Results 1  10
of
36
DPLL(T): Fast Decision Procedures
, 2004
"... The logic of equality with uninterpreted functions (EUF) and its extensions have been widely applied to processor verification, by means of a large variety of progressively more sophisticated (lazy or eager) translations into propositional SAT. Here we propose a new approach, namely a general DP ..."
Abstract

Cited by 118 (14 self)
 Add to MetaCart
The logic of equality with uninterpreted functions (EUF) and its extensions have been widely applied to processor verification, by means of a large variety of progressively more sophisticated (lazy or eager) translations into propositional SAT. Here we propose a new approach, namely a general DPLL(X) engine, whose parameter X can be instantiated with a specialized solver Solver T for a given theory T , thus producing a system DPLL(T ). We describe this DPLL(T ) scheme, the interface between DPLL(X) and Solver T , the architecture of DPLL(X), and our solver for EUF, which includes incremental and backtrackable congruence closure algorithms for dealing with the builtin equality and the integer successor and predecessor symbols. Experiments with a first implementation indicate that our technique already outperforms the previous methods on most benchmarks, and scales up very well.
Lazy Satisfiability Modulo Theories
 Journal on Satisfiability, Boolean Modeling and Computation
, 2007
"... Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingl ..."
Abstract

Cited by 74 (32 self)
 Add to MetaCart
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingly important due to its applications in many domains in different communities, in particular in formal verification. An amount of papers with novel and very efficient techniques for SMT has been published in the last years, and some very efficient SMT tools are now available. Typical SMT (T) problems require testing the satisfiability of formulas which are Boolean combinations of atomic propositions and atomic expressions in T, so that heavy Boolean reasoning must be efficiently combined with expressive theoryspecific reasoning. The dominating approach to SMT (T), called lazy approach, is based on the integration of a SAT solver and of a decision procedure able to handle sets of atomic constraints in T (Tsolver), handling respectively the Boolean and the theoryspecific components of reasoning. Unfortunately, neither the problem of building an efficient SMT solver, nor even that of acquiring a comprehensive background knowledge in lazy SMT, is of simple solution. In this paper we present an extensive survey of SMT, with particular focus on the lazy approach. We survey, classify and analyze from a theoryindependent perspective the most effective techniques and optimizations which are of interest for lazy SMT and which have been proposed in various communities; we discuss their relative benefits and drawbacks; we provide some guidelines about their choice and usage; we also analyze the features for SAT solvers and Tsolvers which make them more suitable for an integration. The ultimate goals of this paper are to become a source of a common background knowledge and terminology for students and researchers in different areas, to provide a reference guide for developers of SMT tools, and to stimulate the crossfertilization of techniques and ideas among different communities.
The UCLID Decision Procedure
 In CAV’04
, 2004
"... UCLID is a tool for termlevel modeling and verification of infinitestate systems expressible in the logic of counter arithmetic with lambda expressions and uninterpreted functions (CLU). In this paper, we describe a key component of the tool, the decision procedure for CLU. ..."
Abstract

Cited by 39 (1 self)
 Add to MetaCart
UCLID is a tool for termlevel modeling and verification of infinitestate systems expressible in the logic of counter arithmetic with lambda expressions and uninterpreted functions (CLU). In this paper, we describe a key component of the tool, the decision procedure for CLU.
Efficient satisfiability modulo theories via delayed theory combination
 In Proc. CAV 2005, volume 3576 of LNCS
, 2005
"... Abstract. The problem of deciding the satisfiability of a quantifierfree formula with respect to a background theory, also known as Satisfiability Modulo Theories (SMT), is gaining increasing relevance in verification: representation capabilities beyond propositional logic allow for a natural model ..."
Abstract

