Results 1  10
of
32
Finding minimal unsatisfiable cores of declarative specifications
 In FM ’08
, 2008
"... Abstract. Declarative specifications exhibit a variety of problems, such as inadvertently overconstrained axioms and underconstrained conjectures, that are hard to diagnose with model checking and theorem proving alone. Recycling core extraction is a new coverage analysis that pinpoints an irredu ..."
Abstract

Cited by 18 (9 self)
 Add to MetaCart
Abstract. Declarative specifications exhibit a variety of problems, such as inadvertently overconstrained axioms and underconstrained conjectures, that are hard to diagnose with model checking and theorem proving alone. Recycling core extraction is a new coverage analysis that pinpoints an irreducible unsatisfiable core of a declarative specification. It is based on resolution refutation proofs generated by resolution engines, such as SAT solvers and resolution theorem provers. The extraction algorithm is described, and proved correct, for a generalized specification language with a regular translation to the input logic of a resolution engine. It has been implemented for the Alloy language and evaluated on a variety of specifications, with promising results. 1
Lemma learning in the model evolution calculus
, 2006
"... The Model Evolution (ME) Calculus is a proper lifting to firstorder logic of the DPLL procedure, a backtracking search procedure for propositional satisfiability. Like DPLL, the ME calculus is based on the idea of incrementally building a model of the input formula by alternating constraint propag ..."
Abstract

Cited by 11 (6 self)
 Add to MetaCart
(Show Context)
The Model Evolution (ME) Calculus is a proper lifting to firstorder logic of the DPLL procedure, a backtracking search procedure for propositional satisfiability. Like DPLL, the ME calculus is based on the idea of incrementally building a model of the input formula by alternating constraint propagation steps with nondeterministic decision steps. One of the major conceptual improvements over basic DPLL is lemma learning, a mechanism for generating new formulae that prevent later in the search combinations of decision steps guaranteed to lead to failure. We introduce three lemma generation methods for ME proof procedures, with various degrees of power, effectiveness in reducing search, and computational overhead. Even if formally correct, each of these methods presents complications that do not exist at the propositional level but need to be addressed for learning to be effective in practice for ME. We discuss some of these issues and present initial experimental results on the performance of an implementation within Darwin of the three learning procedures. 1
Finite model finding in SMT
"... Abstract. SMT solvers have been used successfully as reasoning engines for automated verification. Current techniques for dealing with quantified formulas in SMT are generally incomplete, forcing SMT solvers to report “unknown ” when they fail to prove the unsatisfiability of a formula with quantif ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
(Show Context)
Abstract. SMT solvers have been used successfully as reasoning engines for automated verification. Current techniques for dealing with quantified formulas in SMT are generally incomplete, forcing SMT solvers to report “unknown ” when they fail to prove the unsatisfiability of a formula with quantifiers. This inability to return countermodels limits their usefulness in applications that produce quantified verification conditions. We present a novel finite model finding method that reduces these limitations in the case of quantifiers ranging over free sorts. Our method contrasts with previous approaches for finite model finding in firstorder logic by not relying on the introduction of domain constants for the free sorts and by being fully integrated into the general architecture used by most SMT solvers. This integration is achieved through the addition of a novel solver for sort cardinality constraints and a module for quantifier instantiation over finite domains. Initial experiments with verification conditions generated from a deductive verification tool developed at Intel Corp. show that our approach compares quite favorably with the state of the art in SMT. 1
ME(LIA) Model Evolution With Linear Integer Arithmetic Constraints
"... Many applications of automated deduction require reasoning modulo some form of integer arithmetic. Unfortunately, theory reasoning support for the integers in current theorem provers is sometimes too weak for practical purposes. In this paper we propose a novel calculus for a large fragment of first ..."
Abstract

