Results 1  10
of
29
Lazy Satisfiability Modulo Theories
 Journal on Satisfiability, Boolean Modeling and Computation
, 2007
"... Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingl ..."
Abstract

Cited by 79 (33 self)
 Add to MetaCart
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingly important due to its applications in many domains in different communities, in particular in formal verification. An amount of papers with novel and very efficient techniques for SMT has been published in the last years, and some very efficient SMT tools are now available. Typical SMT (T) problems require testing the satisfiability of formulas which are Boolean combinations of atomic propositions and atomic expressions in T, so that heavy Boolean reasoning must be efficiently combined with expressive theoryspecific reasoning. The dominating approach to SMT (T), called lazy approach, is based on the integration of a SAT solver and of a decision procedure able to handle sets of atomic constraints in T (Tsolver), handling respectively the Boolean and the theoryspecific components of reasoning. Unfortunately, neither the problem of building an efficient SMT solver, nor even that of acquiring a comprehensive background knowledge in lazy SMT, is of simple solution. In this paper we present an extensive survey of SMT, with particular focus on the lazy approach. We survey, classify and analyze from a theoryindependent perspective the most effective techniques and optimizations which are of interest for lazy SMT and which have been proposed in various communities; we discuss their relative benefits and drawbacks; we provide some guidelines about their choice and usage; we also analyze the features for SAT solvers and Tsolvers which make them more suitable for an integration. The ultimate goals of this paper are to become a source of a common background knowledge and terminology for students and researchers in different areas, to provide a reference guide for developers of SMT tools, and to stimulate the crossfertilization of techniques and ideas among different communities.
Efficient satisfiability modulo theories via delayed theory combination
 In Proc. CAV 2005, volume 3576 of LNCS
, 2005
"... Abstract. The problem of deciding the satisfiability of a quantifierfree formula with respect to a background theory, also known as Satisfiability Modulo Theories (SMT), is gaining increasing relevance in verification: representation capabilities beyond propositional logic allow for a natural model ..."
Abstract

Cited by 33 (15 self)
 Add to MetaCart
Abstract. The problem of deciding the satisfiability of a quantifierfree formula with respect to a background theory, also known as Satisfiability Modulo Theories (SMT), is gaining increasing relevance in verification: representation capabilities beyond propositional logic allow for a natural modeling of realworld problems (e.g., pipeline and RTL circuits verification, proof obligations in software systems). In this paper, we focus on the case where the background theory is the combination T1 £ T2 of two simpler theories. Many SMT procedures combine a boolean model enumeration with a decision procedure for T1 £ T2, where conjunctions of literals can be decided by an integration schema such as NelsonOppen, via a structured exchange of interface formulae (e.g., equalities in the case of convex theories, disjunctions of equalities otherwise). We propose a new approach for SMT¤T1 £ T2¥, called Delayed Theory Combination, which does not require a decision procedure for T1 £ T2, but only individual decision procedures for T1 and T2, which are directly integrated into the boolean model enumerator. This approach is much simpler and natural, allows each of the solvers to be implemented and optimized without taking into account the others, and it nicely encompasses the case of nonconvex theories. We show the effectiveness of the approach by a thorough experimental comparison. 1
On a Rewriting Approach to Satisfiability Procedures: Extension, Combination of Theories and an Experimental Appraisal
, 2005
"... The rewriting approach to Tsatisfiability is based on establishing termination of a rewritebased inference system for firstorder logic on the Tsatisfiability problem. Extending previous such results, including the quantifierfree theory of equality and the theory of arrays with or without exte ..."
Abstract

Cited by 30 (19 self)
 Add to MetaCart
The rewriting approach to Tsatisfiability is based on establishing termination of a rewritebased inference system for firstorder logic on the Tsatisfiability problem. Extending previous such results, including the quantifierfree theory of equality and the theory of arrays with or without extensionality, we prove termination for the theories of records with or without extensionality, integer offsets and integer offsets modulo. A general theorem for termination on combinations of theories, that covers any combination of the theories above, is given next. For empirical evaluation, the rewritebased theorem prover E is compared with the validity checkers CVC and CVC Lite, on both synthetic and realworld benchmarks, including both valid and invalid instances. Parametric synthetic benchmarks test scalability, while realworld benchmarks test ability to handle huge sets of literals. Contrary to the folklore that a generalpurpose prover cannot compete with specialized reasoners, the experiments are overall favorable to the theorem prover, showing that the rewriting approach is both elegant and practical.
Expressiveness + automation + soundness: Towards combining SMT solvers and interactive proof assistants
 In Tools and Algorithms for Construction and Analysis of Systems (TACAS
, 2006
"... Abstract. Formal system development needs expressive specification languages, but also calls for highly automated tools. These two goals are not easy to reconcile, especially if one also aims at high assurances for correctness. In this paper, we describe a combination of Isabelle/HOL with a proofpr ..."
Abstract

Cited by 23 (5 self)
 Add to MetaCart
Abstract. Formal system development needs expressive specification languages, but also calls for highly automated tools. These two goals are not easy to reconcile, especially if one also aims at high assurances for correctness. In this paper, we describe a combination of Isabelle/HOL with a proofproducing SMT (Satisfiability Modulo Theories) solver that contains a SAT engine and a decision procedure for quantifierfree firstorder logic with equality. As a result, a user benefits from the expressiveness of Isabelle/HOL when modeling a system, but obtains much better automation for those fragments of the proofs that fall within the scope of the (automatic) SMT solver. Soundness is not compromised because all proofs are submitted to the trusted kernel of Isabelle for certification. This architecture is straightforward to extend for other interactive proof assistants and proofproducing reasoners. 1
Decidability and undecidability results for NelsonOppen and rewritebased decision procedures
 In Proc. IJCAR3, U. Furbach and
, 2006
"... Abstract. In the context of combinations of theories with disjoint signatures, we classify the component theories according to the decidability of constraint satisfiability problems in arbitrary and in infinite models, respectively. We exhibit a theory T1 such that satisfiability is decidable, but s ..."
Abstract

