leonardo de moura (microsoft research) and grant passmore...
TRANSCRIPT
![Page 1: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/1.jpg)
Leonardo de Moura (Microsoft Research) and Grant Passmore (University of Cambridge)
![Page 2: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/2.jpg)
A Satisfiability Checker
with built-in support for useful theories
![Page 3: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/3.jpg)
b + 2 = c and f(read(write(a,b,3), c-2) ≠ f(c-b+1)
![Page 4: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/4.jpg)
Arithmetic
b + 2 = c and f(read(write(a,b,3), c-2) ≠ f(c-b+1)
![Page 5: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/5.jpg)
Arithmetic Array Theory
b + 2 = c and f(read(write(a,b,3), c-2) ≠ f(c-b+1)
![Page 6: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/6.jpg)
Arithmetic Array Theory Uninterpreted
Functions
b + 2 = c and f(read(write(a,b,3), c-2) ≠ f(c-b+1)
![Page 7: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/7.jpg)
Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol, SOLONAR, STP2, veriT, Yices, Z3
SMT-LIB: library of benchmarks (> 100k problems) http://www.smtlib.org
SMT-COMP: annual competition http://www.smtcomp.org
![Page 8: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/8.jpg)
Test case generation
Verifying Compilers
Predicate Abstraction
Invariant Generation
Type Checking
Model Based Testing
Scheduling & Planning
…
![Page 9: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/9.jpg)
VCC
Hyper-V Terminator T-2
NModel
HAVOC
F7 SAGE
Vigilante
SpecExplorer
![Page 10: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/10.jpg)
“Big” and hard formulas
Thousands of “small” and easy formulas
Short timeout (< 5secs)
![Page 11: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/11.jpg)
“Big” and hard formulas
Thousands of “small” and easy formulas
Short timeout (< 5secs)
VCC HAVOC
SAGE
![Page 12: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/12.jpg)
![Page 13: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/13.jpg)
Z3 is a solver developed at Microsoft Research.
Development/Research driven by internal customers.
Free for non-commercial use.
Interfaces:
http://research.microsoft.com/projects/z3
Z3 Text
C/C++ .NET
OCaml
![Page 14: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/14.jpg)
rise4fun.com/z3
![Page 15: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/15.jpg)
Verification/Analysis tools need some form of
Symbolic Reasoning
![Page 16: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/16.jpg)
Logic is “The Calculus of Computer Science” (Z. Manna).
High computational complexity
![Page 17: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/17.jpg)
![Page 18: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/18.jpg)
We can try to solve the problems we find in
real applications
![Page 19: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/19.jpg)
Scalability (huge formulas)
Complexity
Undecidability
Quantified formulas
![Page 20: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/20.jpg)
A Sample
![Page 21: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/21.jpg)
Execution Path
Run Test and Monitor Path Condition
Solve
seed
New input
Test Inputs
Constraint System
Known Paths
![Page 22: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/22.jpg)
unsigned GCD(x, y) { requires(y > 0); while (true) { unsigned m = x % y; if (m == 0) return y; x = y; y = m; } } We want a trace where the loop is
executed twice.
(y0 > 0) and
(m0 = x0 % y0) and
not (m0 = 0) and
(x1 = y0) and
(y1 = m0) and
(m1 = x1 % y1) and
(m1 = 0)
model
x0 = 2
y0 = 4
m0 = 2
x1 = 4
y1 = 2
m1 = 0
SSA
Assignment
![Page 23: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/23.jpg)
![Page 24: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/24.jpg)
![Page 25: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/25.jpg)
![Page 26: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/26.jpg)
![Page 27: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/27.jpg)
Apply DART to large applications (not units).
Start with well-formed input (not random).
Combine with generational search (not DFS). Negate 1-by-1 each constraint in a path constraint.
Generate many children for each parent run.
parent
generation 1
![Page 28: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/28.jpg)
Starting with 100 zero bytes …
SAGE generates a crashing test for Media1 parser
SMT@Microsoft
00000000h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000010h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000020h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000030h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000040h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000050h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000060h: 00 00 00 00 ; ....
