Towards Lightweight Integration of SMT Solvers

Similar documents
Solving Quantified Verification Conditions using Satisfiability Modulo Theories

Scalable and Accurate Verification of Data Flow Systems. Cesare Tinelli The University of Iowa

Vinter: A Vampire-Based Tool for Interpolation

SMT BASICS WS 2017/2018 ( ) LOGIC SATISFIABILITY MODULO THEORIES. Institute for Formal Models and Verification Johannes Kepler Universität Linz

SAT/SMT/AR Introduction and Applications

Combining SMT with Theorem Proving for AMS Verification

Efficient E-matching for SMT Solvers. Leonardo de Moura, Nikolaj Bjørner Microsoft Research, Redmond

CSE507. Satisfiability Modulo Theories. Computer-Aided Reasoning for Software. Emina Torlak

The Eager Approach to SMT. Eager Approach to SMT

Satisfiability Modulo Theories

WHAT IS AN SMT SOLVER? Jaeheon Yi - April 17, 2008

CSE507. Course Introduction. Computer-Aided Reasoning for Software. Emina Torlak

Towards Practical Reflection for Formal Mathematics

An Introduction to Z3

Learning Goals of CS245 Logic and Computation

Software Verification using Predicate Abstraction and Iterative Refinement: Part 1

The State Explosion Problem

Finding Conflicting Instances of Quantified Formulas in SMT

Information Flow Analysis via Path Condition Refinement

Satisfiability Modulo Theories (SMT)

Introduction to SAT (constraint) solving. Justyna Petke

Deductive Verification

Constraint Solving for Finite Model Finding in SMT Solvers

Pretending to be an SMT Solver with Vampire (and How We Do Instantiation)

Topics in Model-Based Reasoning

Mining Propositional Simplification Proofs for Small Validating Clauses

First-Order Theorem Proving and Vampire. Laura Kovács (Chalmers University of Technology) Andrei Voronkov (The University of Manchester)

CS1021. Why logic? Logic about inference or argument. Start from assumptions or axioms. Make deductions according to rules of reasoning.

CSE507. Introduction. Computer-Aided Reasoning for Software. Emina Torlak courses.cs.washington.edu/courses/cse507/17wi/

Formal methods in analysis

First-Order Logic First-Order Theories. Roopsha Samanta. Partly based on slides by Aaron Bradley and Isil Dillig

Software Engineering using Formal Methods

Validating QBF Invalidity in HOL4

Motivation. CS389L: Automated Logical Reasoning. Lecture 10: Overview of First-Order Theories. Signature and Axioms of First-Order Theory

Introduction to SMT Solving And Infinite Bounded Model Checking

Leonardo de Moura Microsoft Research

Combined Satisfiability Modulo Parametric Theories

Proof Reconstruction for Z3 in Isabelle/HOL

Propositional and Predicate Logic - V

Satisfiability Solving and Model Generation for Quantified First-order Logic Formulas

A Refined Tableau Calculus with Controlled Blocking for the Description Logic SHOI

Abstractions and Decision Procedures for Effective Software Model Checking

07 Practical Application of The Axiomatic Method

Reducing CTL-live Model Checking to Semantic Entailment in First-Order Logic (Version 1)

Interpolation and Symbol Elimination in Vampire

An Introduction to Satisfiability Modulo Theories

arxiv: v1 [cs.lo] 29 May 2014

COMP 2600: Formal Methods for Software Engineeing

Constraint Answer Set Programming versus Satisfiability Modulo Theories

Tutorial 1: Modern SMT Solvers and Verification

Finding Conflicting Instances of Quantified Formulas in SMT. Andrew Reynolds Cesare Tinelli Leonardo De Moura July 18, 2014

Propositional Reasoning

Internals of SMT Solvers. Leonardo de Moura Microsoft Research

HybridSAL Relational Abstracter

Software Verification with Abstraction-Based Methods

CS156: The Calculus of Computation

Quantifier Instantiation Techniques for Finite Model Finding in SMT

Axiomatization of Typed First-Order Logic

Introduction to Kleene Algebra Lecture 14 CS786 Spring 2004 March 15, 2004

Floyd-Hoare Style Program Verification

Logic and Complexity

Personnel Scheduling as Satisfiability Modulo Theories

Foundations of Lazy SMT and DPLL(T)

