leonardo de moura microsoft research
DESCRIPTION
Satisfiability Modulo Theories (SMT): ideas and applications Universit à Degli Studi Di Milano Scuola di Dottorato in Informatica, 2010. Leonardo de Moura Microsoft Research. Software development crisis. Software malfunction is a common problem. Software complexity is increasing. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/1.jpg)
Satisfiability Modulo Theories (SMT): ideas and applicationsUniversità Degli Studi Di MilanoScuola di Dottorato in Informatica, 2010
Leonardo de MouraMicrosoft Research
![Page 2: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/2.jpg)
Software development crisis
Software malfunction is a common problem.
Software complexity is increasing.
We need new methods and tools.
![Page 3: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/3.jpg)
Program correctness
I proved my program to be correct.
What does it mean?
![Page 4: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/4.jpg)
Software models
We need models and tools to reason about them?
Does my model/software has property X?
![Page 5: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/5.jpg)
Symbolic Reasoning
Verification/Analysis tools need some form of
Symbolic Reasoning
![Page 6: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/6.jpg)
Symbolic Reasoning
PSpace-complete(QBF)
Semi-decidable(First-order logic)
NP-complete(Propositional logic)
NEXPTime-complete(EPR)
P-time(Equality)
Logic is “The Calculus of Computer Science” (Z. Manna).High computational complexity
Undecidable(FOL + LA)
![Page 7: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/7.jpg)
Applications
Test case generation
Verifying Compilers
Predicate Abstraction
Invariant Generation
Type Checking
Model Based Testing
![Page 8: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/8.jpg)
Some Applications @ Microsoft
VCC
Hyper-VTerminator T-2
NModel
HAVOC
F7SAGE
VigilanteSpecExplorer
![Page 9: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/9.jpg)
Test case generation
unsigned GCD(x, y) {
requires(y > 0);
while (true) {unsigned m = x % y; if (m == 0) return y; x = y; y = m;
}}
We want a trace where the loop is executed twice.
(y0 > 0) and
(m0 = x0 % y0) and
not (m0 = 0) and
(x1 = y0) and
(y1 = m0) and
(m1 = x1 % y1) and
(m1 = 0)
Solver
x0 = 2y0 =
4m0 =
2x1 = 4y1 = 2m1 =
0
SSA
![Page 10: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/10.jpg)
Type checking
Signature:div : int, { x : int | x 0 } int
SubtypeCall site:if a 1 and a b then
return div(a, b)Verification conditiona 1 and a b implies b 0
![Page 11: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/11.jpg)
What is logic?Logic is the art and science of effective reasoning.How can we draw general and reliable conclusions from a collection of facts?Formal logic: Precise, syntactic characterizations of well-formed expressions and valid deductions.Formal logic makes it possible to calculate consequences at the symbolic level.
Computers can be used to automate such symbolic calculations.
![Page 12: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/12.jpg)
What is logic?Logic studies the relationship between language, meaning, and (proof) method. A logic consists of a language in which (well-formed) sentences are expressed. A semantic that distinguishes the valid sentences from the refutable ones.A proof system for constructing arguments justifying valid sentences.Examples of logics include propositional logic, equational logic, first-order logic, higher-order logic, and modal logics.
![Page 13: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/13.jpg)
What is logical language?A language consists of logical symbols whose interpretations are fixed, and non-logical ones whose interpretations vary. These symbols are combined together to form well-formed formulas.In propositional logic PL, the connectives , , and have a fixed interpretation, whereas the constants p, q, r may be interpreted at will.
![Page 14: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/14.jpg)
Propositional Logic
Formulas: := p | 1 2 | 1 2 | 1 | 1 2
Examples:p q q pp q (p q)
We say p and q are propositional variables.
Exercise: Using a programming language, define a representation for formulas and a checker for well-formed formulas.
![Page 15: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/15.jpg)
Interpretation
![Page 16: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/16.jpg)
Satisfiability & ValidityA formula is satisfiable if it has an interpretation that makes it logically true. In this case, we say the interpretation is a model.A formula is unsatisfiable if it does not have any model.A formula is valid if it is logically true in any interpretation.A propositional formula is valid if and only if its negation is unsatisfiable.
![Page 17: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/17.jpg)
Satisfiability & Validity: examplesp q q p
p q q
p q (p q)
![Page 18: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/18.jpg)
Satisfiability & Validity: examplesp q q p VALID
p q q SATISFIABLE
p q (p q) UNSATISFIABLE
![Page 19: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/19.jpg)
Equivalence
![Page 20: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/20.jpg)
Equisatisfiable
We say formulas A and B are equisatisfiable if and only if A is satisfiable if and only if B is.
During this course, we will describe transformations that preserve equivalence and equisatisfiability.
