Results 1 
7 of
7
Lazy Satisfiability Modulo Theories
 Journal on Satisfiability, Boolean Modeling and Computation
, 2007
"... Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingl ..."
Abstract

Cited by 74 (32 self)
 Add to MetaCart
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingly important due to its applications in many domains in different communities, in particular in formal verification. An amount of papers with novel and very efficient techniques for SMT has been published in the last years, and some very efficient SMT tools are now available. Typical SMT (T) problems require testing the satisfiability of formulas which are Boolean combinations of atomic propositions and atomic expressions in T, so that heavy Boolean reasoning must be efficiently combined with expressive theoryspecific reasoning. The dominating approach to SMT (T), called lazy approach, is based on the integration of a SAT solver and of a decision procedure able to handle sets of atomic constraints in T (Tsolver), handling respectively the Boolean and the theoryspecific components of reasoning. Unfortunately, neither the problem of building an efficient SMT solver, nor even that of acquiring a comprehensive background knowledge in lazy SMT, is of simple solution. In this paper we present an extensive survey of SMT, with particular focus on the lazy approach. We survey, classify and analyze from a theoryindependent perspective the most effective techniques and optimizations which are of interest for lazy SMT and which have been proposed in various communities; we discuss their relative benefits and drawbacks; we provide some guidelines about their choice and usage; we also analyze the features for SAT solvers and Tsolvers which make them more suitable for an integration. The ultimate goals of this paper are to become a source of a common background knowledge and terminology for students and researchers in different areas, to provide a reference guide for developers of SMT tools, and to stimulate the crossfertilization of techniques and ideas among different communities.
A lazy and layered SMT(BV) solver for hard industrial verification problems
 In Computer Aided Verification (CAV), LNCS
, 2007
"... Abstract. Rarely verification problems originate from bitlevel descriptions. Yet, most of the verification technologies are based on bit blasting, i.e., reduction to boolean reasoning. In this paper we advocate reasoning at higher level of abstraction, within the theory of bit vectors (BV), where s ..."
Abstract

Cited by 17 (6 self)
 Add to MetaCart
Abstract. Rarely verification problems originate from bitlevel descriptions. Yet, most of the verification technologies are based on bit blasting, i.e., reduction to boolean reasoning. In this paper we advocate reasoning at higher level of abstraction, within the theory of bit vectors (BV), where structural information (e.g. equalities, arithmetic functions) is not blasted into bits. Our approach relies on the lazy Satisfiability Modulo Theories (SMT) paradigm. We developed a satisfiability procedure for reasoning about bit vectors that carefully leverages on the power of boolean SAT solver to deal with components that are more naturally “boolean”, and activates bitvector reasoning whenever possible. The procedure has two distinguishing features. First, it relies on the online integration of a SAT solver with an incremental and backtrackable solver for BV that enables dynamical optimization of the reasoning about bit vectors; for instance, this is an improvement over static encoding methods which may generate smaller slices of bitvector variables. Second, the solver for BV is layered (i.e., it privileges cheaper forms of reasoning), and it is based on a flexible use of term rewriting techniques. We evaluate our approach on a set of realistic industrial benchmarks, and demonstrate substantial improvements with respect to stateoftheart boolean satisfiability solvers, as well as other decision procedures for SMT(BV). 1
Design and results of the 1st satisfiability modulo theories competition (SMTCOMP
 Journal of Automated Reasoning
, 2005
"... Abstract. The Satisfiability Modulo Theories Competition (SMTCOMP) is intended to spark further advances in the decision procedures field, especially for applications in hardware and software verification. Public competitions are a wellknown means of stimulating advancement in automated reasoning. ..."
Abstract