The TLA + proof system

Solving Extended Regular Constraints Symbolically

MathCheck2: A SAT+CAS Verifier for Combinatorial Conjectures

Solving Quantified Linear Arithmetic by Counterexample- Guided Instantiation

Verification of Functional Programs Containing Nested Recursion

SMT 2007: 5th International Workshop on Satisfiability Modulo Theories

Theorem Proving for Verification

The Impact of Craig s Interpolation Theorem. in Computer Science

Strategies for Combining Decision Procedures

Integrating Answer Set Programming and Satisfiability Modulo Theories

Fundamentals of Software Engineering

Easy Parameterized Verification of Biphase Mark and 8N1 Protocols

COMPUTER SCIENCE TEMPORAL LOGICS NEED THEIR CLOCKS

Nunchaku: Flexible Model Finding for Higher-Order Logic

Intelligent Agents. First Order Logic. Ute Schmid. Cognitive Systems, Applied Computer Science, Bamberg University. last change: 19.

Fundamentals of Software Engineering

12th International Satisfiability Modulo Theories Competition SMT-COMP 2017

Axiomatic Semantics. Lecture 9 CS 565 2/12/08

Constraint Logic Programming and Integrating Simplex with DPLL(T )

Advanced Topics in LP and FP

Formal verification of IA-64 division algorithms

Logic as The Calculus of Computer Science

Overview, cont. Overview, cont. Logistics. Optional Reference #1. Optional Reference #2. Workload and Grading

Nikolaj Bjørner Microsoft Research Tractability Workshop MSR Cambridge July 5, FSE &

Lecture 2/11: Satisfiability Modulo Theories, Part I

Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions

Interpolation. Seminar Slides. Betim Musa. 27 th June Albert-Ludwigs-Universität Freiburg

Computation and Inference

On the implementation of a Fuzzy DL Solver over Infinite-Valued Product Logic with SMT Solvers

Quantifiers. Leonardo de Moura Microsoft Research

Automata Theory and Formal Grammars: Lecture 1

AI Programming CS S-09 Knowledge Representation

Formal Methods for Java

Directed Model Checking (not only) for Timed Automata

MAI0203 Lecture 7: Inference and Predicate Calculus

Linear Arithmetic Satisfiability Via Strategy Improvement

Computer Science and Logic A Match Made in Heaven

Transcription:

Towards Lightweight Integration of SMT Solvers Andrei Lapets Boston University Boston, USA lapets@bu.edu Saber Mirzaei Boston University Boston, USA smirzaei@bu.edu 1 Introduction A large variety of SMT techniques and associated solvers (i.e., algorithms and software tools) have been developed by the formal modelling and verification communities. For a particular application domain, each technique has its own unique set of advantages and limitations. Within the context of a particular application domain (characterized by a particular set of possible logical formulas), the fitness of a technique can be characterized along multiple dimensions: expressiveness, soundness, completeness, responsiveness, computational cost, and others. Furthermore, certain application domains may require that multiple techniques be used in concert in order to validate or solve the particular set of formulas that must be supported. We consider a potential end-user for SMT solvers that may be interested in frequently and quickly verifying a collection of relatively small formal statements within an application domain. We further posit that the end-user does not have the resources, incentive, or interest in: (1) independently becoming familiar with the syntaxes, interfaces, capabilities, and limitations of any existing SMT solver, or (2) understanding how a collection of SMT solvers can be used in concert. Instead, the user wishes to employ a single syntax for formulas that is conventional in their application domain while still employing the verification capabilities of existing SMT solvers. Examples of such end-users are an instructor or student in a university course the topic of which is (or which employs) algebra or logic [Lap12], or a distributed system protocol designer [LSB + 12]. In this report we describe an initial exploration of how it might be possible to build a single lightweight, integrated environment that allows end-users to seamlessly employ multiple SMT solvers while intelligently navigating trade-offs. In particular, we focus on defining transformations from a single syntax for logical formulas to four SMT solvers: CVC3 [BT07], Alt-Ergo [CCKL08, BCCL08, Alt], Yices [DdM06, Yic, DM06], and Z3 [DMB08, Z3g]. In anticipation of further work, we also discuss informally a few relevant characteristics of these SMT solvers along relevant dimensions. This work represents an example that will be used to inform further work on lightweight integration of multiple SMT solvers and other formal algorithms, systems, and tools; thus, what is described in this report does not represent a definition or implementation to be deployed and used by actual end-users, but a prototype that can help inform further efforts. 2 Integration of SMT Solvers Let V and P be sets of symbols (variables and predicates), and let V Z be a set of maps (including all partial finite maps) from variables to integers. A finite map s V Z represents a possible solution to a logical formula with variables that range over the integers. We assume a common syntax for logical formulas defined in Table 1. 1

