leonardo de moura microsoft research. is formula f satisfiable modulo theory t ? smt solvers have...
TRANSCRIPT
![Page 1: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/1.jpg)
Satisfiability Modulo Theories (SMT): ideas and applicationsUniversità Degli Studi Di MilanoScuola di Dottorato in Informatica, 2010
Leonardo de MouraMicrosoft Research
![Page 2: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/2.jpg)
Satisfiability Modulo Theories (SMT)
Is formula F satisfiable modulo theory T ?
SMT solvers have specialized algorithms for
T
![Page 3: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/3.jpg)
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1)
![Page 4: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/4.jpg)
Satisfiability Modulo Theories (SMT)
Arithmetic
b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1)
![Page 5: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/5.jpg)
Satisfiability Modulo Theories (SMT)
ArithmeticArray Theory
b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1)
![Page 6: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/6.jpg)
Satisfiability Modulo Theories (SMT)
ArithmeticArray TheoryUninterpreted
Functions
b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1)
![Page 7: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/7.jpg)
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(read(write(a,b,3), c-2)) ≠ f(c-b+1)
Substituting c by b+2
![Page 8: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/8.jpg)
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(read(write(a,b,3), b+2-2)) ≠ f(b+2-b+1)
Simplifying
![Page 9: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/9.jpg)
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(read(write(a,b,3), b)) ≠ f(3)
![Page 10: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/10.jpg)
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(read(write(a,b,3), b)) ≠ f(3)
Applying array theory axiom forall a,i,v: read(write(a,i,v), i) = v
![Page 11: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/11.jpg)
Satisfiability Modulo Theories (SMT)
b + 2 = c and f(3) ≠ f(3)
Inconsistent
![Page 12: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/12.jpg)
SMT-Lib
Repository of Benchmarkshttp://www.smtlib.orgBenchmarks are divided in “logics”:
QF_UF: unquantified formulas built over a signature of uninterpreted sort, function and predicate symbols.QF_UFLIA: unquantified linear integer arithmetic with uninterpreted sort, function, and predicate symbols. AUFLIA: closed linear formulas over the theory of integer arrays with free sort, function and predicate symbols.
![Page 13: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/13.jpg)
Ground formulas
For most SMT solvers: F is a set of ground formulas
Many ApplicationsBounded Model Checking
Test-Case Generation
![Page 14: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/14.jpg)
Little Engines of Proof
An SMT Solver is a collection ofLittle Engines of Proof
![Page 15: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/15.jpg)
Little Engines of Proof
An SMT Solver is a collection ofLittle Engines of Proof
Examples:SAT SolverEquality solver
![Page 16: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/16.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e, a s
a b c d e s t
![Page 17: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/17.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e, a s
a b c d e s t
![Page 18: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/18.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e, a s
c d e s ta,b
![Page 19: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/19.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e, a s
c d e s ta,b
![Page 20: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/20.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e, a s
d e s ta,b,c
![Page 21: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/21.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e, a s
d e s ta,b,c
![Page 22: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/22.jpg)
d,e
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e, a s
s ta,b,c
![Page 23: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/23.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e, a s
s ta,b,c d,e
![Page 24: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/24.jpg)
a,b,c,s
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e, a s
td,e
![Page 25: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/25.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e, a s
td,ea,b,c,s
![Page 26: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/26.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e, a s
a,b,c,s d,e,t
![Page 27: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/27.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e, a s
a,b,c,s d,e,t
![Page 28: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/28.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e, a s
a,b,c,s d,e,t
Unsatisfiable
![Page 29: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/29.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e
a,b,c,s d,e,t
Model construction
![Page 30: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/30.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e
a,b,c,s d,e,t
Model construction|M| = {1 ,2} (universe, aka domain)
1 2
![Page 31: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/31.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e
a,b,c,s d,e,t
Model construction|M| = {1 ,2} (universe, aka domain)
M(a) = 1 (assignment)
1 2
![Page 32: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/32.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e
a,b,c,s d,e,t
Model construction|M| = {1 ,2} (universe, aka domain)
M(a) = 1 (assignment)
1 2
Alternative notation:aM = 1
![Page 33: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/33.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e
a,b,c,s d,e,t
Model construction|M| = {1 ,2} (universe, aka domain)
M(a) = M(b) = M(c) = M(s) = 1
M(d) = M(e) = M(t) = 2
1 2
![Page 34: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/34.jpg)
Deciding Equality
a = b, b = c, d = e, b = s, d = t, a e
a,b,c,s d,e,t
Model construction|M| = {1 ,2} (universe, aka domain)
M(a) = M(b) = M(c) = M(s) = 1
M(d) = M(e) = M(t) = 2
1 2
![Page 35: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/35.jpg)
Deciding Equality:Termination, Soundness, Completeness
Termination: easySoundness
Invariant: all constants in a “ball” are known to be equal.The “ball” merge operation is justified by:
Transitivity and Symmetry rules.Completeness
We can build a model if an inconsistency was not detected.Proof template (by contradiction):
Build a candidate model.Assume a literal was not satisfied.Find contradiction.