Cited by 10 (6 self)
 Add to MetaCart
(Show Context)
Many applications of automated deduction require reasoning modulo some form of integer arithmetic. Unfortunately, theory reasoning support for the integers in current theorem provers is sometimes too weak for practical purposes. In this paper we propose a novel calculus for a large fragment of firstorder logic modulo Linear Integer Arithmetic (LIA) that overcomes several limitations of existing theory reasoning approaches. The new calculus — based on the Model Evolution calculus, a firstorder logic version of the propositional DPLL procedure — supports restricted quantifiers, requires only a decision procedure for LIAvalidity instead of a complete LIAunification procedure, and is amenable to strong redundancy criteria. We present a basic version of the calculus and prove it sound and (refutationally) complete. 1.
Semantic Selection of Premisses for Automated Theorem Proving
 PROC. THE CADE21 WORKSHOP ON EMPIRICALLY SUCCESSFUL AUTOMATED REASONING IN LARGE THEORIES (ESARLT2007)
, 2007
"... We develop and implement a novel algorithm for discovering the optimal sets of premisses for proving and disproving conjectures in firstorder logic. The algorithm uses interpretations to semantically analyze the conjectures and the set of premisses of the given theory to find the optimal subsets of ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
We develop and implement a novel algorithm for discovering the optimal sets of premisses for proving and disproving conjectures in firstorder logic. The algorithm uses interpretations to semantically analyze the conjectures and the set of premisses of the given theory to find the optimal subsets of the premisses. For each given conjecture the algorithm repeatedly constructs interpretations using an automated model finder, uses the interpretations to compute the optimal subset of premisses (based on the knowledge it has at the point) and tries to prove the conjecture using an automated theorem prover. 1 Importance of selecting appropriate premisses in automated theorem proving A proper set of premisses 1 can be essential for proving a conjecture by an automated theorem prover. Clearly, the larger the number of the initial premisses the larger the number of the inferred formulae. And as for the most proving techniques the number of inferred formulae is in general superexponential in the number of input formulae,
Encoding Industrial Hardware Verification Problems into Effectively Propositional Logic
, 2010
"... Wordlevel bounded model checking and equivalence checking problems are naturally encoded in the theory of bitvectors and arrays. The standard practice of deciding formulas of such theories in the hardware industry is either SAT (using bitblasting) or SMTbased methods. These methods perform rea ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
(Show Context)
Wordlevel bounded model checking and equivalence checking problems are naturally encoded in the theory of bitvectors and arrays. The standard practice of deciding formulas of such theories in the hardware industry is either SAT (using bitblasting) or SMTbased methods. These methods perform reasoning on a low level but perform it very efficiently. To find alternative potentially promising model checking and equivalence checking methods, a natural idea is to lift reasoning from the bit and bitvector levels to higher levels. In such an attempt, in [14] we proposed translating memory designs into the Effectively PRopositional (EPR) fragment of firstorder logic. The first experiments with using such a translation have been encouraging but raised some questions. Since the highlevel encoding we used was incomplete (yet avoiding bitblasting) some equivalences could not be proved. Another problem was that there was no natural correspondence between models of EPR formulas and bitvector based models that would demonstrate nonequivalence and hence design errors. This paper addresses these problems by providing more refined translations of equivalence checking problems arising from hardware verification into EPR formulas. We provide three such translations and formulate their properties. All three translations are designed in such a way that models of EPR problems can be translated into bitvector models demonstrating nonequivalence. We also evaluate the best EPR solvers on industrial equivalence checking problems and compare them with SMT solvers designed and tuned for such formulas specifically. We present empirical evidence demonstrating that EPRbased methods and solvers are competitive.
Exploiting symmetry in SMT problems
"... Methods exploiting problem symmetries have been very successful in several areas including constraint programming and SAT solving. We here recast a technique to enhance the performance of SMTsolvers by detecting symmetries in the input formulas and use them to prune the search space of the SMT al ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Methods exploiting problem symmetries have been very successful in several areas including constraint programming and SAT solving. We here recast a technique to enhance the performance of SMTsolvers by detecting symmetries in the input formulas and use them to prune the search space of the SMT algorithm. This technique is based on the concept of (syntactic) invariance by permutation of constants. An algorithm for solving SMT by taking advantage of such symmetries is presented. The implementation of this algorithm in the SMTsolver veriT is used to illustrate the practical benefits of this approach. It results in a significant improvement of veriT’s performances on the SMTLIB benchmarks that places it ahead of the winners of the last editions of the SMTCOMP contest in the QF UF category.
InstGen – A Modular Approach to InstantiationBased Automated Reasoning
"... Abstract. InstGen is an instantiationbased reasoning method for firstorder logic introduced in [18]. One of the distinctive features of InstGen is a modular combination of firstorder reasoning with efficient ground reasoning. Thus, InstGen provides a framework for utilising efficient offthes ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
Abstract. InstGen is an instantiationbased reasoning method for firstorder logic introduced in [18]. One of the distinctive features of InstGen is a modular combination of firstorder reasoning with efficient ground reasoning. Thus, InstGen provides a framework for utilising efficient offtheshelf propositional SAT and SMT solvers as part of general firstorder reasoning. In this paper we present a unified view on the developments of the InstGen method: (i) completeness proofs; (ii) abstract and concrete criteria for redundancy elimination, including dismatching constraints and global subsumption; (iii) implementation details and evaluation. 1
Finite models for formal security proofs
 JOURNAL OF COMPUTER SECURITY
, 2009
"... Firstorder logic models of security for cryptographic protocols, based on variants of the DolevYao model, are now wellestablished tools. Given that we have checked a given security protocol π using a given firstorder prover, how hard is it to extract a formally checkable proof of it, as required ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
Firstorder logic models of security for cryptographic protocols, based on variants of the DolevYao model, are now wellestablished tools. Given that we have checked a given security protocol π using a given firstorder prover, how hard is it to extract a formally checkable proof of it, as required in, e.g., common criteria at the highest evaluation level (EAL7)? We demonstrate that this is surprisingly hard in the general case: the problem is nonrecursive. Nonetheless, we show that we can instead extract finite models M from a set S of clauses representing π, automatically, and give two ways of doing so. We then define a modelchecker testing M  = S, and show how we can instrument it to output a formally checkable proof, e.g., in Coq. Experience on a number of protocols shows that this is practical, and that even complex (secure) protocols modulo equational theories have small finite models, making our approach suitable.
Noncyclic sorts for firstorder satisfiability
"... Abstract. In this paper we investigate the finite satisfiability problem for firstorder logic. We show that the finite satisfiability problem can be represented as a sequence of satisfiability problems in a fragment of manysorted logic, which we call the noncyclic fragment. The noncyclic fragment ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we investigate the finite satisfiability problem for firstorder logic. We show that the finite satisfiability problem can be represented as a sequence of satisfiability problems in a fragment of manysorted logic, which we call the noncyclic fragment. The noncyclic fragment can be seen as a generalisation of the effectively propositional fragment (EPR) in the manysorted setting. We show that the noncyclic fragment is decidable by instantiationbased methods and present a linear time algorithm for checking whether a given clause set is in this fragment. One of the distinctive features of our finite satisfiability translation is that it avoids unnecessary flattening of terms, which can be crucial for efficiency. We implemented our finite model finding translation in iProver and evaluated it over the TPTP library. Using our translation it was possible solve a large class of problems which could not be solved by other systems. 1