituting c by b+2

  8. Satisfiability Modulo Theories (SMT) • b + 2 = c and f(read(write(a,b,3), b+2-2)) ≠ f(b+2-b+1) • Simplifying

  9. Satisfiability Modulo Theories (SMT) • b + 2 = c and f(read(write(a,b,3), b)) ≠ f(3)

  10. Satisfiability Modulo Theories (SMT) • b + 2 = c and f(read(write(a,b,3), b)) ≠ f(3) • Applying array theory axiom • foralla,i,v: read(write(a,i,v), i) = v

  11. Satisfiability Modulo Theories (SMT) • b + 2 = c and f(3) ≠ f(3) • Inconsistent

  12. SMT-Lib • Repository of Benchmarks • http://www.smtlib.org • Benchmarks are divided in “logics”: • QF_UF: unquantified formulas built over a signature of uninterpreted sort, function and predicate symbols. • QF_UFLIA: unquantified linear integer arithmetic with uninterpreted sort, function, and predicate symbols. • AUFLIA: closed linear formulas over the theory of integer arrays with free sort, function and predicate symbols.

  13. Ground formulas For most SMT solvers: F is a set of ground formulas • Many Applications • Bounded Model Checking • Test-Case Generation

  14. Little Engines of Proof An SMT Solver is a collection of Little Engines of Proof

  15. Little Engines of Proof An SMT Solver is a collection of Little Engines of Proof Examples: SAT Solver Equality solver

  16. Deciding Equality a = b, b = c, d = e, b = s, d = t, a e, a s a b c d e s t

  17. Deciding Equality a = b, b = c, d = e, b = s, d = t, a e, a s a b c d e s t

  18. Deciding Equality a = b, b = c, d = e, b = s, d = t, a e, a s a,b c d e s t

  19. Deciding Equality a = b, b = c, d = e, b = s, d = t, a e, a s a,b c d e s t

  20. Deciding Equality a = b, b = c, d = e, b = s, d = t, a e, a s a,b,c d e s t

  21. Deciding Equality a = b,b = c, d = e, b = s, d = t, a e, a s a,b,c d e s t

  22. Deciding Equality a = b,b = c, d = e, b = s, d = t, a e, a s a,b,c d,e s t

  23. Deciding Equality a = b,b = c, d = e, b = s, d = t, a e, a s a,b,c d,e s t

  24. Deciding Equality a = b,b = c, d = e, b = s, d = t, a e, a s a,b,c,s d,e t

  25. Deciding Equality a = b,b = c, d = e, b = s, d = t, a e, a s a,b,c,s d,e t

  26. Deciding Equality a = b,b = c, d = e, b = s, d = t, a e, a s a,b,c,s d,e,t

  27. Deciding Equality a = b,b = c, d = e, b = s, d = t, a e, a s a,b,c,s d,e,t

  28. Deciding Equality a = b,b = c, d = e, b = s, d = t, a e, a s a,b,c,s d,e,t Unsatisfiable

  29. Deciding Equality a = b,b = c, d = e, b = s, d = t, a e a,b,c,s d,e,t Model construction

  30. Deciding Equality a = b,b = c, d = e, b = s, d = t, a e a,b,c,s 1 2 d,e,t Model construction • |M| = {1 ,2} (universe, aka domain)

  31. Deciding Equality a = b,b = c, d = e, b = s, d = t, a e a,b,c,s 1 2 d,e,t Model construction • |M| = {1 ,2} (universe, aka domain) • M(a) = 1 (assignment)

  32. Deciding Equality a = b,b = c, d = e, b = s, d = t, a e a,b,c,s 1 2 d,e,t Alternative notation: • aM = 1 Model construction • |M| = {1 ,2} (universe, aka domain) • M(a) = 1 (assignment)

  33. Deciding Equality a = b,b = c, d = e, b = s, d = t, a e a,b,c,s 1 2 d,e,t Model construction • |M| = {1 ,2} (universe, aka domain) • M(a) = M(b) = M(c) = M(s) = 1 • M(d) = M(e) = M(t) = 2

