1 satisfiability modulo theories sinan hanay. 2 boolean satisfiability (sat) is there an assignment...

1

Satisfiability Modulo Theories

Sinan Hanay

2

Boolean Satisfiability (SAT)

Is there an assignment to the p1, p2, …, pn variables such that evaluates to 1?

Slide taken from [Barret09]

3

Satisfiability Modulo Theories (SMT)

Is there an assignment to the x,y,z,w variables s.t. evaluates to 1?


4

SAT vs SMT

SMT extends SAT solving by adding extensions An SMT solver can solve a SAT problem, but not

vice-versa. SMT Applications

Analog Circuit Verification RTL Verification Software Model Checking

5

Overview

Introduction SMT Theories Example: Difference Logic Combining Theories SMT Solvers and SMT Libraries. Conclusion

6

SMT Theories

Real or Integer Arithmetic Equality and Uninterpreted Functions

Example: If x1 = x2, then f(x1) = f(x2)

else f(x1) ≠ f(x2) Bitvectors and Arrays Properties:

Decidable: An effective procedure exists to check if a formula is a member of a theory T.

Often Quantifier-free: Free from quantifiers such as ( , ∃ ∀ )

7

SMT Theories

Core Theory Type: Boolean Constants: {TRUE, FALSE} Functions: {AND, OR, XOR} Functions: Implication (=>)

Integer Theory (Ints) Type: Int All numerals are Int constants Functions: { + , - , x, mod, div, abs}

8

SMT Theories

Reals Theory Type: Real Functions: { +, -, x, / } Functions: { <, > }

Arrays with Extentionality Theory (ArraysEx) Type: type of index and type of values Functions: {select, store}

9

Overview

Introduction SMT Theories Case Study: Difference Logic Theory SMT Solvers SMT-LIB Conclusion

10

SMT Example I– Difference Logic Can solve problems such as:

Is there a solution {x,y} satisfying

x-y < 20 and x -y > 4 x,y can be integers or reals

If x,y are integers (QF_IDL: Integer Difference Logic)

If x,y are reals (QF_RDL : Real Difference Logic) QF: Quantifier-free

11

SMT Theories– Difference Logic In difference logic [NO05], we are interested in the

satisfiability of a conjunction of arithmetic atoms.

Each atom is of the form x − y OP c, where x and y are variables, c is a numeric constant, and OP ∈{=,<,≤,>,≥}.Examples: x-y > 10, y-x < 12

The variables can range over either the integers (QF_IDL) or the reals (QF_RDL).


12

Difference Logic

The first step is to rewrite everything in terms of ≤: x − y = c x − y⇒ ≤ c ∧ x − y ≥ c x − y ≥ c y − x ⇒ ≤ −c x − y > c y − x ⇒ < −c

x − y < c x − y ⇒ ≤ c − 1 (integers) x − y < c x − y ⇒ ≤ c − δ (reals)

Slide adopted from [Barret09]

13

Difference Logic

Now we have a conjunction of literals, all of the form x − y ≤ c.

From these literals, we form a weighted directed graph with a vertex for each variable.

For each literal x − y ≤ c, create an edge The set of literals is satisfiable iff there is no cycle

for which the sum of the weights on the edges is negative.

There are a number of efficient algorithms for detecting negative cycles in graphs [CG96].

x c

y


14

Difference Logic

1. x− y = 5

2. z − y ≥ 2

3. z − x > 2

4. w − x = 2

5. z − w < 0

1. x − y ≤ 5 y − x ∧ ≤ −5

2. y − z ≤ −2

3. x − z ≤ −3

4. w − x ≤ 2 x − w∧ ≤ −2

5. z − w ≤ −1

x−y = 5 ∧ z −y ≥ 2 ∧ z −x > 2 ∧ w −x = 2 ∧ z −w < 0


Transformto

a-b ≤ c

15

Difference Logic


Is there a negative cycle? Satisfiable if there is not any.

16

Combining Theories

QF_UFLIA

How to Combine Theory Solvers?

1 ≤ x x ≤ 2∧ ∧ f(x) ≠ f(1) f(x) ∧ ≠ f(2)

Linear Integer Arithmetic (LIA) Uninterpreted Functions(UF)

17

Combining Theory Solvers

Theory solvers become much more useful if they can be used together.

mux_sel = 0 → mux_out = select(regfile, addr)

mux_sel = 1 → mux_out = ALU(alu0, alu1) For such formulas, we are interested in satisfiability

with respect to a combination of theories. Fortunately, there exist methods for combining

theory solvers. The standard technique for this is the Nelson-Oppen

method [NO79, TH96].


