Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal...
-
Upload
katlyn-kimbell -
Category
Documents
-
view
215 -
download
0
Transcript of Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal...
![Page 1: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/1.jpg)
Satisfiability Modulo Theoriesand
Network Verification
Nikolaj Bjørner Microsoft Research
Formal Methods and Networks Summer School Ithaca, June 10-14 2013
![Page 2: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/2.jpg)
Lectures
Wednesday 2:00pm-2:45pm: An Introduction to SMT with Z3
Thursday 11:00am-11:45amAlgorithmic underpinnings of SAT/SMT
Friday 9:00am-9:45amTheories, Solvers and Applications
![Page 3: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/3.jpg)
Plan
I. Satisfiability Modulo Theories in a nutshell
II. SMT solving in a nutshell
III. SMT by example
![Page 4: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/4.jpg)
Takeaways:
• Modern SMT solvers are a often good fit for program analysis tools.– Handle domains found in programs directly.
• The selected examples are intended to show instances where sub-tasks are reduced to SMT/Z3.
![Page 5: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/5.jpg)
If you use Z3,
This could be you
![Page 6: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/6.jpg)
– Backed by Proof Plumbers
Leonardo de Moura, Nikolaj Bjørner, Christoph Wintersteiger
Handbook of Satisfiabilit
y
Not all is hopeless
![Page 7: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/7.jpg)
Background Reading: SAT
![Page 8: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/8.jpg)
Background Reading: SMT
September 2011
![Page 9: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/9.jpg)
SAT IN A NUTSHELL
![Page 10: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/10.jpg)
SAT in a nutshell
(Tie Shirt) (Tie Shirt) (Tie Shirt)
![Page 11: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/11.jpg)
SMT IN A NUTSHELL
![Page 12: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/12.jpg)
Is formula satisfiable modulo theory T ?
SMT solvers have specialized algorithms for
T
Satisfiability Modulo Theories (SMT)
![Page 13: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/13.jpg)
ArithmeticArray TheoryUninterpreted Functions
𝑥+2=𝑦⇒ 𝑓 (𝑠𝑒𝑙𝑒𝑐𝑡 (𝑠𝑡𝑜𝑟𝑒 (𝑎 ,𝑥 ,3 ) , 𝑦−2 ) )= 𝑓 (𝑦−𝑥+1)
Satisfiability Modulo Theories (SMT)
![Page 14: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/14.jpg)
SMT SOLVING IN A NUTSHELLJob Shop Scheduling
![Page 15: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/15.jpg)
Job Shop Scheduling
Machines
Jobs
P = NP? Laundry 𝜁 (𝑠 )=0⇒ 𝑠=12+𝑖𝑟
Tasks
![Page 16: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/16.jpg)
Constraints:Precedence: between two tasks of the same job
Resource: Machines execute at most one job at a time
4
132
[ 𝑠𝑡𝑎𝑟 𝑡2,2 ..𝑒𝑛𝑑2,2 ]∩ [ 𝑠𝑡𝑎𝑟 𝑡4,2 ..𝑒𝑛𝑑4,2 ]=∅
Job Shop Scheduling
![Page 17: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/17.jpg)
Constraints:Encoding:
Precedence: - start time of job 2 on mach 3 - duration of job 2 on mach 3Resource:
413
2
[ 𝑠𝑡𝑎𝑟 𝑡2,2 ..𝑒𝑛𝑑2,2 ]∩ [ 𝑠𝑡𝑎𝑟 𝑡4,2 ..𝑒𝑛𝑑4,2 ]=∅
Not convex
Job Shop Scheduling
![Page 18: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/18.jpg)
Job Shop Scheduling
![Page 19: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/19.jpg)
Job Shop Scheduling
case split
case split
Efficient solvers:- Floyd-Warshal algorithm- Ford-Fulkerson algorithm
𝑧−𝑧=5 – 2 –3 – 2=−2<0
![Page 20: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/20.jpg)
THEORIES
![Page 21: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/21.jpg)
Theories
Uninterpreted functions
![Page 22: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/22.jpg)
Uninterpreted functionsArithmetic (linear)
Theories
![Page 23: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/23.jpg)
Uninterpreted functionsArithmetic (linear)Bit-vectors
Theories
![Page 24: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/24.jpg)
Uninterpreted functionsArithmetic (linear)Bit-vectorsAlgebraic data-types
Theories
![Page 25: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/25.jpg)
Uninterpreted functionsArithmetic (linear)Bit-vectorsAlgebraic data-typesArrays
Theories
![Page 26: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/26.jpg)
Uninterpreted functionsArithmetic (linear)Bit-vectorsAlgebraic data-typesArraysPolynomial Arithmetic
Theories
![Page 27: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/27.jpg)
QUANTIFIERS
![Page 28: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/28.jpg)
Equality-Matching
¿ matches with substitution modulo [de Moura, B. CADE 2007]
![Page 29: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/29.jpg)
Quantifier Elimination
[B. IJCAR 2010]
Presburger Arithmetic, Algebraic Data-types,Quadratic polynomials
SMT integration to prune branches
![Page 30: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/30.jpg)
MBQI: Model based Quantifier Instantiation
[de Moura, Ge. CAV 2008][Bonachnia, Lynch, de Moura CADE 2009][de Moura, B. IJCAR 2010]
![Page 31: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/31.jpg)
Horn Clauses
[Hoder, B. SAT 2012]
mc() mc() mc() mc() mc()
Solver finds solution for mc
mc(x) = x-10 if x > 100mc(x) = mc(mc(x+11)) if x 100
assert (mc(x) 91)
![Page 32: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/32.jpg)
MODELS, PROOFS, CORES & SIMPLIFICATION
![Page 33: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/33.jpg)
Logical Formula
Sat/Model
Models
![Page 34: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/34.jpg)
ProofsLogical Formula
Unsat/Proof
![Page 35: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/35.jpg)
Simplification
Simplify
Logical Formula
![Page 36: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/36.jpg)
Cores
Logical Formula
Unsat. Core
![Page 37: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/37.jpg)
TACTICS, SOLVERS
![Page 38: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/38.jpg)
Tactics
Composition of tactics:•(then t s) •(par-then t s) applies t to the input goal and s to every subgoal produced by t in parallel. •(or-else t s)•(par-or t s) applies t and s in parallel until one of them succeed. •(repeat t) •(repeat t n) •(try-for t ms) •(using-params t params) Apply the given tactic using the given parameters.
![Page 39: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/39.jpg)
Solvers• Tactics take goals and reduce to sub-goals• Solvers take tactics and serve as logical contexts.
• push• add• check• model, core, proof• pop
![Page 40: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/40.jpg)
APIS
C
C++ python OCaml
.NETJava
![Page 41: Satisfiability Modulo Theories and Network Verification Nikolaj Bjørner Microsoft Research Formal Methods and Networks Summer School Ithaca, June 10-14.](https://reader036.fdocuments.us/reader036/viewer/2022062417/551b5c015503465c7e8b6006/html5/thumbnails/41.jpg)
Summary
Z3 supports several theories– Using a default combination– Providing custom tactics for special combinations
Z3 is more than sat/unsat– Models, proofs, unsat cores, – simplification, quantifier elimination are tactics
Prototype with python/smt-lib2– Implement using smt-lib2/programmatic API