![Page 21: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/21.jpg)
Normal Forms
![Page 22: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/22.jpg)
Normal FormsNNF?(p q) (q (r p))
![Page 23: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/23.jpg)
Normal FormsNNF? NO(p q) (q (r p))
![Page 24: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/24.jpg)
Normal FormsNNF? NO(p q) (q (r p))
![Page 25: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/25.jpg)
Normal FormsNNF? NO(p q) (q (r p))(p q) (q (r p))
![Page 26: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/26.jpg)
Normal FormsNNF? NO(p q) (q (r p))(p q) (q (r p))(p q) (q (r p))
![Page 27: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/27.jpg)
Normal FormsCNF?((p s) (q r)) (q p s) (r s)
![Page 28: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/28.jpg)
Normal FormsCNF? NO((p s) (q r)) (q p s) (r s)
![Page 29: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/29.jpg)
Normal FormsCNF? NO((p s) (q r)) (q p s) (r s)
Distributivity 1. A(BC) (AB)(AC)2. A(BC) (AB)(AC)
![Page 30: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/30.jpg)
Normal FormsCNF? NO((p s) (q r)) (q p s) (r s)((p s) q)) ((p s) r)) (q p s) (r s)
Distributivity 1. A(BC) (AB)(AC)2. A(BC) (AB)(AC)
![Page 31: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/31.jpg)
Normal FormsCNF? NO((p s) (q r)) (q p s) (r s)((p s) q)) ((p s) r)) (q p s) (r s)(p q) (s q) ((p s) r)) (q p s) (r s)
Distributivity 1. A(BC) (AB)(AC)2. A(BC) (AB)(AC)
![Page 32: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/32.jpg)
Normal FormsCNF? NO((p s) (q r)) (q p s) (r s)((p s) q)) ((p s) r)) (q p s) (r s)(p q) (s q) ((p s) r)) (q p s) (r s)(p q) (s q) (p r) (s r) (q p s) (r s)
![Page 33: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/33.jpg)
Normal FormsDNF? p (p q) (q r)
![Page 34: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/34.jpg)
Normal FormsDNF? NO, actually this formula is in CNF p (p q) (q r)
![Page 35: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/35.jpg)
Normal FormsDNF? NO, actually this formula is in CNF p (p q) (q r)
Distributivity 1. A(BC) (AB)(AC)2. A(BC) (AB)(AC)
![Page 36: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/36.jpg)
Normal FormsDNF? NO, actually this formula is in CNF p (p q) (q r)((p p) (p q)) (q r)
Distributivity 1. A(BC) (AB)(AC)2. A(BC) (AB)(AC)
![Page 37: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/37.jpg)
Normal FormsDNF? NO, actually this formula is in CNF p (p q) (q r)((p p) (p q)) (q r)(p q) (q r)
Distributivity 1. A(BC) (AB)(AC)2. A(BC) (AB)(AC)Other Rules1. AA 2. A A
![Page 38: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/38.jpg)
Normal FormsDNF? NO, actually this formula is in CNF p (p q) (q r)((p p) (p q)) (q r)(p q) (q r)((p q) q) ((p q) r)
Distributivity 1. A(BC) (AB)(AC)2. A(BC) (AB)(AC)Other Rules1. AA 2. A A
![Page 39: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/39.jpg)
Normal FormsDNF? NO, actually this formula is in CNF p (p q) (q r)((p p) (p q)) (q r)(p q) (q r)((p q) q) ((p q) r)(p q) (q q) ((p q) r)(p q) (p r) (q r)
![Page 40: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/40.jpg)
Refutation Decision Procedures
![Page 41: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/41.jpg)
Inference Systems for Decision Procedures
Rules preserve satisfiability.
![Page 42: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/42.jpg)
Truth Table
![Page 43: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/43.jpg)
Truth Table (example)
![Page 44: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/44.jpg)
Semantic Tableaux
![Page 45: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/45.jpg)
Semantic Tableaux (example)
![Page 46: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/46.jpg)
Semantic Tableaux (cont.)
![Page 47: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/47.jpg)
Semantic Tableaux (cont.)
![Page 48: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/48.jpg)
Semantic Tableaux + Bivalence
![Page 49: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/49.jpg)
CNF (again)
![Page 50: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/50.jpg)
CNF (again)
![Page 51: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/51.jpg)
CNF (again)
![Page 52: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/52.jpg)
CNF translation (example)
![Page 53: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/53.jpg)
Semantic Trees
![Page 54: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/54.jpg)
Resolution
![Page 55: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/55.jpg)
Resolution (example)
![Page 56: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/56.jpg)
Completeness of Resolution
![Page 57: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/57.jpg)
Completeness of Resolution
![Page 58: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/58.jpg)
Subsumption
![Page 59: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/59.jpg)
Unit & Input Resolution
![Page 60: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/60.jpg)
Horn Clauses
![Page 61: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/61.jpg)
Semantic Resolution
![Page 62: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/62.jpg)
Semantic Resolution (example)
![Page 63: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/63.jpg)
Semantic Resolution (special cases)
![Page 64: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/64.jpg)
DPLL
DPLL
![Page 65: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/65.jpg)
Pure LiteralsA literal is pure if only occurs positively or negatively.