![Page 36: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/36.jpg)
Deciding Equality:Termination, Soundness, Completeness
CompletenessWe can build a model if an inconsistency was not detected.Instantiating the template for our procedure:
Assume some literal c = d is not satisfied by our model.That is, M(c) ≠ M(d).This is impossible, c and d must be in the same “ball”.
c,d,…i
M(c) = M(d) = i
![Page 37: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/37.jpg)
Deciding Equality:Termination, Soundness, Completeness
CompletenessWe can build a model if an inconsistency was not detected.Instantiating the template for our procedure:
Assume some literal c ≠ d is not satisfied by our model.That is, M(c) = M(d).Key property: we only check the disequalities after we processed all equalities.This is impossible, c and d must be in the different “balls”
c,…M(c) = i
M(d) = j
i
d,…j
![Page 38: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/38.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, f(a, g(d)) f(b, g(e))
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
![Page 39: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/39.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, f(a, g(d)) f(b, g(e))
First Step: “Naming” subterms
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
![Page 40: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/40.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, f(a, v1) f(b, g(e))v1 g(d)
First Step: “Naming” subterms
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
![Page 41: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/41.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, f(a, v1) f(b, g(e))v1 g(d)
First Step: “Naming” subterms
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
![Page 42: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/42.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, f(a, v1) f(b, v2)v1 g(d), v2 g(e)
First Step: “Naming” subterms
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
![Page 43: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/43.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, f(a, v1) f(b, v2)v1 g(d), v2 g(e)
First Step: “Naming” subterms
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
![Page 44: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/44.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, v3 f(b, v2)v1 g(d), v2 g(e), v3 f(a, v1)
First Step: “Naming” subterms
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
![Page 45: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/45.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, v3 f(b, v2)v1 g(d), v2 g(e), v3 f(a, v1)
First Step: “Naming” subterms
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
![Page 46: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/46.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, v3 v4
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
First Step: “Naming” subterms
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
![Page 47: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/47.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, v3 v4
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
a,b,c,s d,e,t v1 v2 v3 v4
![Page 48: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/48.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, v3 v4
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
d = e implies g(d) = g(e)
a,b,c,s d,e,t v1 v2 v3 v4
![Page 49: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/49.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, v3 v4
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
d = e implies v1 = v2
a,b,c,s d,e,t v1 v2 v3 v4
![Page 50: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/50.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, v3 v4
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
d = e implies v1 = v2
a,b,c,s d,e,t v1,v2 v3 v4
We say:v1 and v2 are congruent.