As illustrated in Figure 1, we have constructed a web-based integrated environment that allows users to submit logical formulas represented using the common syntax in Table 1 for validation. The submitted formula is translated by the web application into four separate formulas, each of which is represented using a syntax that is appropriate for one of the SMT solvers. Each formula is then submitted for processing to an instances of its corresponding SMT solver, being hosted on the cloud. The response times and results are recorded in a database. The individual translations are defined from this syntax to subsets of the respective syntaxes of the four SMT solvers. The output of each of the SMT solvers is then translated into the logical syntax for outputs in Table 1. Notice that outputs may be incomplete, or may represent actual integer solutions to a formula. We present the target syntax subset for each SMT solver we have considered, including the output syntax, in Tables 2, 3, 4, and 5. variable x V term t ::=... 2 1 0 1 2... t t 1 + t 2 t 1 t 2 t 1 t 2 t 1 = t 2 t 1 t 2 t 1 < t 2 t 1 t 2 t 1 > t 2 t 1 t 2 p ( t 1,..., t n ) not f f 1 implies f 2 f 1 and f 2 f 1 or f 2 for all x Z, f exists x Z, f output o ::= true false unknown s Table 1: Common language for logical formulas. CVC3. CVC3 provides built-in theories that support working with formulas that govern real numbers and integers, fixed-size bit vectors, arrays, tuples, records, and user-defined recursive data types. Given a formula, the CVC3 output regarding its validity is sound but not necessarily complete (support for formulas with quantifiers and non-linear arithmetic is limited, and the axiom of induction over the natural numbers is not automatically validated). CVC3 cannot return an explicit solution to a formula. This is reflected in the target syntax presented in Table 2. Alt-Ergo. Alt-Ergo [CCKL08, BCCL08] is a theorem prover capable of recognizing a collection of valid formulas. Built-in theories are provided that support formulas governing real numbers and integers, fixed-size bit vectors, arrays, and user-defined types. While the Alt-Ergo output indicating a formula s validity is sound, for logical formulas that are false Alt-Ergo returns the output message 2

input input integrated environment translator A CVC3 end-user common syntax translator B translator C Alt-Ergo Yices output output translator D Z3 web applications (operate in standard web browser) stored and/or executed on the cloud activity logging database queries response times by query Figure 1: Integrated environment providing end-users a single point from which to employ multiple underlying SMT solvers. I don t know. Thus, the output is not complete and, in fact, cannot confirm that a formula is false directly (although it is possible to negate the formula before invoking Alt-Ergo). Without additional information, the output I don t know must be mapped to the output unknown in the common logical syntax in Table 1. There is support for non-linear arithmetic and some support for formulas with quantifiers. Furthermore, the axiom of induction over natural numbers is validated automatically because the system is a theorem prover based on CC(X) [CCKL08]. Alt-Ergo cannot return an explicit solution to a formula. This is reflected in the target syntax presented in Table 3. Yices. The Yices SMT solver is accompanied by built-in theories that support formulas governing real numbers and integers, fixed-size bit vectors, arrays, and user-defined recursive data types. The Yices output indicating a formula s validity is sound but not complete; for example, it cannot successfully validate an axiom of induction over the natural numbers, and support for formulas with quantifiers is limited. There is support for formulas with non-linear arithmetic. Yices cannot return an explicit solution to a formula. This is reflected in the target syntax presented in Table 4. Z3. Z3 provides built-in theories that support working with formulas that govern real numbers and integers, fixed-size bit vectors, arrays, and user-defined recursive data types. Given a formula, the Z3 output regarding its validity is sound but not necessarily complete (the system may time out for some formulas with quantifiers, and the axiom of induction over the natural numbers is not automatically validated). Formulas with non-linear arithmetic are supported. Finally, Z3 is distinguished by its ability to return an explicit solution to a formula. This is reflected in the target syntax presented in Table 5. 3