18

The Nelson-Oppen Method

Suppose that T1 and T2 are theories and that Sat 1 is a theory solver for T1-satisfiability and Sat 2 for T2-satisfiability.

We wish to determine if φ is T1 T2-satisfiable∪ .

1. Convert φ to its separate form φ1 φ2.∧2. Let S be the set of variables shared between φ1

and φ2.

3. For each arrangement D of S:

1. Run Sat 1 on φ1 D .∪2. Run Sat 2 on φ2 D.∪


19

Combining Theories

QF_UFLIAφ =1 ≤ x x ≤ 2∧ ∧ f(x) ≠ f(1) f(x) ≠ f(2)∧ We first convert φ to a separate form: φUF = f(x) ≠ f(y) f(x) ≠ f(z)∧ φLIA = 1 ≤ x x ≤ 2 y = 1 z = 2∧ ∧ ∧


20

Combining Theories φUF = f(x) ≠ f(y) f(x) ≠ f(z)∧ φLIA = 1 ≤ x x ≤ 2 y = 1 z = 2∧ ∧ ∧ {x, y, z} can have 5 possible arrangements based

on equivalence classes of x, y, and z1. Assume All Variables Equal:

1. {x = y, x = z, y = z} inconsistent with φUF

2. Assume Two Variables Equal, One Different1. {x = y, x ≠ z, y ≠ z} inconsistent with φUF

2. {x ≠ y, x = z, y ≠ z} inconsistent with φUF

3. {x ≠ y, x ≠ z, y = z} inconsistent with φLIA

3. Assume All Variables Different: 1. {x ≠ y, x ≠ z, y ≠ z} inconsistent with φLIA


Φ IS

UNSAT

21

Overview

Introduction SMT Theories Case Study: Difference Logic Theory SMT Solvers and Libraries Summary

22

SMT-LIB

SMT Library Provides standard rigorous descriptions of

background theories Common input and output languages for SMT

solvers Provides a library of benchmarks

Ref: The SMT-LIB Standard

23

SMT Solvers

Proprietary Z3, Yices, Barcelogic, MathSAT

Open Source Open-SMT, CVC3, Boolector

Some SMT-LIB Compatibility Solvers (Even partially) CVC3, Open-SMT, MathSAT5, Sonolar

24

SMT-LIB Example

Check if (p AND p’) is satisfiable?

UNSATISFIABLE

Ref: SMT-LIB Tutorial by David R. Cok and GrammaTech Inc.

UNINTERPRETED FUNCTIONS

25

SMT-LIB Example

Is there a solution to x+2y = 20 and x-y = 2

LINEAR INTEGER ARITHMETIC

SATISFIABLE x=8, y= 6

26

SUMMARY

SMT problems include a wider range of problems than SAT.

SMT-LIB initiative to bring standards to solvers. SMT Applications Include:

Analog, Mixed-Signal Circuit Checker [Walter07] Software Testing RTL Verification

Nelson-Oppen Method for Combining Theory Solvers

27

Trivia

SMT Competition (SMT-COMP) SMT Solvers Competition Since 2005 2010 Winners: CVC3, OpenSMT, MathSAT 5,

test_pmathsat, MiniSmt, simplifyingSTP. First International SAT/SMT Solver Summer School

2011 June 12- 17 at MIT. Free for students.

28

References

[Barret09] Clark Barrett, Sanjit A. Seshia, ICCAD Tutorial 2009

[NO79] Greg Nelson and Derek C. Oppen. Simplification by cooperating decision procedures. ACM Trans. on Programming Languages and Systems, 1(2):245–257, October 1979

[Walter07] David Walter, Scott Little, Chris Meyers, “Bounded model checking of analog and mixed-signal circuits using an SMT solver”, Proceeding ATVA'07.

29

Questions

Thank you.

30

Equivalence Checking of Programsint fun1(int y) { int x, z; z = y; y = x; x = z;

return x*x;}

int fun2(int y) { return y*y;}

What if we use SAT to check equivalence?

SMT formula Satisfiable iff programs non-equivalent

( z = y ∧ y1 = x ∧ x1 = z ∧ ret1 = x1*x1) ∧ ( ret2 = y*y ) ∧ ( ret1 ret2 )

Using SAT to check equivalence (w/ Minisat)32 bits for y: Did not finish in over 5 hours16 bits for y: 37 sec.8 bits for y: 0.5 sec. SMT: Using EUF solver: 0.01 sec


1 satisfiability modulo theories sinan hanay. 2 boolean satisfiability (sat) is there an assignment...

Documents