![Page 51: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/51.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, v3 v4
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
a = b, v1 = v2 implies f(a, v1) = f(b, v2)
a,b,c,s d,e,t v1,v2 v3 v4
![Page 52: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/52.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, v3 v4
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
a = b, v1 = v2 implies v3 = v4
a,b,c,s d,e,t v1,v2 v3 v4
![Page 53: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/53.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, v3 v4
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
a = b, v1 = v2 implies v3 = v4
a,b,c,s d,e,t v1,v2 v3,v4
![Page 54: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/54.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, v3 v4
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
a,b,c,s d,e,t v1,v2 v3,v4
Unsatisfiable
![Page 55: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/55.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, a v4, v2 v3
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
a,b,c,s d,e,t v1,v2 v3,v4
Changing the problem
![Page 56: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/56.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, a v4, v2 v3
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
a,b,c,s d,e,t v1,v2 v3,v4
![Page 57: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/57.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, a v4, v2 v3
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
Congruence Rule:x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
a,b,c,s d,e,t v1,v2 v3,v4
![Page 58: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/58.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, a v4, v2 v3
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
Model construction:|M| = {1 ,2 ,3 ,4}
M(a) = M(b) = M(c) = M(s) = 1
M(d) = M(e) = M(t) = 2
M(v1) = M(v2) = 3
M(v3) = M(v4) = 4
a,b,c,s d,e,t v1,v2 v3,v4
1 2 3 4
![Page 59: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/59.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, a v4, v2 v3
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
Model construction:|M| = {1 ,2 ,3 ,4}
M(a) = M(b) = M(c) = M(s) = 1
M(d) = M(e) = M(t) = 2
M(v1) = M(v2) = 3
M(v3) = M(v4) = 4
a,b,c,s d,e,t v1,v2 v3,v4
1 2 3 4
Missing:Interpretation for f and g.
![Page 60: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/60.jpg)
Deciding Equality + (uninterpreted) Functions
Building the interpretation for function symbols
M(g) is a mapping from |M| to |M|Defined as:
M(g)(i) = j if there is v g(a) s.t.M(a) = i
M(v) = j
= k, otherwise (k is an arbitrary element)Is M(g) well-defined?
![Page 61: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/61.jpg)
Deciding Equality + (uninterpreted) Functions
Building the interpretation for function symbols
M(g) is a mapping from |M| to |M|Defined as:
M(g)(i) = j if there is v g(a) s.t.M(a) = i
M(v) = j
= k, otherwise (k is an arbitrary element)Is M(g) well-defined?
Problem: we may have v g(a) and w g(b) s.t.M(a) = M(b) = 1 and M(v) = 2 ≠ 3 = M(w)So, is M(g)(1) = 2 or M(g)(1) = 3?
![Page 62: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/62.jpg)
Deciding Equality + (uninterpreted) Functions
Building the interpretation for function symbols
M(g) is a mapping from |M| to |M|Defined as:
M(g)(i) = j if there is v g(a) s.t.M(a) = i
M(v) = j
= k, otherwise (k is an arbitrary element)Is M(g) well-defined?
Problem: we may have v g(a) and w g(b) s.t.M(a) = M(b) = 1 and M(v) = 2 ≠ 3 = M(w)So, is M(g)(1) = 2 or M(g)(1) = 3?
This is impossible because of the congruence rule!a and b are in the same “ball”, then so are v and w
![Page 63: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/63.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, a v4, v2 v3
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)
Model construction:|M| = {1 ,2 ,3 ,4}
M(a) = M(b) = M(c) = M(s) = 1
M(d) = M(e) = M(t) = 2
M(v1) = M(v2) = 3
M(v3) = M(v4) = 4
a,b,c,s d,e,t v1,v2 v3,v4
1 2 3 4
![Page 64: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/64.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, a v4, v2 v3
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)Model construction:|M| = {1 ,2 ,3 ,4}