![Page 66: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/66.jpg)
Pure LiteralsA literal is pure if only occurs positively or negatively.
![Page 67: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/67.jpg)
DPLL (as a procedure)
![Page 68: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/68.jpg)
DPLL (example)
![Page 69: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/69.jpg)
DPLL (example)
![Page 70: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/70.jpg)
DPLL (example)
![Page 71: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/71.jpg)
DPLL (example)
![Page 72: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/72.jpg)
DPLL (example)
![Page 73: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/73.jpg)
DPLL (example)
![Page 74: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/74.jpg)
DPLL (example)
![Page 75: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/75.jpg)
DPLL (example)
![Page 76: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/76.jpg)
Some Applications
![Page 77: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/77.jpg)
Bit-vector / Machine arithmeticLet x, y and z be 8-bit (unsigned) integers.
Is x > 0 y > 0 z = x + y z > 0 valid?
Is x > 0 y > 0 z = x + y (z > 0) satisfiable?
![Page 78: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/78.jpg)
Bit-vector / Machine arithmeticWe can encode bit-vector satisfiability problems in propositional logic.
Idea 1:Use n propositional variables to encode n-bit integers.
x (x1, …, xn)
Idea 2:Encode arithmetic operations using hardware circuits.
![Page 79: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/79.jpg)
Encoding equalityp q is equivalent to (p q) (q p)
The bit-vector equation x = y is encoded as:(x1 y1) … (xn yn)
![Page 80: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/80.jpg)
Encoding additionWe use (r1, …, rn) to store the result of x + y
p xor q is defined as (p q)
xor is the 1-bit adder
p q p xor q p q0 0 0 01 0 1 00 1 1 01 1 0 1
carry
![Page 81: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/81.jpg)
Encoding 1-bit full adder1-bit full adder
Three inputs: x, y, cin
Two outputs: r, cout x y cin r = x xor y xor
cin
cout = (x y)(x cin)(y cin)
0 0 0 0 01 0 0 1 00 1 0 1 01 1 0 0 10 0 1 1 01 0 1 0 10 1 1 0 11 1 1 1 1
![Page 82: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/82.jpg)
Encoding n-bit adderWe use (r1, …, rn) to store the result of x + y,and (c1, …, cn)
r1 (x1 xor y1)c1 (x1 y1)r2 (x2 xor y2 xor c1)c2 (x2 y2) (x2 c1) (y2 c1)…rn (xn xor yn xor cn-1)cn (xn yn) (xn cn-1) (yn cn-1)
![Page 83: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/83.jpg)
Exercises1) Encode x * y2) Encode x > y (signed and unsigned versions)
![Page 84: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/84.jpg)
Test case generation (again)
unsigned GCD(x, y) {
requires(y > 0);
while (true) {unsigned m = x % y; if (m == 0) return y; x = y; y = m;
}}
We want a trace where the loop is executed twice.
(y0 > 0) and
(m0 = x0 % y0) and
not (m0 = 0) and
(x1 = y0) and
(y1 = m0) and
(m1 = x1 % y1) and
(m1 = 0)
Solver
x0 = 2y0 =
4m0 =
2x1 = 4y1 = 2m1 =
0
SSA
![Page 85: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/85.jpg)
Bounded Model Checkers
![Page 86: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/86.jpg)
Transition Systems
![Page 87: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/87.jpg)
Transition Systems (cont.)
![Page 88: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/88.jpg)
Invariants
![Page 89: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/89.jpg)
Bounded Model Checking: Invariants
![Page 90: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/90.jpg)
Bounded Model Checking: Invariants
![Page 91: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/91.jpg)
Bounded Model Checking (cont.)
![Page 92: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/92.jpg)
Recurrence diameter
![Page 93: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/93.jpg)
Verifying Invariants
![Page 94: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/94.jpg)
Verifying Invariants: k-induction
![Page 95: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/95.jpg)
Verifying Invariants: k-induction (cont.)
![Page 96: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/96.jpg)
Verifying Invariants: k-induction (cont.)
![Page 97: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/97.jpg)
Experimental Exercises
![Page 98: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/98.jpg)
Available SAT Solvers
![Page 99: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/99.jpg)
Available Examples
Satisfiability library: http://www.satlib.orgThe SAT competion: http://www.satcompetition.orgSearch the WEB: “SAT benchmarks”
![Page 100: Leonardo de Moura Microsoft Research](https://reader035.vdocuments.net/reader035/viewer/2022062410/5681623d550346895dd27371/html5/thumbnails/100.jpg)
Using SAT solvers