Results 1 - 10
of
32
Finding minimal unsatisfiable cores of declarative specifications
- In FM ’08
, 2008
"... Abstract. Declarative specifications exhibit a variety of problems, such as inadvertently overconstrained axioms and underconstrained conjec-tures, that are hard to diagnose with model checking and theorem prov-ing alone. Recycling core extraction is a new coverage analysis that pin-points an irredu ..."
Abstract
-
Cited by 18 (9 self)
- Add to MetaCart
Abstract. Declarative specifications exhibit a variety of problems, such as inadvertently overconstrained axioms and underconstrained conjec-tures, that are hard to diagnose with model checking and theorem prov-ing alone. Recycling core extraction is a new coverage analysis that pin-points an irreducible unsatisfiable core of a declarative specification. It is based on resolution refutation proofs generated by resolution engines, such as SAT solvers and resolution theorem provers. The extraction al-gorithm is described, and proved correct, for a generalized specification language with a regular translation to the input logic of a resolution en-gine. It has been implemented for the Alloy language and evaluated on a variety of specifications, with promising results. 1
Lemma learning in the model evolution calculus
, 2006
"... The Model Evolution (ME) Calculus is a proper lifting to first-order logic of the DPLL procedure, a backtracking search procedure for propositional satisfiabil-ity. Like DPLL, the ME calculus is based on the idea of incrementally building a model of the input formula by alternating constraint propag ..."
Abstract
-
Cited by 11 (6 self)
- Add to MetaCart
(Show Context)
The Model Evolution (ME) Calculus is a proper lifting to first-order logic of the DPLL procedure, a backtracking search procedure for propositional satisfiabil-ity. Like DPLL, the ME calculus is based on the idea of incrementally building a model of the input formula by alternating constraint propagation steps with non-deterministic decision steps. One of the major conceptual improvements over basic DPLL is lemma learning, a mechanism for generating new formulae that prevent later in the search combinations of decision steps guaranteed to lead to failure. We introduce three lemma generation methods for ME proof procedures, with various degrees of power, effectiveness in reducing search, and computational overhead. Even if formally correct, each of these methods presents complications that do not exist at the propositional level but need to be addressed for learning to be effective in practice for ME. We discuss some of these issues and present initial experimen-tal results on the performance of an implementation within Darwin of the three learning procedures. 1
Finite model finding in SMT
"... Abstract. SMT solvers have been used successfully as reasoning engines for au-tomated verification. Current techniques for dealing with quantified formulas in SMT are generally incomplete, forcing SMT solvers to report “unknown ” when they fail to prove the unsatisfiability of a formula with quantif ..."
Abstract
-
Cited by 10 (5 self)
- Add to MetaCart
(Show Context)
Abstract. SMT solvers have been used successfully as reasoning engines for au-tomated verification. Current techniques for dealing with quantified formulas in SMT are generally incomplete, forcing SMT solvers to report “unknown ” when they fail to prove the unsatisfiability of a formula with quantifiers. This inability to return counter-models limits their usefulness in applications that produce quan-tified verification conditions. We present a novel finite model finding method that reduces these limitations in the case of quantifiers ranging over free sorts. Our method contrasts with previous approaches for finite model finding in first-order logic by not relying on the introduction of domain constants for the free sorts and by being fully integrated into the general architecture used by most SMT solvers. This integration is achieved through the addition of a novel solver for sort car-dinality constraints and a module for quantifier instantiation over finite domains. Initial experiments with verification conditions generated from a deductive ver-ification tool developed at Intel Corp. show that our approach compares quite favorably with the state of the art in SMT. 1
ME(LIA)- Model Evolution With Linear Integer Arithmetic Constraints
"... Many applications of automated deduction require reasoning modulo some form of integer arithmetic. Unfortunately, theory reasoning support for the integers in current theorem provers is sometimes too weak for practical purposes. In this paper we propose a novel calculus for a large fragment of first ..."
