Results 1  10
of
33
Lazy Satisfiability Modulo Theories
 JOURNAL ON SATISFIABILITY, BOOLEAN MODELING AND COMPUTATION 3 (2007) 141Â224
, 2007
"... Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingl ..."
Abstract

Cited by 97 (38 self)
 Add to MetaCart
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingly important due to its applications in many domains in different communities, in particular in formal verification. An amount of papers with novel and very efficient techniques for SMT has been published in the last years, and some very efficient SMT tools are now available. Typical SMT (T) problems require testing the satisfiability of formulas which are Boolean combinations of atomic propositions and atomic expressions in T, so that heavy Boolean reasoning must be efficiently combined with expressive theoryspecific reasoning. The dominating approach to SMT (T), called lazy approach, is based on the integration of a SAT solver and of a decision procedure able to handle sets of atomic constraints in T (Tsolver), handling respectively the Boolean and the theoryspecific components of reasoning. Unfortunately, neither the problem of building an efficient SMT solver, nor even that
Type Checking with Open Type Functions
"... We report on an extension of Haskell with open typelevel functions and equality constraints that unifies earlier work on GADTs, functional dependencies, and associated types. The contribution of the paper is that we identify and characterise the key technical challenge of entailment checking; and w ..."
Abstract

Cited by 39 (21 self)
 Add to MetaCart
(Show Context)
We report on an extension of Haskell with open typelevel functions and equality constraints that unifies earlier work on GADTs, functional dependencies, and associated types. The contribution of the paper is that we identify and characterise the key technical challenge of entailment checking; and we give a novel, decidable, sound, and complete algorithm to solve it, together with some practicallyimportant variants. Our system is implemented in GHC, and is already in active use.
The Algebra of Equality Proofs
 IN JÜRGEN GIESL, EDITOR, 16TH INTERNATIONAL CONFERENCE ON REWRITING TECHNIQUES AND APPLICATIONS
, 2005
"... Proofs of equalities may be built from assumptions using proof rules for reflexivity, symmetry, and transitivity. Reflexivity is an axiom proving x=x for any x; symmetry is a 1premise rule taking a proof of x=y and returning a proof of y=x; and transitivity is a 2premise rule taking proofs of x= ..."
Abstract