M(a) = M(b) = M(c) = M(s) = 1
M(d) = M(e) = M(t) = 2
M(v1) = M(v2) = 3
M(v3) = M(v4) = 4
M(g)(i) = j if there is v g(a) s.t.M(a) = i
M(v) = j
= k, otherwise
![Page 65: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/65.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, a v4, v2 v3
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)Model construction:|M| = {1 ,2 ,3 ,4}
M(a) = M(b) = M(c) = M(s) = 1
M(d) = M(e) = M(t) = 2
M(v1) = M(v2) = 3
M(v3) = M(v4) = 4
M(g) = {2 →3}
M(g)(i) = j if there is v g(a) s.t.M(a) = i
M(v) = j
= k, otherwise
![Page 66: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/66.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, a v4, v2 v3
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)Model construction:|M| = {1 ,2 ,3 ,4}
M(a) = M(b) = M(c) = M(s) = 1
M(d) = M(e) = M(t) = 2
M(v1) = M(v2) = 3
M(v3) = M(v4) = 4
M(g) = {2 →3}
M(g)(i) = j if there is v g(a) s.t.M(a) = i
M(v) = j
= k, otherwise
![Page 67: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/67.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, a v4, v2 v3
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)Model construction:|M| = {1 ,2 ,3 ,4}
M(a) = M(b) = M(c) = M(s) = 1
M(d) = M(e) = M(t) = 2
M(v1) = M(v2) = 3
M(v3) = M(v4) = 4
M(g) = {2 →3, else →1}
M(g)(i) = j if there is v g(a) s.t.M(a) = i
M(v) = j
= k, otherwise
![Page 68: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/68.jpg)
Deciding Equality + (uninterpreted) Functions
a = b, b = c, d = e, b = s, d = t, a v4, v2 v3
v1 g(d), v2 g(e), v3 f(a, v1) , v4 f(b, v2)Model construction:|M| = {1 ,2 ,3 ,4}
M(a) = M(b) = M(c) = M(s) = 1
M(d) = M(e) = M(t) = 2
M(v1) = M(v2) = 3
M(v3) = M(v4) = 4
M(g) = {2 →3, else →1}M(f) = { (1 ,3) →4, else →1}
M(g)(i) = j if there is v g(a) s.t.M(a) = i
M(v) = j
= k, otherwise
![Page 69: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/69.jpg)
Deciding Equality + (uninterpreted) Functions
It is possible to implement our procedure inO(n log n)
![Page 70: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/70.jpg)
Deciding Equality + (uninterpreted) Functions
d,e,t Sets (equivalence classes)
td,e = d,e,t Union
a sa,b,c,s Membership
![Page 71: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/71.jpg)
Sets (equivalence classes)
Deciding Equality + (uninterpreted) Functions
d,e,t
td,e = d,e,t Union
a sa,b,c,s Membership
Key observation:The sets are
disjoint!
![Page 72: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/72.jpg)
Deciding Equality + (uninterpreted) Functions
Union-Find data-structureEvery set (equivalence class) has a root element (representative).
a,b,c,s,r
a
b
c
s
r
root
We say: find(c) is b
![Page 73: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/73.jpg)
Deciding Equality + (uninterpreted) FunctionsUnion-Find data-structure
a,b,c
a
b
c
s
r
s,r
=
a
b
c
s
r
a,b,c,s,r
![Page 74: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/74.jpg)
Deciding Equality + (uninterpreted) FunctionsTracking the equivalence classes size is important!
a1 a2 a3 = a1 a2 a3
a1 a2 a3 a4 = a1 a2 a3 a4
…
a1 a2 a3 an =… an-1
a1 a2 a3 … an-1 an
![Page 75: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/75.jpg)
Deciding Equality + (uninterpreted) FunctionsTracking the equivalence classes size is important!
a1 a2 a3 = a1 a2 a3
a1 a2 a3 a4 = a1 a2 a3
a4…
a1
a2
a3
an=
…an-1 a1
a2
a3
…an-1
an
![Page 76: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/76.jpg)
Deciding Equality + (uninterpreted) FunctionsTracking the equivalence classes size is important!
a1 a2 a3 = a1 a2 a3
a1 a2 a3 a4 = a1 a2 a3
a4…
a1
a2
a3
an=
…an-1 a1
a2
a3
…an-1
an
We can do n merges in O(n log n)
Each constant has two fields: find and size.
![Page 77: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/77.jpg)
Deciding Equality + (uninterpreted) FunctionsImplementing the congruence rule.
Occurrences of a constant: we say a occurs in v iff v f(…,a,…)
When we “merge” two equivalence classes we can traverse these occurrences to find new congruences.
a
b
c
s
r
Occurrences(b) = { v1 g(b), v2 f(a) }Occurrences(s) = { v3 f(r) }
![Page 78: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/78.jpg)
Deciding Equality + (uninterpreted) FunctionsImplementing the congruence rule.
