## Proofs and Refutations, and Z3

### Cached

### Download Links

Citations: | 6 - 0 self |

### BibTeX

@MISC{Moura_proofsand,

author = {Leonardo de Moura and Nikolaj Bjørner},

title = {Proofs and Refutations, and Z3},

year = {}

}

### OpenURL

### Abstract

Z3 [3] is a state-of-the-art Satisfiability Modulo Theories (SMT) solver freely available from Microsoft Research. It solves the decision problem for quantifier-free formulas with respect to combinations of theories, such as arithmetic, bit-vectors, arrays, and uninterpreted functions. Z3 is used in various software analysis and test-case generation projects at Microsoft Research and elsewhere. The requirements from the user-base range from establishing validity, dually unsatisfiability, of firstorder formulas; to identify invalid, dually satisfiable, formulas. In both cases, there is often a need for more than just a yes/no answer from the prover. A model can exhibit why an invalid formula is not provable, and a proof-object can certify the validity of a formula. This paper describes the proof-producing internals of Z3. We also briefly introduce the model-producing facilities. We emphasize two features that can be of general interest: (1) we introduce a notion of implicit quotation to avoid introducing auxiliary variables, it simplifies the creation of proof objects considerably; (2) we produce natural deduction style proofs to facilitate modular proof re-construction.

### Citations

1205 | Chaff: Engineering an Efficient SAT Solver
- Moskewicz, Madigan, et al.
- 2001
(Show Context)
Citation Context ... 123Proofs and Refutations, and Z3 de Moura, Bjørner as we adapt a natural deduction style calculus. This contrasts with existing proof-producing SAT solvers that generate resolution proofs directly =-=[10, 6, 21]-=-. We are obviously not the first to use natural deduction in the context of SMT, for example, [9], investigates efficient proof checking of natural deduction style proofs by implementing inference rul... |

216 | A fast linear-arithmetic solver for DPLL(T
- Dutertre, Moura
(Show Context)
Citation Context ...3.2 Arithmetic Implicit quotation is also used when introducing auxiliary variables for theories, such as the theory for linear arithmetic. Let us recall how the Simplex solver in Z3 works. Following =-=[5]-=-, a theory solver for 126Proofs and Refutations, and Z3 de Moura, Bjørner linear arithmetic, and integer linear arithmetic can be based on a Simplex Tableau of the form: xi ≃ ∑ x j∈N ai jx j xi ∈ B, ... |

164 |
Proofs and Refutations
- Lakatos
- 1976
(Show Context)
Citation Context ... style proofs to facilitate modular proof re-construction. 1 Introduction The title of our paper borrows from Imre Lakatos’s famous book on conjectures, proofs and refutations in informal mathematics =-=[7]-=-, yet our setting is machine checked proofs, that are penultimately given in a context of formal systems where proofs are derived from axioms. Proofs in our context are derivations from axioms, or der... |

161 | Solving SAT and SAT Modulo Theories: From an abstract Davis–Putnam–Logemann–Loveland procedure to DPLL(T
- Nieuwenhuis, Oliveras, et al.
(Show Context)
Citation Context ...thin a DPLL(T ) architecture. 128Proofs and Refutations, and Z3 de Moura, Bjørner 3.4.1 Proofs from DPLL(T ) The propositional inference engine in Z3 is based on a DPLL(T ) architecture. We refer to =-=[13]-=- for an exposition on a basic introduction on DPLL(T ) as a transition system. The main points we will use is that DPLL(T ) maintains a state of the form M ||F during search, where M is a partial assi... |

117 | Paramodulation-based theorem proving
- Nieuwenhuis, Rubio
- 2001
(Show Context)
Citation Context ... stating equi-satisfiability of formulas. Furthermore, Z3 contains a module that produces and integrates proofs in a superposition calculus [4]. The proof terms are the usual superposition inferences =-=[12]-=-. That material is beyond the scope of this paper. 3.2 Simplification Rewriting In a first phase, formulas are simplified using a rewriting simplifier. The simplifier applies standard simplification r... |

94 | Computing small clause normal forms
- Nonnengart, Weidenbach
- 2001
(Show Context)
Citation Context ...F1) = cnf ′ (ϕ), (ℓ2,F2) = cnf ′ (ψ) in (p,F1 ∧ F2 ∧ (ℓ1 ∨ ℓ2 ∨ ¬p) ∧ (p ∨ ¬ℓ1) ∧ (p ∨ ¬ℓ2)) p is fresh More sophisticated CNF conversions that do not introduce fresh names for all sub-formulas exist =-=[14]-=-. They control the number of auxiliary literals and clauses introduced during clausification. Z3 does not introduce auxiliary predicates during internalization of quantifier-free formulas. Instead, it... |

53 |
de Moura and Nikolaj Bjørner. Z3: An efficient SMT solver
- Leonardo
(Show Context)
Citation Context ...et of clauses. 4.1 Applications Models are by now used in a number of Z3 clients. The main clients that use models are the program exploration and test-case generation tools Pex and SAGE (we refer to =-=[3]-=- for all pointers). They extract symbolic path conditions by monitoring program executions and use Z3 to find alternate inputs that can guide the next execution into a different branch. Models are als... |