Cited by 34 (15 self)
 Add to MetaCart
Abstract. The problem of deciding the satisfiability of a quantifierfree formula with respect to a background theory, also known as Satisfiability Modulo Theories (SMT), is gaining increasing relevance in verification: representation capabilities beyond propositional logic allow for a natural modeling of realworld problems (e.g., pipeline and RTL circuits verification, proof obligations in software systems). In this paper, we focus on the case where the background theory is the combination T1 £ T2 of two simpler theories. Many SMT procedures combine a boolean model enumeration with a decision procedure for T1 £ T2, where conjunctions of literals can be decided by an integration schema such as NelsonOppen, via a structured exchange of interface formulae (e.g., equalities in the case of convex theories, disjunctions of equalities otherwise). We propose a new approach for SMT¤T1 £ T2¥, called Delayed Theory Combination, which does not require a decision procedure for T1 £ T2, but only individual decision procedures for T1 and T2, which are directly integrated into the boolean model enumerator. This approach is much simpler and natural, allows each of the solvers to be implemented and optimized without taking into account the others, and it nicely encompasses the case of nonconvex theories. We show the effectiveness of the approach by a thorough experimental comparison. 1
Propositional Satisfiability and Constraint Programming: a Comparative Survey
 ACM Computing Surveys
, 2006
"... Propositional Satisfiability (SAT) and Constraint Programming (CP) have developed as two relatively independent threads of research, crossfertilising occasionally. These two approaches to problem solving have a lot in common, as evidenced by similar ideas underlying the branch and prune algorithms ..."
Abstract

Cited by 32 (4 self)
 Add to MetaCart
Propositional Satisfiability (SAT) and Constraint Programming (CP) have developed as two relatively independent threads of research, crossfertilising occasionally. These two approaches to problem solving have a lot in common, as evidenced by similar ideas underlying the branch and prune algorithms that are most successful at solving both kinds of problems. They also exhibit differences in the way they are used to state and solve problems, since SAT’s approach is in general a blackbox approach, while CP aims at being tunable and programmable. This survey overviews the two areas in a comparative way, emphasising the similarities and differences between the two and the points where we feel that one technology can benefit from ideas or experience acquired
Solving Partial Order Constraints for LPO Termination
 JOURNAL ON SATISFIABILITY, BOOLEAN MODELING AND COMPUTATION 5 (2008) 193–215
, 2008
"... This paper introduces a propositional encoding for lexicographic path orders (LPOs) and the corresponding LPO termination property of term rewrite systems. Given this encoding, termination analysis can be performed using a stateoftheart Boolean satisfiability solver. Experimental results are uneq ..."
Abstract

Cited by 25 (11 self)
 Add to MetaCart
This paper introduces a propositional encoding for lexicographic path orders (LPOs) and the corresponding LPO termination property of term rewrite systems. Given this encoding, termination analysis can be performed using a stateoftheart Boolean satisfiability solver. Experimental results are unequivocal, indicating orders of magnitude speedups in comparison with previous implementations for LPO termination. The results of this paper have already had a direct impact on the design of several major termination analyzers for term rewrite systems. The contribution builds on a symbolbased approach towards reasoning about partial orders. The symbols in an unspecified partial order are viewed as variables that take integer values and are interpreted as indices in the order. For a partial order statement on n symbols, each index is represented in ⌈log 2 n ⌉ propositional variables and partial order constraints between symbols are modeled on the bit representations. The proposed encoding is general and relevant to other applications which involve propositional reasoning about partial orders.
MathSAT: Tight integration of SAT and mathematical decision procedures
 Journal of Automated Reasoning
, 2005
"... Abstract. Recent improvements in propositional satisfiability techniques (SAT) made it possible to tackle successfully some hard realworld problems (e.g. modelchecking, circuit testing, propositional planning) by encoding into SAT. However, a purely boolean representation is not expressive enough ..."
Abstract