Occurrences of a constant: we say a occurs in v iff v f(…,a,…)
When we “merge” two equivalence classes we can traverse these occurrences to find new congruences.
a
b
c
s
r
occurrences(b) = { v1 g(b), v2 f(a) }occurrences(s) = { v3 f(r) }
Inefficient version:for each v in occurrences(b) for each w in occurrences(s) if v and w are congruent add (v,w) to todo queue
A queue of pairs that need to be merged.
![Page 79: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/79.jpg)
Deciding Equality + (uninterpreted) Functions
a
b
c
s
r
occurrences(b) = { v1 g(b), v2 f(a) }occurrences(s) = { v3 f(r) }
We also need to merge occurrences(b) with occurrences(s).This can be done in constant time:Use circular lists to represent the occurrences. (More later)
v1
v2
v3 =v1
v2
v3
![Page 80: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/80.jpg)
Deciding Equality + (uninterpreted) FunctionsAvoiding the nested loop:for each v in occurrences(b) for each w in occurrences(s) …
Avoiding the nested loop:Use a hash table to store the elements v1 f(a1, …, an).Each constant has an identifier (e.g., natural number).Compute hash code using the identifier of the (equivalence class) roots of the arguments.
hash(v1) = hash-tuple(id(f), id(root(a1)), …, id(root(an)))
![Page 81: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/81.jpg)
Deciding Equality + (uninterpreted) FunctionsAvoiding the nested loop:for each v in occurrences(b) for each w in occurrences(s) …
Avoiding the nested loop:Use a hash table to store the elements v1 f(a1, …, an).Each constant has an identifier (e.g., natural number).Compute hash code using the identifier of the (equivalence class) roots of the arguments.
hash(v1) = hash-tuple(id(f), id(root(a1)), …, id(root(an)))
hash-tuple can be the Jenkin’s hash function for strings.Just adding the ids produces a very bad hash-code!
![Page 82: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/82.jpg)
Deciding Equality + (uninterpreted) FunctionsEfficient implementation of the congruence rule.Merging the equivalences classes with roots: a1 and a2
Assume a2 is smaller than a1
Before merging the equivalence classes: a1 and a2
for each v in occurrences(a2) remove v from the hash table (its hashcode will change)
After merging the equivalence classes: a1 and a2
for each v in occurrences(a2)if there is w congruent to v in the hash-table
add (v,w) to todo queueelse add v to hash-table
![Page 83: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/83.jpg)
Deciding Equality + (uninterpreted) FunctionsEfficient implementation of the congruence rule.Merging the equivalences classes with roots: a1 and a2
Assume a2 is smaller than a1
Before merging the equivalence classes: a1 and a2
for each v in occurrences(a2) remove v from the hash table (its hashcode will change)
After merging the equivalence classes: a1 and a2
for each v in occurrences(a2)if there is w congruent to v in the hash-table
add (v,w) to todo queueelse add v to hash-table
add v to occurrences(a1)
Trick:Use dynamic arrays to represent the occurrences
![Page 84: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/84.jpg)
Deciding Equality + (uninterpreted) FunctionsThe efficient version is not optimal (in theory).Problem: we may have v = f(a1, …, an) with “huge” n.
Solution: currying Use only binary functions, and represent f(a1, a2,a3,a4) asf(a1, h(a2, h(a3, a4)))
This is not necessary in practice, since the n above is small.
![Page 85: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/85.jpg)
Deciding Equality + (uninterpreted) FunctionsEach constant has now three fields:find, size, and occurrences.
We also has use a hash-table for implementing the congruence rule.
We will need many more improvements!