Generation 0 – seed file
![Page 29: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/29.jpg)
Starting with 100 zero bytes …
SAGE generates a crashing test for Media1 parser
SMT@Microsoft
00000000h: 52 49 46 46 00 00 00 00 00 00 00 00 00 00 00 00 ; RIFF............
00000010h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000020h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000030h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000040h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000050h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000060h: 00 00 00 00 ; ....
Generation 1
![Page 30: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/30.jpg)
Starting with 100 zero bytes …
SAGE generates a crashing test for Media1 parser
SMT@Microsoft
00000000h: 52 49 46 46 3D 00 00 00 ** ** ** 20 00 00 00 00 ; RIFF=...*** ....
00000010h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000020h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
00000030h: 00 00 00 00 73 74 72 68 00 00 00 00 76 69 64 73 ; ....strh....vids
00000040h: 00 00 00 00 73 74 72 66 B2 75 76 3A 28 00 00 00 ; ....strf²uv:(...
00000050h: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ; ................
00000060h: 00 00 00 00 ; ....
Generation 10 – CRASH
![Page 31: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/31.jpg)
Formulas are usually big conjunctions.
SAGE uses only the bitvector and array theories.
Pre-processing step has a huge performance impact. Eliminate variables.
Simplify formulas.
Early unsat detection.
![Page 32: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/32.jpg)
Sta
tic p
rogra
m v
erifier
(Boogie
)
MSIL
Z3
V.C. generator
Verification condition
“correct” or list of errors
Spec# compiler
Spec# C
Bytecode
translator
C
Boogie
VCC HAVOC
![Page 33: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/33.jpg)
V C C
VCC translates an annotated C program into a Boogie PL program.
A C-ish memory model Abstract heaps
Bit-level precision
Microsoft Hypervisor: verification grand challenge.
![Page 34: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/34.jpg)
Meta OS: small layer of software between hardware and OS
Mini: 60K lines of non-trivial concurrent systems C code
Critical: must provide functional resource abstraction
Trusted: a verification grand challenge
Hardware
Hypervisor
![Page 35: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/35.jpg)
VCs have several Mb
Thousands of non ground clauses
Developers are willing to wait at most 5 min per VC
![Page 36: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/36.jpg)
Model programs (M. Veanes – MSRR)
Termination (B. Cook – MSRC)
Security protocols (A. Gordon and C. Fournet - MSRC)
Business Application Modeling (E. Jackson - MSRR)
Cryptography (R. Venki – MSRR)
Verifying Garbage Collectors (C. Hawblitzel – MSRR)
Model Based Testing (L. Bruck – SQL)
Semantic type checking for D models (G. Bierman – MSRC)
More coming soon…
![Page 37: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/37.jpg)
Pex, Spec#, VCC and many other tools are available online.
![Page 38: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/38.jpg)
![Page 39: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/39.jpg)
Current SMT solvers provide
a combination
of different engines
![Page 40: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/40.jpg)
DPLL
Simplex
Grobner Basis
-elimination
Superposition
Simplification
Congruence Closure
KB Completion
SMT
…
![Page 41: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/41.jpg)
Theorem Prover/ Satisfiability Checker
F Satisfiable
(model)
Unsatisfiable
(proof) Config
Z3 has approx. 300 options
![Page 42: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/42.jpg)
Actual feedback provided by Z3 users:
“Could you send me your CNF converter?”
“I want to implement my own search strategy.”
“I want to include these rewriting rules in Z3.”
“I want to apply a substitution to term t.”
“I want to compute the set of implied equalities.”
![Page 43: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/43.jpg)
To build theoretical and practical tools allowing users to exert strategic control
over core heuristic aspects of high performance SMT solvers.
![Page 44: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/44.jpg)
Theorem proving as an exercise of combinatorial search
Strategies are adaptations of general search mechanisms which reduce the search space by tailoring its exploration to a particular class of formulas.
![Page 45: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/45.jpg)
Different Strategies for Different Domains.