variable x V - t t 1 + t 2 t 1 - t 2 t 1 * t 2 formula f ::= TRUE FALSE t 1 = t 2 t 1 /= t 2 t 1 < t 2 t 1 <= t 2 t 1 > t 2 t 1 >= t 2 p ( t 1,..., t n ) NOT f f 1 => f 2 f 1 AND f 2 f 1 OR f 2 FORALL ( x : INT ): f EXISTS ( x : INT ): f output o ::= Valid. Invalid. Unknown. Table 2: Target subset of CVC3 syntax. variable x V - t t 1 + t 2 t 1 - t 2 t 1 * t 2 t 1 = t 2 t 1 < t 2 t 1 <= t 2 t 1 > t 2 t 1 >= t 2 p ( t 1,..., t n ) not f f 1 -> f 2 f 1 and f 2 f 1 or f 2 forall ( x : int ). f exists ( x : int ). f output o ::= Valid I don t know Table 3: Target subset of Alt-Ergo syntax. 4

variable x V - t + t 1 t 2 - t 1 t 2 * t 1 t 2 = t 1 t 2 /= t 1 t 2 < t 1 t 2 <= t 1 t 2 > t 1 t 2 >= t 1 t 2 p t 1... t n not f => f 1 f 2 and f 1 f 2 or f 1 f 2 forall ( x :: int ) f exists ( x :: int ) f output o ::= sat unsat unknown Table 4: Target subset of Yices syntax. variable x V - t + t 1 t 2 - t 1 t 2 * t 1 t 2 = t 1 t 2 /= t 1 t 2 < t 1 t 2 <= t 1 t 2 > t 1 t 2 >= t 1 t 2 p t 1... t n not f => f 1 f 2 and f 1 f 2 or f 1 f 2 forall ( x Int ) f exists ( x Int ) f output o ::= sat unsat time-out s Table 5: Target subset of Z3 syntax. 5