![Page 86: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/86.jpg)
Case Analysis
Many verification/analysis problems require: case-analysis
x 0, y = x + 1, (y > 2 y < 1)
![Page 87: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/87.jpg)
Case Analysis
Many verification/analysis problems require: case-analysis
x 0, y = x + 1, (y > 2 y < 1)
Naïve Solution: Convert to DNF(x 0, y = x + 1, y > 2) (x 0, y = x + 1, y < 1)
![Page 88: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/88.jpg)
Case Analysis
Many verification/analysis problems require: case-analysis
x 0, y = x + 1, (y > 2 y < 1)
Naïve Solution: Convert to DNF(x 0, y = x + 1, y > 2) (x 0, y = x + 1, y < 1)
Too Inefficient!(exponential blowup)
![Page 89: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/89.jpg)
SAT
Theory
Solvers
SMT
SMT : Basic Architecture
Equality + UFArithmeticBit-vectors…
Case Analysis
![Page 90: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/90.jpg)
DPLL (abstract view)
M | F
Partial model Set of clauses
![Page 91: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/91.jpg)
DPLL (abstract view)
Guessing
p, q | p q, q r
p | p q, q r
![Page 92: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/92.jpg)
DPLL (abstract view)
Deducing
p, s| p q, p s
p | p q, p s
![Page 93: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/93.jpg)
DPLL (abstract view)
Backtracking
p, s| p q, s q, p q
p, s, q | p q, s q, p q
![Page 94: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/94.jpg)
Modern DPLL
Efficient indexing (two-watch literal)Non-chronological backtracking (backjumping)Lemma learning
![Page 95: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/95.jpg)
SAT + Theory solversBasic Idea
x 0, y = x + 1, (y > 2 y < 1)
p1, p2, (p3 p4)
Abstract (aka “naming” atoms)
p1 (x 0), p2 (y = x + 1), p3 (y > 2), p4 (y < 1)
![Page 96: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/96.jpg)
SAT + Theory solversBasic Idea
x 0, y = x + 1, (y > 2 y < 1)
p1, p2, (p3 p4)
Abstract (aka “naming” atoms)
p1 (x 0), p2 (y = x + 1), p3 (y > 2), p4 (y < 1)
SAT Solver
![Page 97: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/97.jpg)
SAT + Theory solversBasic Idea
x 0, y = x + 1, (y > 2 y < 1)
p1, p2, (p3 p4)
Abstract (aka “naming” atoms)
p1 (x 0), p2 (y = x + 1), p3 (y > 2), p4 (y < 1)
SAT Solver
Assignmentp1, p2, p3, p4
![Page 98: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/98.jpg)
SAT + Theory solversBasic Idea
x 0, y = x + 1, (y > 2 y < 1)
p1, p2, (p3 p4)
Abstract (aka “naming” atoms)
p1 (x 0), p2 (y = x + 1), p3 (y > 2), p4 (y < 1)
SAT Solver
Assignmentp1, p2, p3, p4
x 0, y = x + 1, (y > 2), y < 1
![Page 99: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/99.jpg)
SAT + Theory solversBasic Idea
x 0, y = x + 1, (y > 2 y < 1)
p1, p2, (p3 p4)
Abstract (aka “naming” atoms)
p1 (x 0), p2 (y = x + 1), p3 (y > 2), p4 (y < 1)
SAT Solver
Assignmentp1, p2, p3, p4
x 0, y = x + 1, (y > 2), y < 1
TheorySolver
Unsatisfiablex 0, y = x + 1, y < 1
![Page 100: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/100.jpg)
SAT + Theory solversBasic Idea
x 0, y = x + 1, (y > 2 y < 1)
p1, p2, (p3 p4)
Abstract (aka “naming” atoms)
p1 (x 0), p2 (y = x + 1), p3 (y > 2), p4 (y < 1)
SAT Solver
Assignmentp1, p2, p3, p4
x 0, y = x + 1, (y > 2), y < 1
TheorySolver
Unsatisfiablex 0, y = x + 1, y < 1
New Lemmap1p2p4
![Page 101: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/101.jpg)
SAT + Theory solvers
TheorySolver
Unsatisfiablex 0, y = x + 1, y < 1
New Lemmap1p2p4
AKATheory conflict
![Page 102: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/102.jpg)
SAT + Theory solvers: Main loop
