Formal verification is the act of proving correctness of a hardware or software system using formal methods of mathematics. In the last decade formal hardware verification has seen an increasing usage of Satisfiability Modulo Theories (SMT) solvers. SMT solvers check satisfiability of first-order formulas, where certain symbols are interpreted according to background theories like integer or bit-vector arithmetic. Since the formulas used to encode correctness of hardware design are mostly quantifier-free, SMT solvers are built as theory-aware extensions of propositional satisfiability solvers. As a consequence, SMT solvers do not “naturally ” support quantified formulas, which are needed for verification of complex software systems. Thus, while SMT solvers are already an industrially viable tool for formal hardware verification, software applications are not as developed. This thesis focuses on both the software verification specific problems in the construction of SMT solvers, as well as SMT-specific parts of a software verification system. On the SMT side, we present algorithms for efficient non-ground reasoning through quantifier instantiation and techniques for proof generation and proof checking for quantifier-rich software verification problems. On the verification tool side, we present methods for transforming programs into formulas in a solver-friendly way, with particular emphasis on design of annotations guiding the SMT solver through the non-ground part of the problem. The theoretical developments presented here were experimentally validated in implementations of state-of-the-art tools: an SMT solver and a verifier for concurrent C programs. Systemy SMT w formalnej weryfikacji oprogramowania

A common proof format for solvers for Satisfiability Modulo Theories (SMT) is proposed, based on the Edinburgh Logical Framework (LF). Two problems arise: checking very large proofs, and keeping proofs compact in the presence of complex side conditions on rules. Incremental checking combines parsing and proof checking in a single step, to avoid building in-memory representations of proof subterms. LF with Side Conditions (LFSC) extends LF to allow side conditions to be expressed using a simple first-order functional programming language. Experimental data with an implementation show very good proof checking times and memory usage on benchmarks including the important example of resolution inferences.

This paper describes the integration of zChaff and MiniSat, currently two leading SAT solvers, with Isabelle/HOL. Both SAT solvers generate resolution-style proofs for (instances of) propositional tautologies. These proofs are verified by the theorem prover. The presented approach significantly improves Isabelle’s performance on propositional problems, and exhibits counterexamples for unprovable conjectures. It is shown that an LCF-style theorem prover can serve as a viable proof checker even for large SAT problems. An efficient representation of the propositional problem in the theorem prover turns out to be crucial; several possible solutions are discussed. 1

Abstract not found