3 Conclusion and Future Work This report describes a prototype attempt to integrate four SMT solvers by identifying and defining bidirectional mappings from a common syntax for logical formulas and system outputs to the input and output syntaxes of the four SMT solvers. These mappings provide a rough characterization of the solvers along the dimensions of expressiveness, soundness, and completeness. All the underlying solvers return sound outputs given an input formula, but they are not all complete over the set of all input formulas. Even within the restricted context of the common logical syntax in Table 1, unique capabilities have been identified for two of the systems that distinguish them from the others: Alt-Ergo can verify an axiom of induction, and Z3 can return as output an explicit solution to a formula over the integers. Deploying even these two systems behind a single integrated interface already provides an end-user with an environment the capabilities of which are beyond those of any of the individual tools being considered. The presented collection of mappings and the integrated environment implementation into which the SMT solvers are incorporated provides a starting point from which it will be possible to further extend and refine the characterization of the solvers along the dimensions of expressiveness, completeness, and response time. This will likely lead to further distinctions between the systems that it may be possible for users to exploit (automatically or manually). For example, for each SMT solver, we can define much more precisely which of the following characteristics it possesses (as subsets of the common logical syntax in Table 1), in order to better delineate the domain of logical formulas over which it is complete: support for formulas with quantifiers; support for formulas with non-linear arithmetic; support for formulas that involve induction over natural numbers; support for returning explicit solutions to arithmetic formulas. Precisely defining the logical syntax subset over which an SMT solver is known to be complete makes it possible to intelligently choose an SMT solver based on the user s needs (e.g., the quantifiers and operations that appear in the formula, and whether the user requires completeness in the output). Notably, the integrated environment implementation prototyped in this work provides an opportunity to automate this process. Given a library of various subsets of the common syntax (possibly corresponding to some of the categories above), it might be possible to automate the process of determining gradually over which of these subsets an underlying solver is complete. This can be accomplished by recording particular information for every query: the submitted logical formula, the subsets of the common syntax to which the formula belongs, and the output of each tool. Initially, the solver is assumed to be complete over all these subsets; as counterexamples are encountered, this assumption is adjusted. It will also be of interest to explore ways to predict and compare the response time of each of the integrated SMT solvers on various classes of formulas. These classes of formulas may correspond to the manually defined categories discussed above, or to classes defined in terms of characterization and metric functions (e.g., based on their syntactic structure and depth, the number of variables and quantifiers, and so on [AWD12]) and recording for each submitted formula both its characteristics and the response time. This data can then be presented to users so that they can make intelligent trade-offs, or it can be used to automatically choose the most suitable SMT solver based on the user s priorities (e.g., completeness or response time) by incorporating machine learning techniques [AWD12]. 6

References [Alt] [AWD12] Alt-Ergo/examples. http://alt-ergo.lri.fr/examples/. Mohammad Abdul Aziz, Amr Wassal, and Nevine Darwish. A Machine Learning Technique for Hardness Estimation of QFBV SMT Problems (Work in progress). In Proceedings of the 10th International Workshop on Satisfiability Modulo Theories, pages 56 65, Manchester, UK, 2012. [BCCL08] François Bobot, Sylvain Conchon, Evelyne Contejean, and Stéphane Lescuyer. Implementing Polymorphism in SMT solvers. In Clark Barrett and Leonardo de Moura, editors, SMT 2008: 6th International Workshop on Satisfiability Modulo, 2008. [BT07] Clark Barrett and Cesare Tinelli. CVC3. In Werner Damm and Holger Hermanns, editors, Proceedings of the 19 th International Conference on Computer Aided Verification (CAV 07), volume 4590 of Lecture Notes in Computer Science, pages 298 302. Springer-Verlag, July 2007. Berlin, Germany. [CCKL08] Sylvain Conchon, Evelyne Contejean, Johannes Kanig, and Stéphane Lescuyer. CC(X): Semantic Combination of Congruence Closure with Solvable Theories. Electronic Notes in Theoretical Computer Science, 198(2):51 69, May 2008. [DdM06] B. Dutertre and L. de Moura. The Yices SMT solver. Tool paper at http://yices.csl.sri.com/tool-paper.pdf, August 2006. [DM06] B. Dutertre and L. Moura. System description: Yices 1.0. In SMT-COMP 06, 2006. [DMB08] Leonardo De Moura and Nikolaj Bjørner. Z3: an efficient smt solver. In Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems, TACAS 08/ETAPS 08, pages 337 340, Berlin, Heidelberg, 2008. Springer-Verlag. [Lap12] Andrei Lapets. Accessible Integrated Formal Reasoning Environments in Classroom Instruction of Mathematics. Technical Report BUCS-TR-2012-015, CS Dept., Boston University, December 2012. [LSB + 12] [Yic] [Z3g] Andrei Lapets, Richard Skowyra, Christine Bassem, Sanaz Bahargam, Assaf Kfoury, and Azer Bestavros. Towards Accessible Integrated Formal Reasoning Environments for Protocol Design. Technical Report BUCS-TR-2012-016, CS Dept., Boston University, December 2012. Yices/Examples. http://yices.csl.sri.com/examples.shtml. Z3 - guide. http://rise4fun.com/z3/tutorialcontent/guide. 7

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback