Applications and Challenges in Satisfiability Modulo Theories

10.29007/cl74 ◽  
2018 ◽  
Author(s):  
Leonardo De Moura ◽  
Nikolaj Bjorner
Keyword(s):  
Constraint Satisfaction ◽  
Constraint Satisfaction Problem ◽  
Satisfiability Modulo Theories ◽  
Smt Solver ◽  
Invariant Generation ◽  
Software Analysis ◽  
The Core ◽  
Precise Analysis ◽  
System States ◽  
Automatic Theorem

The area of software analysis, testing and verification is now undergoing a revolution thanks to the use of automated and scalable support for logical methods. A well-recognized premise is that at the core of software analysis engines is invariably a component using logical formulas for describing states and transformations between system states. One can thus say that symbolic logic is the calculus of computation. The process of using this information for discovering and checking program properties (including such important properties as safety and security) amounts to automatic theorem proving. In particular, theorem provers that directly support common software constructs offer a compelling basis. Such provers are commonly called satisfiability modulo theories (SMT) solvers.Z3 is the leading SMT solver. It is developed by the authors at Microsoft Research. It can be used to check the satisfiability of logical formulas over one or more theories such as arithmetic, bit-vectors, lists, records and arrays.This paper examines three applications of Z3 in the context of invariant generation.The first lets Z3 infer invariants as a constraint satisfaction problem, the second applicationillustrates the use of Z3 for bit-precise analysis and our third application exemplifiesusing Z3 for calculations.

Leveraging Control Flow Knowledge in SMT Solving of Program Verification

2021 ◽  
Vol 30 (4) ◽  
pp. 1-26
Author(s):  
Jianhui Chen ◽  
Fei He
Keyword(s):  
Program Verification ◽  
Search Space ◽  
General Purpose ◽  
Control Flow ◽  
Satisfiability Modulo Theories ◽  
Useful Knowledge ◽  
Smt Solver ◽  
Software Analysis ◽  
Smt Solving ◽  
Novel Approach

Satisfiability modulo theories (SMT) solvers have been widely applied as the reasoning engine for diverse software analysis and verification technologies. The efficiency of the SMT solver has significant effects on the performance of these technologies. However, current SMT solvers are designed for the general purpose of constraint solving. Lots of useful knowledge of programs cannot be utilized during SMT solving. As a result, the SMT solver may spend much effort to explore redundant search space. In this article, we propose a novel approach to utilizing control-flow knowledge in SMT solving. With this technique, the search space can be considerably reduced, and the efficiency of SMT solving is observably improved. We conducted extensive experiments on credible benchmarks. The results show significant improvements of our approach.

scholarly journals Computing Small Unsatisfiable Cores in Satisfiability Modulo Theories

2011 ◽  
Vol 40 ◽  
pp. 701-728 ◽  
Author(s):  
A. Cimatti ◽  
A. Griggio ◽  
R. Sebastiani
Keyword(s):  
Empirical Test ◽  
Main Idea ◽  
Satisfiability Modulo Theories ◽  
Smt Solver ◽  
The Core ◽  
Reduction Techniques ◽  
Novel Approach ◽  
Suitable Amount ◽  
Core Reduction ◽  
Unsatisfiable Core

The problem of finding small unsatisfiable cores for SAT formulas has recently received a lot of interest, mostly for its applications in formal verification. However, propositional logic is often not expressive enough for representing many interesting verification problems, which can be more naturally addressed in the framework of Satisfiability Modulo Theories, SMT. Surprisingly, the problem of finding unsatisfiable cores in SMT has received very little attention in the literature. In this paper we present a novel approach to this problem, called the Lemma-Lifting approach. The main idea is to combine an SMT solver with an external propositional core extractor. The SMT solver produces the theory lemmas found during the search, dynamically lifting the suitable amount of theory information to the Boolean level. The core extractor is then called on the Boolean abstraction of the original SMT problem and of the theory lemmas. This results in an unsatisfiable core for the original SMT problem, once the remaining theory lemmas are removed. The approach is conceptually interesting, and has several advantages in practice. In fact, it is extremely simple to implement and to update, and it can be interfaced with every propositional core extractor in a plug-and-play manner, so as to benefit for free of all unsat-core reduction techniques which have been or will be made available. We have evaluated our algorithm with a very extensive empirical test on SMT-LIB benchmarks, which confirms the validity and potential of this approach.

Engineering Theories with Z3

10.29007/x7b4 ◽  
2018 ◽  
Author(s):  
Nikolaj Bjorner
Keyword(s):  
Satisfiability Modulo Theories ◽  
Smt Solver ◽  
Testing Tools ◽  
Software And Hardware ◽  
Design And Testing

Modern Satisfiability Modulo Theories (SMT)solvers are fundamental to many programanalysis, verification, design and testing tools. They are a goodfit for the domain of software and hardware engineering becausethey support many domains that are commonly used by the tools.The meaning of domains are captured by theories that can beaxiomatized or supported by efficient <i>theory solvers</i>.Nevertheless, not all domains are handled by all solvers andmany domains and theories will never be native to any solver.We here explore different theories that extend MicrosoftResearch's SMT solver Z3's basicsupport. Some can be directly encoded or axiomatized,others make use of user theory plug-ins.Plug-ins are a powerful way for tools to supply their custom domains.

scholarly journals Permutation groups with small orbit growth

2021 ◽  
Vol 0 (0) ◽  
Author(s):  
Manuel Bodirsky ◽  
Bertalan Bodor
Keyword(s):  
Automorphism Group ◽  
Constraint Satisfaction ◽  
Constraint Satisfaction Problem ◽  
Permutation Groups ◽  
First Order ◽  
Finite Covers

Abstract Let K exp + \mathcal{K}_{{\operatorname{exp}}{+}} be the class of all structures 𝔄 such that the automorphism group of 𝔄 has at most c ⁢ n d ⁢ n cn^{dn} orbits in its componentwise action on the set of 𝑛-tuples with pairwise distinct entries, for some constants c , d c,d with d < 1 d<1 . We show that K exp + \mathcal{K}_{{\operatorname{exp}}{+}} is precisely the class of finite covers of first-order reducts of unary structures, and also that K exp + \mathcal{K}_{{\operatorname{exp}}{+}} is precisely the class of first-order reducts of finite covers of unary structures. It follows that the class of first-order reducts of finite covers of unary structures is closed under taking model companions and model-complete cores, which is an important property when studying the constraint satisfaction problem for structures from K exp + \mathcal{K}_{{\operatorname{exp}}{+}} . We also show that Thomas’ conjecture holds for K exp + \mathcal{K}_{{\operatorname{exp}}{+}} : all structures in K exp + \mathcal{K}_{{\operatorname{exp}}{+}} have finitely many first-order reducts up to first-order interdefinability.

Sign in / Sign up

Export Citation Format

Share Document