Abstract
-
Cited by 10 (6 self)
- Add to MetaCart
(Show Context)
Many applications of automated deduction require reasoning modulo some form of integer arithmetic. Unfortunately, theory reasoning support for the integers in current theorem provers is sometimes too weak for practical purposes. In this paper we propose a novel calculus for a large fragment of first-order logic modulo Linear Integer Arithmetic (LIA) that overcomes several limitations of existing theory reasoning approaches. The new calculus — based on the Model Evolution calculus, a first-order logic version of the propositional DPLL procedure — supports restricted quantifiers, requires only a decision procedure for LIA-validity instead of a complete LIA-unification procedure, and is amenable to strong redundancy criteria. We present a basic version of the calculus and prove it sound and (refutationally) complete. 1.
Semantic Selection of Premisses for Automated Theorem Proving
- PROC. THE CADE-21 WORKSHOP ON EMPIRICALLY SUCCESSFUL AUTOMATED REASONING IN LARGE THEORIES (ESARLT-2007)
, 2007
"... We develop and implement a novel algorithm for discovering the optimal sets of premisses for proving and disproving conjectures in first-order logic. The algorithm uses interpretations to semantically analyze the conjectures and the set of premisses of the given theory to find the optimal subsets of ..."
Abstract
-
Cited by 9 (0 self)
- Add to MetaCart
We develop and implement a novel algorithm for discovering the optimal sets of premisses for proving and disproving conjectures in first-order logic. The algorithm uses interpretations to semantically analyze the conjectures and the set of premisses of the given theory to find the optimal subsets of the premisses. For each given conjecture the algorithm repeatedly constructs interpretations using an automated model finder, uses the interpretations to compute the optimal subset of premisses (based on the knowledge it has at the point) and tries to prove the conjecture using an automated theorem prover. 1 Importance of selecting appropriate premisses in automated theorem proving A proper set of premisses 1 can be essential for proving a conjecture by an automated theorem prover. Clearly, the larger the number of the initial premisses the larger the number of the inferred formulae. And as for the most proving techniques the number of inferred formulae is in general super-exponential in the number of input formulae,
Encoding Industrial Hardware Verification Problems into Effectively Propositional Logic
, 2010
"... Word-level bounded model checking and equivalence checking problems are naturally encoded in the theory of bit-vectors and arrays. The standard practice of deciding formulas of such theories in the hardware industry is either SAT- (using bit-blasting) or SMT-based methods. These methods perform rea ..."
Abstract
-
Cited by 7 (4 self)
- Add to MetaCart
(Show Context)
Word-level bounded model checking and equivalence checking problems are naturally encoded in the theory of bit-vectors and arrays. The standard practice of deciding formulas of such theories in the hardware industry is either SAT- (using bit-blasting) or SMT-based methods. These methods perform reasoning on a low level but perform it very efficiently. To find alternative potentially promising model checking and equivalence checking methods, a natural idea is to lift reasoning from the bit and bit-vector levels to higher levels. In such an attempt, in [14] we proposed translating memory designs into the Effectively PRopositional (EPR) fragment of first-order logic. The first experiments with using such a translation have been encouraging but raised some questions. Since the high-level encoding we used was incomplete (yet avoiding bit-blasting) some equivalences could not be proved. Another problem was that there was no natural correspondence between models of EPR formulas and bit-vector based models that would demonstrate non-equivalence and hence design errors. This paper addresses these problems by providing more refined translations of equivalence checking problems arising from hardware verification into EPR formulas. We provide three such translations and formulate their properties. All three translations are designed in such a way that models of EPR problems can be translated into bit-vector models demonstrating non-equivalence. We also evaluate the best EPR solvers on industrial equivalence checking problems and compare them with SMT solvers designed and tuned for such formulas specifically. We present empirical evidence demonstrating that EPR-based methods and solvers are competitive.
Exploiting symmetry in SMT problems
"... Methods exploiting problem symmetries have been very successful in several areas including constraint programming and SAT solving. We here recast a technique to enhance the performance of SMT-solvers by detecting symmetries in the input formulas and use them to prune the search space of the SMT al ..."