33 | Proof-Producing Congruence Closure
- Nieuwenhuis, Oliveras
- 2005
(Show Context)
Citation Context ... with the Boolean satisfiability core. It serves as a main hub for equality propagation. The efficient extraction of minimal justifications for congruence closure proofs has been studied extensively, =-=[11]-=-. We here summarize the proof objects that are extracted from the justifications. The theory of equality can be captured by axioms for reflexivity, symmetry, transitivity, and substitutivity of equali... |

29 | Efficient interpolant generation in satisfiability modulo theories
- Cimatti, Griggio, et al.
- 2008
(Show Context)
Citation Context ...fine a notion of implicit quotation that allows us to encode a Tseitsin’ style clausification without introducing auxiliary symbols. Other proof-producing SMT systems that we are aware of [18], [19], =-=[2]-=-, [22], introduce auxiliary symbols (such as proxy literals) during clausification and other transformations. Such symbols can impede optimizations in the theory solvers (we provide an example in Sect... |

28 | L.C.: Translating higher-order clauses to first-order clauses
- Meng, Paulson
- 2008
(Show Context)
Citation Context ... can proofs be mined for strategies that are helpful for speeding up proofs for a class of problems? Interpolation. Proof visualization. Finally, in the context of Isabelle/HOL, it has been suggested =-=[8]-=- to translate HOL formulas (which use polymorphism), into first-order untyped formulas. A potentially unsound translation is then run through first-order provers, but the produced proofs (currently ap... |

20 | Learning Search Control Knowledge for Equational Theorem Proving
- Schulz
- 2001
(Show Context)
Citation Context ...ty for displaying proof-terms, but the proof term visualization very easily becomes too large to be of any use. In future applications, we envision applications of proofs in Z3, such as: Proof-mining =-=[17]-=-; can proofs be mined for strategies that are helpful for speeding up proofs for a class of problems? Interpolation. Proof visualization. Finally, in the context of Isabelle/HOL, it has been suggested... |

17 | Faster proof checking in the Edinburgh Logical Framework
- Stump, Dill
- 2002
(Show Context)
Citation Context ... We define a notion of implicit quotation that allows us to encode a Tseitsin’ style clausification without introducing auxiliary symbols. Other proof-producing SMT systems that we are aware of [18], =-=[19]-=-, [2], [22], introduce auxiliary symbols (such as proxy literals) during clausification and other transformations. Such symbols can impede optimizations in the theory solvers (we provide an example in... |

14 |
Rocket-Fast Proof Checking for SMT Solvers
- Moskal
- 2008
(Show Context)
Citation Context ...s contrasts with existing proof-producing SAT solvers that generate resolution proofs directly [10, 6, 21]. We are obviously not the first to use natural deduction in the context of SMT, for example, =-=[9]-=-, investigates efficient proof checking of natural deduction style proofs by implementing inference rules as rewrites. 3. We also do not attempt to specify all inference rules from a smaller set of ax... |

13 |
H.: Efficiently checking propositional refutations in HOL theorem provers
- Weber, Amjad
- 2009
(Show Context)
Citation Context ... 123Proofs and Refutations, and Z3 de Moura, Bjørner as we adapt a natural deduction style calculus. This contrasts with existing proof-producing SAT solvers that generate resolution proofs directly =-=[10, 6, 21]-=-. We are obviously not the first to use natural deduction in the context of SMT, for example, [9], investigates efficient proof checking of natural deduction style proofs by implementing inference rul... |

4 |
Semantic Derivation Verification: Techniques and Implementation
- Sutcliffe
(Show Context)
Citation Context ...(it does not check T -lemmas) proof-checker in Z3 for this purpose. A much more effective strategy for debugging bugs in theory solvers has been to dump the T -lemmas as they are produced. Similar to =-=[20]-=-, we can then apply an independent solver (namely, our previous version of Z3) on the T -lemmas. We found this approach very effective in debugging optimizations that turned out to be unsound. We also... |

3 | Ramakrishnan and Jakob Rehof, editors. Tools and Algorithms for the Construction and Analysis of Systems - R |

3 | Producing proofs from an arithmetic decision procedure in elliptical lf
- Stump, Barrett, et al.
(Show Context)
Citation Context ...ch: 1. We define a notion of implicit quotation that allows us to encode a Tseitsin’ style clausification without introducing auxiliary symbols. Other proof-producing SMT systems that we are aware of =-=[18]-=-, [19], [2], [22], introduce auxiliary symbols (such as proxy literals) during clausification and other transformations. Such symbols can impede optimizations in the theory solvers (we provide an exam... |

3 | Proof translation and SMT-LIB benchmark certification: A preliminary report
- Ge, Barrett
- 2008
(Show Context)
Citation Context ...a notion of implicit quotation that allows us to encode a Tseitsin’ style clausification without introducing auxiliary symbols. Other proof-producing SMT systems that we are aware of [18], [19], [2], =-=[22]-=-, introduce auxiliary symbols (such as proxy literals) during clausification and other transformations. Such symbols can impede optimizations in the theory solvers (we provide an example in Section 3.... |

2 |
and Duckki Oe. Towards an SMT Proof Format
- Stump
- 2008
(Show Context)
Citation Context ...larity has in fact been sufficient in order to catch implementation bugs. Future work includes investigating whether this approach is practical in the context of proof checkers based on trusted cores =-=[1]-=-. 2 Preliminaries 2.1 Terms and Formulas Z3 uses basic multi-sorted first-order terms. Formulas are just terms of Boolean sort, and terms are built by function application, quantification, and bound v... |