  34. Deciding Equality a = b,b = c, d = e, b = s, d = t, a e a,b,c,s 1 2 d,e,t Model construction • |M| = {1 ,2} (universe, aka domain) • M(a) = M(b) = M(c) = M(s) = 1 • M(d) = M(e) = M(t) = 2

  35. Deciding Equality:Termination, Soundness, Completeness • Termination: easy • Soundness • Invariant: all constants in a “ball” are known to be equal. • The “ball” merge operation is justified by: • Transitivity and Symmetry rules. • Completeness • We can build a model if an inconsistency was not detected. • Proof template (by contradiction): • Build a candidate model. • Assume a literal was not satisfied. • Find contradiction.

  36. Deciding Equality:Termination, Soundness, Completeness • Completeness • We can build a model if an inconsistency was not detected. • Instantiating the template for our procedure: • Assume some literal c = d is not satisfied by our model. • That is, M(c) ≠ M(d). • This is impossible, c and d must be in the same “ball”. c,d,… i M(c) = M(d) = i

  37. Deciding Equality:Termination, Soundness, Completeness • Completeness • We can build a model if an inconsistency was not detected. • Instantiating the template for our procedure: • Assume some literal c ≠ d is not satisfied by our model. • That is, M(c) = M(d). • Key property: we only check the disequalities after we processed all equalities. • This is impossible, c and d must be in the different “balls” c,… d,… i j M(c) = i M(d) = j

  38. Deciding Equality + (uninterpreted) Functions a = b,b = c, d = e, b = s, d = t, f(a, g(d))  f(b, g(e)) Congruence Rule: • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  39. Deciding Equality + (uninterpreted) Functions a = b,b = c, d = e, b = s, d = t, f(a, g(d))  f(b, g(e)) First Step: “Naming” subterms Congruence Rule: • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  40. Deciding Equality + (uninterpreted) Functions a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, g(e)) v1  g(d) First Step: “Naming” subterms Congruence Rule: • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  41. Deciding Equality + (uninterpreted) Functions a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, g(e)) v1  g(d) First Step: “Naming” subterms Congruence Rule: • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  42. Deciding Equality + (uninterpreted) Functions a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, v2) v1  g(d), v2  g(e) First Step: “Naming” subterms Congruence Rule: • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  43. Deciding Equality + (uninterpreted) Functions a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, v2) v1  g(d), v2  g(e) First Step: “Naming” subterms Congruence Rule: • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  44. Deciding Equality + (uninterpreted) Functions a = b,b = c, d = e, b = s, d = t, v3  f(b, v2) v1  g(d), v2  g(e), v3 f(a, v1) First Step: “Naming” subterms Congruence Rule: • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  45. Deciding Equality + (uninterpreted) Functions a = b,b = c, d = e, b = s, d = t, v3 f(b, v2) v1  g(d), v2  g(e), v3  f(a, v1) First Step: “Naming” subterms Congruence Rule: • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  46. Deciding Equality + (uninterpreted) Functions a = b,b = c, d = e, b = s, d = t, v3 v4 v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2) First Step: “Naming” subterms Congruence Rule: • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  47. Deciding Equality + (uninterpreted) Functions a = b,b = c, d = e, b = s, d = t, v3 v4 v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2) a,b,c,s d,e,t v2 v4 v1 v3 Congruence Rule: • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  48. Deciding Equality + (uninterpreted) Functions a = b,b = c, d = e, b = s, d = t, v3 v4 v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2) a,b,c,s d,e,t v2 v4 v1 v3 Congruence Rule: • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn) • d = e implies g(d) = g(e)

  49. Deciding Equality + (uninterpreted) Functions a = b,b = c, d = e, b = s, d = t, v3 v4 v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2) a,b,c,s d,e,t v2 v4 v1 v3 Congruence Rule: • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn) • d = e implies v1= v2

  50. Deciding Equality + (uninterpreted) Functions We say: • v1 and v2 are congruent. a = b,b = c, d = e, b = s, d = t, v3 v4 v1 g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2) a,b,c,s v1,v2 d,e,t v4 v3 Congruence Rule: • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn) • d = e implies v1= v2

More Related