Cited by 11 (5 self)
 Add to MetaCart
(Show Context)
Proofs of equalities may be built from assumptions using proof rules for reflexivity, symmetry, and transitivity. Reflexivity is an axiom proving x=x for any x; symmetry is a 1premise rule taking a proof of x=y and returning a proof of y=x; and transitivity is a 2premise rule taking proofs of x=y and y=z, and returning a proof of x=z. Define an equivalence relation to hold between proofs iff they prove a theorem in common. The main theoretical result of the paper is that if all assumptions are independent, this equivalence relation is axiomatized by the standard axioms of group theory: reflexivity is the unit of the group, symmetry is the inverse, and transitivity is the multiplication. Using a standard completion of the group axioms, we obtain a rewrite system which puts equality proofs into canonical form. Proofs in this canonical form use the fewest possible assumptions, and a proof can be canonized in linear time using a simple strategy. This result is applied to obtain a simple extension of the unionfind algorithm for ground equational reasoning which produces minimal proofs. The time complexity of the original unionfind operations is preserved, and minimal proofs are produced in worstcase time O(n log 2 3), where n is the number of expressions being equated. As a second application, the approach is used to achieve significant performance improvements for the CVC cooperating decision procedure.
From Propositional Satisfiability to Satisfiability Modulo Theories
 In Theory and Applications of Satisfiability Testing (SAT
, 2006
"... Abstract. In this paper we present a review of SATbased approaches for building scalable and efficient decision procedures for quantifierfree firstorder logic formulas in one or more decidable theories, known as Satisfiability Modulo Theories (SMT) problems. As applied to different system verific ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we present a review of SATbased approaches for building scalable and efficient decision procedures for quantifierfree firstorder logic formulas in one or more decidable theories, known as Satisfiability Modulo Theories (SMT) problems. As applied to different system verification problems, SMT problems comprise of different theories including fragments of elementary theory of numbers, the theory of arrays, the theory of list structures, etc. In this paper we focus on different DPLLstyle satisfiability procedures for decidable fragments of the theory of integers. Leveraging the advances made in SAT solvers in the past decade, we introduce several SATbased SMT solving methods that in many applications have outperformed classical decision methods. Aside from the classical method of translating the SMT formula to a purely Boolean problem, in recent methods, a SAT solver is utilized to serve as the “glue ” that ties together the different theory atoms and forms the basis for reasoning and learning within and across them. Several methods have been developed to provide a combination framework for implications to flow through the theory solvers and to possibly activate other theory atoms based on the current assignments. Similarly, conflictbased learning is also extended to enable the creation of learned clauses comprising of the combination of theory atoms. Additional methods unique to one or more types of theory atoms have also been proposed that learn more expressive constraints and significantly increase the pruning power of these combination schemes. We will describe several combination strategies and their impact on scalability and performance of the overall solver in different settings and applications. 1
Modular SMT Proofs for Fast Reflexive Checking inside Coq
 FIRST INTERNATIONAL CONFERENCE ON CERTIFIED PROGRAMS AND PROOFS
, 2011
"... We present a new methodology for exchanging unsatisfiability proofs between an untrusted SMT solver and a sceptical proof assistant with computation capabilities like Coq. We advocate modular SMT proofs that separate boolean reasoning and theory reasoning; and structure the communication between th ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
(Show Context)
We present a new methodology for exchanging unsatisfiability proofs between an untrusted SMT solver and a sceptical proof assistant with computation capabilities like Coq. We advocate modular SMT proofs that separate boolean reasoning and theory reasoning; and structure the communication between theories using NelsonOppen combination scheme. We present the design and implementation of a Coq reflexive verifier that is modular and allows for finetuned theoryspecific verifiers. The current verifier is able to verify proofs for quantifierfree formulae mixing linear arithmetic and uninterpreted functions. Our proof generation scheme benefits from the efficiency of stateoftheart SMT solvers while being independent from a specific SMT solver proof format. Our only requirement for the SMT solver is the ability to extract unsat cores and generate boolean models. In practice, unsat cores are relatively small and their proof is obtained with a modest overhead by our proofproducing prover. We present experiments assessing the feasibility of the approach for benchmarks obtained from the SMT competition.
Challenges in Satisfiability Modulo Theories
 In (TRA2007
, 2007
"... Abstract. Here we give a short overview of the DPLL(T) approach to Satisfiability Modulo Theories (SMT), which is at the basis of current stateoftheart SMT systems. After that, we provide a documented list of theoretical and practical current challenges related to SMT, including some new ideas to ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Here we give a short overview of the DPLL(T) approach to Satisfiability Modulo Theories (SMT), which is at the basis of current stateoftheart SMT systems. After that, we provide a documented list of theoretical and practical current challenges related to SMT, including some new ideas to exploit SAT techniques in Constraint Programming. 1
A Scalable Decision Procedure for FixedWidth BitVectors
 IN ICCAD
, 2009
"... Efficient decision procedures for bitvectors are essential for modern verification frameworks. This paper describes a new decision procedure for the core theory of bitvectors that exploits a reduction to equality reasoning. The procedure is embedded in a congruence closure algorithm, whose data st ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Efficient decision procedures for bitvectors are essential for modern verification frameworks. This paper describes a new decision procedure for the core theory of bitvectors that exploits a reduction to equality reasoning. The procedure is embedded in a congruence closure algorithm, whose data structures are extended in order to efficiently manage the relations between bitvector slicings, modulo equivalence classes. The resulting procedure is incremental, backtrackable, and proof producing: it can be used as a theorysolver for a lazy SMT schema. Experiments show that our approach is comparable and often superior to bitblasting on the core fragment, and that it also helps as a theory layer when applied over the full bitvector theory.
Proofs and Refutations, and Z3
"... Z3 [3] is a stateoftheart Satisfiability Modulo Theories (SMT) solver freely available from Microsoft Research. It solves the decision problem for quantifierfree formulas with respect to combinations of theories, such as arithmetic, bitvectors, arrays, and uninterpreted functions. Z3 is used in ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
Z3 [3] is a stateoftheart Satisfiability Modulo Theories (SMT) solver freely available from Microsoft Research. It solves the decision problem for quantifierfree formulas with respect to combinations of theories, such as arithmetic, bitvectors, arrays, and uninterpreted functions. Z3 is used in various software analysis and testcase generation projects at Microsoft Research and elsewhere. The requirements from the userbase range from establishing validity, dually unsatisfiability, of firstorder formulas; to identify invalid, dually satisfiable, formulas. In both cases, there is often a need for more than just a yes/no answer from the prover. A model can exhibit why an invalid formula is not provable, and a proofobject can certify the validity of a formula. This paper describes the proofproducing internals of Z3. We also briefly introduce the modelproducing facilities. We emphasize two features that can be of general interest: (1) we introduce a notion of implicit quotation to avoid introducing auxiliary variables, it simplifies the creation of proof objects considerably; (2) we produce natural deduction style proofs to facilitate modular proof reconstruction.
QuickSpec: Guessing formal specifications using testing
 In Tests and Proofs, Fourth International Conference, TAP
, 2010
"... Abstract. We present QuickSpec, a tool that automatically generates algebraic specifications for sets of pure functions. The tool is based on testing, rather than static analysis or theorem proving. The main challenge QuickSpec faces is to keep the number of generated equations to a minimum while ma ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We present QuickSpec, a tool that automatically generates algebraic specifications for sets of pure functions. The tool is based on testing, rather than static analysis or theorem proving. The main challenge QuickSpec faces is to keep the number of generated equations to a minimum while maintaining completeness. We demonstrate how QuickSpec can improve one’s understanding of a program module by exploring the laws that are generated using two case studies: a heap library for Haskell and a fixedpoint arithmetic library for Erlang. 1
Ground interpolation for the theory of equality
 In Proceedings of TACAS’09, S. Kowalewski and A. Philippou, Eds. LNCS
, 2009
"... Abstract. Given a theory T and two formulas A and B jointly unsatisfiable in T, a theory interpolant of A and B is a formula I such that (i) its nontheory symbols are shared by A and B, (ii) it is entailed by A in T, and (iii) it is unsatisfiable with B in T. Theory interpolants are used in model c ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Given a theory T and two formulas A and B jointly unsatisfiable in T, a theory interpolant of A and B is a formula I such that (i) its nontheory symbols are shared by A and B, (ii) it is entailed by A in T, and (iii) it is unsatisfiable with B in T. Theory interpolants are used in model checking to accelerate the computation of reachability relations. We present a novel method for computing ground interpolants for ground formulas in the theory of equality. Our algorithm computes interpolants from colored congruence graphs representing derivations in the theory of equality. These graphs can be produced by conventional congruence closure algorithms in a straightforward manner. By working with graphs, rather than at the level of individual proof steps, we are able to derive interpolants that are pleasingly simple (conjunctions of Horn clauses) and smaller than those generated by other tools. 1