procedure SmtSolver(F)(Fp, M) := Abstract(F)loop
(R, A) := SAT_solver(Fp)if R = UNSAT then return
UNSATS := Concretize(A, M)(R, S’) := Theory_solver(S)if R = SAT then return SATL := New_Lemma(S’, M)Add L to Fp
![Page 103: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/103.jpg)
SAT + Theory solversBasic Idea
F: x 0, y = x + 1, (y > 2 y < 1)
Fp : p1, p2, (p3 p4)
Abstract (aka “naming” atoms)
M: p1 (x 0), p2 (y = x + 1), p3 (y > 2), p4 (y < 1)
SAT Solver
A: Assignmentp1, p2, p3, p4
S: x 0, y = x + 1, (y > 2), y < 1
TheorySolver
S’: Unsatisfiablex 0, y = x + 1, y < 1
L: New Lemmap1p2p4
![Page 104: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/104.jpg)
SAT + Theory solversF: x 0, y = x + 1, (y > 2 y < 1)
Fp : p1, p2, (p3 p4)
Abstract (aka “naming” atoms)
M: p1 (x 0), p2 (y = x + 1), p3 (y > 2), p4 (y < 1)
SAT Solver
A: Assignmentp1, p2, p3, p4
S: x 0, y = x + 1, (y > 2), y < 1
TheorySolver
S’: Unsatisfiablex 0, y = x + 1, y < 1
L: New Lemmap1p2p4
procedure SMT_Solver(F)(Fp, M) := Abstract(F)loop
(R, A) := SAT_solver(Fp)if R = UNSAT then return
UNSATS = Concretize(A, M)(R, S’) := Theory_solver(S)if R = SAT then return SATL := New_Lemma(S, M)Add L to Fp
“Lazy translation” to
DNF
![Page 105: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/105.jpg)
SAT + Theory solvers
State-of-the-art SMT solvers implement many improvements.
![Page 106: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/106.jpg)
SAT + Theory solvers
IncrementalitySend the literals to the Theory solver as they are
assigned by the SAT solver
p1, p2, p4 | p1, p2, (p3 p4), (p5 p4)
p1 (x 0), p2 (y = x + 1), p3 (y > 2), p4 (y < 1), p5 (x < 2),
Partial assignment is already Theory inconsistent.
![Page 107: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/107.jpg)
SAT + Theory solvers
Efficient BacktrackingWe don’t want to restart from scratch after each
backtracking operation.
![Page 108: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/108.jpg)
SAT + Theory solvers
Efficient Lemma Generation (computing a small S’)Avoid lemmas containing redundant literals.
p1, p2, p3, p4 | p1, p2, (p3 p4), (p5 p4)
p1 (x 0), p2 (y = x + 1), p3 (y > 2), p4 (y < 1), p5 (x < 2),
p1p2 p3 p4 Imprecise Lemma
![Page 109: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/109.jpg)
SAT + Theory solvers
Theory PropagationIt is the SMT equivalent of unit propagation.
p1, p2 | p1, p2, (p3 p4), (p5 p4)
p1 (x 0), p2 (y = x + 1), p3 (y > 2), p4 (y < 1), p5 (x < 2),
p1, p2 imply p4 by theory propagation
p1, p2 , p4 | p1, p2, (p3 p4), (p5 p4)
![Page 110: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/110.jpg)
SAT + Theory solvers
Theory PropagationIt is the SMT equivalent of unit propagation.
p1, p2 | p1, p2, (p3 p4), (p5 p4)
p1 (x 0), p2 (y = x + 1), p3 (y > 2), p4 (y < 1), p5 (x < 2),
p1, p2 imply p4 by theory propagation
p1, p2 , p4 | p1, p2, (p3 p4), (p5 p4)
Tradeoff between precision performance.
![Page 111: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/111.jpg)
Core
An Architecture: the core
SAT Solver
EqualityUninterpreted
Functions
Arithmetic Bit-Vectors Scalar Values
![Page 112: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/112.jpg)
Core
An Architecture: the core
SAT Solver
EqualityUninterpreted
Functions
Arithmetic Bit-Vectors Scalar Values
Case Analysis
![Page 113: Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T](https://reader038.vdocuments.site/reader038/viewer/2022110405/56649edc5503460f94becca8/html5/thumbnails/113.jpg)
Core
An Architecture: the core
SAT Solver
EqualityUninterpreted
Functions
Arithmetic Bit-Vectors Scalar Values
Blackboard:equalities, disequalities,predicates