![Page 46: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/46.jpg)
Different Strategies for Different Domains.
From timeout to 0.05 secs…
![Page 47: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/47.jpg)
Hardware Fixpoint Checks.
Given: and
Ranking function synthesis.
Join work with C. Wintersteiger and Y. Hamadi
FMCAD 2010
QBVF = Quantifiers + Bit-vectors + uninterpreted functions
![Page 48: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/48.jpg)
![Page 49: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/49.jpg)
![Page 50: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/50.jpg)
Z3 is using different engines:
rewriting, simplification, model checking, SAT, …
Z3 is using a customized strategy.
We could do it because
we have access to the source code.
![Page 51: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/51.jpg)
SMT solvers are collections of little engines.
They should provide access to these engines.
Users should be able to define their own strategies.
![Page 52: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/52.jpg)
Tactic
goal
subgoals
Proof
builder
![Page 53: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/53.jpg)
Proofs for subgoals
Proof
builder
Proof for goal
Tactic goal
subgoals
Proof
builder
![Page 54: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/54.jpg)
Tactic goal
Tactic
Tactic
Proof
builder Proof
builder
Proof
builder
![Page 55: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/55.jpg)
Proof
Builder proof
Proof
Builder
Proof
Builder
![Page 56: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/56.jpg)
Proof
Builder proof
Proof
Builder
Proof
Builder
thm in LCF
terminology proof in LCF
terminology
![Page 57: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/57.jpg)
then( , ) = Tactic Tactic Tactic
orelse( , ) = Tactic Tactic Tactic
repeat( ) = Tactic Tactic
![Page 58: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/58.jpg)
Tactic
goal
subgoals
Proof
builder
Model
builder
![Page 59: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/59.jpg)
![Page 60: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/60.jpg)
end-game tactics:
never return unknown(sb, mc, pc)
![Page 61: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/61.jpg)
non-branching tactics:
sb is a sigleton in
unknown(sb, mc, pc)
![Page 62: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/62.jpg)
Empty goal [ ] is trivially satisfiable
False goal * …, false, …+ is trivially unsatisfiable
basic : tactic
![Page 63: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/63.jpg)
Tactic:
elim-vars
Proof
builder Model
builder
![Page 64: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/64.jpg)
Tactic:
elim-vars
Proof
builder Model
builder
M
M, M(a) = M(b) + 1
![Page 65: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/65.jpg)
Tactic:
split-or
Proof
builder
Model
builder
![Page 66: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/66.jpg)
simplify
nnf
cnf
tseitin
lift-if
bitblast
gb
vts
propagate-bounds
propagate-values
split-ineqs
split-eqs
rewrite
p-cad
sat
solve-eqs
![Page 67: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/67.jpg)
![Page 68: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/68.jpg)
![Page 69: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/69.jpg)
![Page 70: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/70.jpg)
Probing structural features of formulas.
![Page 71: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/71.jpg)
diff logic?
atom/dim < k
no yes
no yes
simplex
simplex floyd warshall
![Page 72: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/72.jpg)
Fail if condition is not satisfied.
Otherwise, do nothing.
![Page 73: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/73.jpg)
![Page 74: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/74.jpg)
![Page 75: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/75.jpg)
Under-approximation
unsat answers cannot be trusted
Over-approximation
sat answers cannot be trusted
![Page 76: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/76.jpg)
Under-approximation
model finders
Over-approximation
proof finders
![Page 77: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/77.jpg)
Under-approximation
S S S’
Over-approximation
S S \ S’
![Page 78: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/78.jpg)
Under-approximation
Example: QF_NIA model finders
add bounds to unbounded variables (and blast)
Over-approximation
Example: Boolean abstraction
![Page 79: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/79.jpg)
Combining under and over is bad!
sat and unsat answers cannot be trusted.
![Page 80: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/80.jpg)
In principle, proof and model converters can check if the resultant models and proofs are valid.
![Page 81: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/81.jpg)
In principle, proof and model converters can check if the resultant models and proofs are valid.
Problem: if it fails what do we do?