Cited by 12 (8 self)
 Add to MetaCart
Abstract. The Satisfiability Modulo Theories Competition (SMTCOMP) is intended to spark further advances in the decision procedures field, especially for applications in hardware and software verification. Public competitions are a wellknown means of stimulating advancement in automated reasoning. Evaluation of SMT solvers entered in SMTCOMP took place while CAV 2005 was meeting. Twelve solvers were entered, 1352 benchmarks were collected in seven different divisions.
Application Specific Higher Order Logic Theorem Proving
 in Proc. of the Verification Workshop  VERIFY’02, S. Autexier and
, 2002
"... Theorem proving allows the formal verification of the correctness of very large systems. In order to increase the acceptance of theorem proving systems during the design process, we implemented higher order logic proof systems for ANSIC and Verilog within a framework for application specific proo ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Theorem proving allows the formal verification of the correctness of very large systems. In order to increase the acceptance of theorem proving systems during the design process, we implemented higher order logic proof systems for ANSIC and Verilog within a framework for application specific proof systems. Furthermore, we implement the language of the PVS theorem prover as wellestablished higher order specification language. The tool allows the verification of the design languages using a PVS specification and the verification of hardware designs using a C program as specification. We implement powerful decision procedures using Model Checkers and satisfiability checkers. We provide experimental results that compare the performance of our tool with PVS on large industrial scale hardware examples.
ABSTRACT Bit Level Types for High Level Reasoning
"... Bitwise operations are commonly used in lowlevel systems code to access multiple data fields that have been packed into a single word. Program analysis tools that reason about such programs must model the semantics of bitwise operations precisely in order to capture program control and data flow th ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Bitwise operations are commonly used in lowlevel systems code to access multiple data fields that have been packed into a single word. Program analysis tools that reason about such programs must model the semantics of bitwise operations precisely in order to capture program control and data flow through these operations. We present a type system for subword data structures that explitictly tracks the flow of bit values in the program and identifies consecutive sections of bits as logical entities manipulated atomically by the programmer. Our type inference algorithm tags each integer value of the program with a bitvector type that identifies the data layout at the subword level. These types are used in a translation phase to remove bitwise operations from the program, thereby allowing verification engines to avoid the expensive lowlevel reasoning required for analyzing bitvector operations. We have used a software model checker to check properties of translated versions of a Linux device driver and a memory protection system. The resulting verification runs could prove many more properties than the naive model checker that did not reason about bitvectors, and could prove properties much faster than a model checker that did reason about bitvectors. We have also applied our bitvector type inference algorithm to generate program documentation for a virtual memory subsystem of an OS kernel. While we have applied the type system mainly for program understanding and verification, bitvector types also have applications to better variable ordering heuristics in boolean model checking and memory optimizations in compilers for embedded software.
Deciding Propositional Combinations of Equalities and Inequalities
"... We address the problem of combining individual decision procedures into a single decision procedure. Our combination approach is based on using the canonizer obtained from Shostak's combination algorithm for equality. We illustrate our approach with a combination algorithm for equality, disequality, ..."
Abstract
 Add to MetaCart
We address the problem of combining individual decision procedures into a single decision procedure. Our combination approach is based on using the canonizer obtained from Shostak's combination algorithm for equality. We illustrate our approach with a combination algorithm for equality, disequality, arithmetic inequality, and propositional logic. Unlike the NelsonOppen combination where the processing of equalities is distributed across different closed decision procedures, our combination involves the centralized processing of equalities in a single procedure. The termination argument for the combination is based on that for Shostak's algorithm. We also give soundness and completeness arguments.
ICS: Integrated Canonizer and Solver (Tool Presentation)
"... ver linear arithmetic terms and propositional logic [1]. The theory currently includes: The usual propositional constants true, false and connectives not, &, , =>, <=>. Equality (=) and disequality (/=). 1 Rational constants and the arithmetic operators +, *, ; multiplication is restricted ..."
Abstract
 Add to MetaCart
ver linear arithmetic terms and propositional logic [1]. The theory currently includes: The usual propositional constants true, false and connectives not, &, , =>, <=>. Equality (=) and disequality (/=). 1 Rational constants and the arithmetic operators +, *, ; multiplication is restricted to multiplication by constants. Arithmetic predicates include an integer test and the usual inequalities <, <=, >, >=. Lookup a[x] and update a[x:=t] operations for a functional array a. The constant sets (empty, full), set membership (x in s), and set operators, including complement (compl(s)), union (s 1 union s 2 ), and intersection (s 1 inter s 2 ). Fixedsized bitvectors including constants 1[i] and 0[i] of size i, concatenation (b 1 ++ b 2 ), extraction (b[i:j]), bitwise operations like bitwise conjunction (conj(b 1 ,b 2 )), and builtin arithmetic relations such as add(b 1 ,b 2 ,b). This latter constraint encodes the fact that the sum of the unsigned interpretations of b