Cited by 22 (2 self)
 Add to MetaCart
Abstract. Recent improvements in propositional satisfiability techniques (SAT) made it possible to tackle successfully some hard realworld problems (e.g. modelchecking, circuit testing, propositional planning) by encoding into SAT. However, a purely boolean representation is not expressive enough for many other realworld applications, including the verification of timed and hybrid systems, of proof obligations in software, and of circuit design at RTL level. These problems can be naturally modeled as satisfiability in Linear Arithmetic Logic (LAL), i.e., the boolean combination of propositional variables and linear constraints over numerical variables. In this paper we present MATHSAT, a new, SATbased decision procedure for LAL, based on the (known approach) of integrating a stateoftheart SAT solver with a dedicated mathematical solver for LAL. We improve MATHSAT in two different directions. First, the top level procedure is enhanced, and now features a tighter integration between the boolean search and the mathematical solver. In particular, we allow for theorydriven backjumping and learning, and theorydriven deduction; we use static learning in order to reduce the number of boolean models that are mathematically inconsistent; we exploit problem clustering in order to partition
Automatic Verification of Safety and Liveness for XScaleLike Processor Models Using WEBRefinements
 In Design Automation and Test in Europe, DATE’04
, 2003
"... We show how to automatically verify that a complex XScalelike pipelined machine model is a WEBrefinement of an instruction set architecture model, which implies that the machines satisfy the same safety and liveness properties. Automation is achieved by reducing the WEBrefinement proof obligation ..."
Abstract

Cited by 21 (10 self)
 Add to MetaCart
We show how to automatically verify that a complex XScalelike pipelined machine model is a WEBrefinement of an instruction set architecture model, which implies that the machines satisfy the same safety and liveness properties. Automation is achieved by reducing the WEBrefinement proof obligation to a formula in the logic of Counter arithmetic with Lambda expressions and Uninterpreted functions (CLU). We use UCLID to transform the resulting CLU formula into a CNF formula, which is then checked with a SAT solver. We define several XScalelike models with out of order completion, including models with precise exceptions, branch prediction, and interrupts. We use two types of refinement maps. In one, flushing is used to map pipelined machine states to instruction set architecture states; in the other, we use the commitment approach, which is the dual of flushing, since partially completed instructions are invalidated. We present experimental results for all the machines modeled, including verification times. For our application, we found that the SAT solver Siege provides superior performance over Chaff and that the amount of time spent proving liveness when using the commitment approach is less than 1% of the overall verification time, whereas when flushing is employed, the liveness proof accounts for about 10% of the verification time.
QB or not QB: An efficient execution verification tool for memory orderings
 In ComputerAided Verification (CAV), LNCS 3114
, 2004
"... Abstract. We study the problem of formally verifying shared memory multiprocessor executions against memory consistency models—an important step during postsilicon verification of multiprocessor machines. We employ our previously reported style of writing formal specifications for shared memory mod ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
Abstract. We study the problem of formally verifying shared memory multiprocessor executions against memory consistency models—an important step during postsilicon verification of multiprocessor machines. We employ our previously reported style of writing formal specifications for shared memory models in higher order logic (HOL), obtaining intuitive as well as modular specifications. Our specification consists of a conjunction of rules that constrain the global visibility order. Given an execution to be checked, our algorithm generates Boolean constraints that capture the conditions under which the execution is legal under the visibility order. We initially took the approach of specializing the memory model HOL axioms into equivalent (for the execution to be checked) quantified boolean formulae (QBF). As this technique proved inefficient, we took the alternative approach of converting the HOL axioms into a program that generates a SAT instance when run on an execution. In effect, the quantifications in our memory model specification were realized as iterations in the program. The generated Boolean constraints are satisfiable if and only if the given execution is legal under the memory model. We evaluate two different approaches to encode the Boolean constraints, and also incremental techniques to generate and solve Boolean constraints. Key results include a demonstration that we can handle executions of realistic lengths for the modern Intel Itanium memory model. Further research into proper selection of Boolean encodings, incremental SAT checking, efficient handling of transitivity, and the generation of unsatisfiable cores for locating errors are expected to make our technique practical. 1