Abstract
-
Cited by 7 (2 self)
- Add to MetaCart
Methods exploiting problem symmetries have been very successful in several areas including constraint programming and SAT solving. We here recast a technique to enhance the performance of SMT-solvers by detecting symmetries in the input formulas and use them to prune the search space of the SMT algorithm. This technique is based on the concept of (syntactic) invariance by permutation of constants. An algorithm for solving SMT by taking advantage of such symmetries is presented. The implementation of this algorithm in the SMT-solver veriT is used to illustrate the practical benefits of this approach. It results in a significant improvement of veriT’s performances on the SMT-LIB benchmarks that places it ahead of the winners of the last editions of the SMT-COMP contest in the QF UF category.
Inst-Gen – A Modular Approach to Instantiation-Based Automated Reasoning
"... Abstract. Inst-Gen is an instantiation-based reasoning method for first-order logic introduced in [18]. One of the distinctive features of Inst-Gen is a modular combination of first-order reasoning with efficient ground reasoning. Thus, Inst-Gen provides a framework for utilising efficient off-the-s ..."
Abstract
-
Cited by 6 (2 self)
- Add to MetaCart
(Show Context)
Abstract. Inst-Gen is an instantiation-based reasoning method for first-order logic introduced in [18]. One of the distinctive features of Inst-Gen is a modular combination of first-order reasoning with efficient ground reasoning. Thus, Inst-Gen provides a framework for utilising efficient off-the-shelf propositional SAT and SMT solvers as part of general first-order reasoning. In this paper we present a unified view on the developments of the Inst-Gen method: (i) completeness proofs; (ii) abstract and concrete criteria for redundancy elimination, including dismatching constraints and global subsumption; (iii) implementation details and evaluation. 1
Finite models for formal security proofs
- JOURNAL OF COMPUTER SECURITY
, 2009
"... First-order logic models of security for cryptographic protocols, based on variants of the Dolev-Yao model, are now well-established tools. Given that we have checked a given security protocol π using a given first-order prover, how hard is it to extract a formally checkable proof of it, as required ..."
Abstract
-
Cited by 5 (1 self)
- Add to MetaCart
(Show Context)
First-order logic models of security for cryptographic protocols, based on variants of the Dolev-Yao model, are now well-established tools. Given that we have checked a given security protocol π using a given first-order prover, how hard is it to extract a formally checkable proof of it, as required in, e.g., common criteria at the highest evaluation level (EAL7)? We demonstrate that this is surprisingly hard in the general case: the problem is non-recursive. Nonetheless, we show that we can instead extract finite models M from a set S of clauses representing π, automatically, and give two ways of doing so. We then define a model-checker testing M | = S, and show how we can instrument it to output a formally checkable proof, e.g., in Coq. Experience on a number of protocols shows that this is practical, and that even complex (secure) protocols modulo equational theories have small finite models, making our approach suitable.
Non-cyclic sorts for first-order satisfiability
"... Abstract. In this paper we investigate the finite satisfiability problem for firstorder logic. We show that the finite satisfiability problem can be represented as a sequence of satisfiability problems in a fragment of many-sorted logic, which we call the non-cyclic fragment. The non-cyclic fragment ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
(Show Context)
Abstract. In this paper we investigate the finite satisfiability problem for firstorder logic. We show that the finite satisfiability problem can be represented as a sequence of satisfiability problems in a fragment of many-sorted logic, which we call the non-cyclic fragment. The non-cyclic fragment can be seen as a generalisation of the effectively propositional fragment (EPR) in the many-sorted setting. We show that the non-cyclic fragment is decidable by instantiation-based methods and present a linear time algorithm for checking whether a given clause set is in this fragment. One of the distinctive features of our finite satisfiability translation is that it avoids unnecessary flattening of terms, which can be crucial for efficiency. We implemented our finite model finding translation in iProver and evaluated it over the TPTP library. Using our translation it was possible solve a large class of problems which could not be solved by other systems. 1