![Page 82: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/82.jpg)
In principle, proof and model converters can check if the resultant models and proofs are valid.
Problem: if it fails what do we do?
We want to write tactics that can check whether a goal is the result of an abstraction or not.
![Page 83: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/83.jpg)
Solution
Associate an precision attribute to each goal.
![Page 84: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/84.jpg)
Store extra logical information
Examples:
precision markers
goal depth
polynomial factorizations
![Page 85: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/85.jpg)
Basic Idea x 0, y = x + 1, (y > 2 y < 1)
p1, p2, (p3 p4)
Abstract (aka “naming” atoms)
p1 (x 0), p2 (y = x + 1),
p3 (y > 2), p4 (y < 1)
![Page 86: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/86.jpg)
Basic Idea x 0, y = x + 1, (y > 2 y < 1)
p1, p2, (p3 p4)
Abstract (aka “naming” atoms)
p1 (x 0), p2 (y = x + 1),
p3 (y > 2), p4 (y < 1)
SAT Solver
![Page 87: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/87.jpg)
Basic Idea x 0, y = x + 1, (y > 2 y < 1)
p1, p2, (p3 p4)
Abstract (aka “naming” atoms)
p1 (x 0), p2 (y = x + 1),
p3 (y > 2), p4 (y < 1)
SAT Solver
Assignment p1, p2, p3, p4
![Page 88: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/88.jpg)
Basic Idea x 0, y = x + 1, (y > 2 y < 1)
p1, p2, (p3 p4)
Abstract (aka “naming” atoms)
p1 (x 0), p2 (y = x + 1),
p3 (y > 2), p4 (y < 1)
SAT Solver
Assignment p1, p2, p3, p4 x 0, y = x + 1,
(y > 2), y < 1
![Page 89: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/89.jpg)
Basic Idea x 0, y = x + 1, (y > 2 y < 1)
p1, p2, (p3 p4)
Abstract (aka “naming” atoms)
p1 (x 0), p2 (y = x + 1),
p3 (y > 2), p4 (y < 1)
SAT Solver
Assignment p1, p2, p3, p4 x 0, y = x + 1,
(y > 2), y < 1
Theory Solver
Unsatisfiable
x 0, y = x + 1, y < 1
![Page 90: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/90.jpg)
Basic Idea x 0, y = x + 1, (y > 2 y < 1)
p1, p2, (p3 p4)
Abstract (aka “naming” atoms)
p1 (x 0), p2 (y = x + 1),
p3 (y > 2), p4 (y < 1)
SAT Solver
Assignment p1, p2, p3, p4 x 0, y = x + 1,
(y > 2), y < 1
Theory Solver
Unsatisfiable
x 0, y = x + 1, y < 1
New Lemma
p1p2p4
![Page 91: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/91.jpg)
Theory Solver
Unsatisfiable
x 0, y = x + 1, y < 1
New Lemma
p1p2p4
AKA
Theory conflict
![Page 92: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/92.jpg)
Apply “cheap” propagation/pruning steps;
and then apply complete “expensive” procedure
![Page 93: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/93.jpg)
AP-CAD ( tactic ) = tactic
![Page 94: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/94.jpg)
![Page 95: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/95.jpg)
![Page 96: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/96.jpg)
Simplification
Constant propagation
Interval propagation
Contextual simplification
If-then-else elimination
Gaussian elimination
Unconstrained terms
![Page 97: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/97.jpg)
proof procedure as a transition system
Abstract DPLL, DPLL(T), Abstract GB, cutsat, …
![Page 98: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/98.jpg)
proof procedure as a transition system
Abstract DPLL, DPLL(T), Abstract GB, cutsat, …
Challenge:
Efficient strategic control
![Page 99: Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,](https://reader035.vdocuments.net/reader035/viewer/2022070902/5f5776b41e8f4d18a42d4240/html5/thumbnails/99.jpg)
Different domains need different strategies.
We must expose the little engines in SMT solvers.
Interaction between different engines is a must.
Tactic and Tacticals: big step approach.
More transparency.