Cited by 22 (15 self)
 Add to MetaCart
Abstract. In the context of combinations of theories with disjoint signatures, we classify the component theories according to the decidability of constraint satisfiability problems in arbitrary and in infinite models, respectively. We exhibit a theory T1 such that satisfiability is decidable, but satisfiability in infinite models is undecidable. It follows that satisfiability in T1 ∪ T2 is undecidable, whenever T2 has only infinite models, even if signatures are disjoint and satisfiability in T2 is decidable. In the second part of the paper we strengthen the NelsonOppen decidability transfer result, by showing that it applies to theories over disjoint signatures, whose satisfiability problem, in either arbitrary or infinite models, is decidable. We show that this result covers decision procedures based on rewriting, complementing recent work on combination of theories in the rewritebased approach to satisfiability. 1
Decision Procedures for Extensions of the Theory of Arrays
 Annals of Mathematics and Artificial Intelligence
"... Abstract The theory of arrays, introduced by McCarthy in his seminal paper “Towards a mathematical science of computation”, is central to Computer Science. Unfortunately, the theory alone is not sufficient for many important verification applications such as program analysis. Motivated by this obser ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
Abstract The theory of arrays, introduced by McCarthy in his seminal paper “Towards a mathematical science of computation”, is central to Computer Science. Unfortunately, the theory alone is not sufficient for many important verification applications such as program analysis. Motivated by this observation, we study extensions of the theory of arrays whose satisfiability problem (i.e. checking the satisfiability of conjunctions of ground literals) is decidable. In particular, we consider extensions where the indexes of arrays have the algebraic structure of Presburger Arithmetic and the theory of arrays is augmented with axioms characterizing additional symbols such as dimension, sortedness, or the domain of definition of arrays. We provide methods for integrating available decision procedures for the theory of arrays and Presburger Arithmetic with automatic instantiation strategies which allow us to reduce the satisfiability problem for the extension of the theory of arrays to that of the theories decided by the available procedures. Our approach aims to reuse as much as possible existing techniques so as to ease the implementation of the proposed methods. To this end, we show how to use modeltheoretic, rewritingbased theorem proving
Fast Reflexive Arithmetic Tactics the linear case and beyond
 in "Types for Proofs and Programs (TYPES’06)", Lecture Notes in Computer Science
, 2006
"... Abstract. When goals fall in decidable logic fragments, users of proofassistants expect automation. However, despite the availability of decision procedures, automation does not come for free. The reason is that decision procedures do not generate proof terms. In this paper, we show how to design ef ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
Abstract. When goals fall in decidable logic fragments, users of proofassistants expect automation. However, despite the availability of decision procedures, automation does not come for free. The reason is that decision procedures do not generate proof terms. In this paper, we show how to design efficient and lightweight reflexive tactics for a hierarchy of quantifierfree fragments of integer arithmetics. The tactics can cope with a wide class of linear and nonlinear goals. For each logic fragment, offtheshelf algorithms generate certificates of infeasibility that are then validated by straightforward reflexive checkers proved correct inside the proofassistant. This approach has been prototyped using the Coq proofassistant. Preliminary experiments are promising as the tactics run fast and produce small proof terms. 1
A case study of C source code verification: the SchorrWaite algorithm
 In 3rd IEEE Intl. Conf. SEFM’05
, 2005
"... We describe an experiment of formal verification of C source code, using the CADUCEUS tool. We performed a full formal proof of the classical SchorrWaite graphmarking algorithm, which has already been used several times as a case study for formal reasoning on pointer programs. Our study is origina ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
We describe an experiment of formal verification of C source code, using the CADUCEUS tool. We performed a full formal proof of the classical SchorrWaite graphmarking algorithm, which has already been used several times as a case study for formal reasoning on pointer programs. Our study is original with respect to previous experiments for several reasons. First, we use a generalpurpose tool for C programs: we start from a real source code written in C, specified using an annotation language for arbitrary C programs. Second, we use several theorem provers as backends, both automatic and interactive. Third, we indeed formally establish more properties of the algorithm than previous works, in particular a formal proof of termination is made 1. Keywords: Formal verification, FloydHoare logic, Pointer programs, Aliasing, C programming language. The SchorrWaite algorithm is the first moutain that any formalism for pointer aliasing should climb. — Richard Bornat ([4], page 121) 1.
C.G.: Combining lists with nonstably infinite theories
 In: Proc. LPAR’04. LNCS
, 2004
"... Abstract. In program verification one has often to reason about lists over elements of a given nature. Thus, it becomes important to be able to combine the theory of lists with a generic theory T modeling the elements. This combination can be achieved using the NelsonOppen method only if T is stabl ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
Abstract. In program verification one has often to reason about lists over elements of a given nature. Thus, it becomes important to be able to combine the theory of lists with a generic theory T modeling the elements. This combination can be achieved using the NelsonOppen method only if T is stably infinite. The goal of this paper is to relax the stableinfiniteness requirement. More specifically, we provide a new method that is able to combine the theory of lists with any theory T of the elements, regardless of whether T is stably infinite or not. The crux of our combination method is to guess an arrangement over a set of variables that is larger than the one considered by Nelson and Oppen. Furthermore, our results entail that it is also possible to combine T with the more general theory of lists with a length function. 1