84 research outputs found
A Survey of Satisfiability Modulo Theory
Satisfiability modulo theory (SMT) consists in testing the satisfiability of
first-order formulas over linear integer or real arithmetic, or other theories.
In this survey, we explain the combination of propositional satisfiability and
decision procedures for conjunctions known as DPLL(T), and the alternative
"natural domain" approaches. We also cover quantifiers, Craig interpolants,
polynomial arithmetic, and how SMT solvers are used in automated software
analysis.Comment: Computer Algebra in Scientific Computing, Sep 2016, Bucharest,
Romania. 201
Theory Combination: Beyond Equality Sharing
International audienceSatisfiability is the problem of deciding whether a formula has a model. Although it is not even semidecidable in first-order logic, it is decidable in some first-order theories or fragments thereof (e.g., the quantifier-free fragment). Satisfiability modulo a theory is the problem of determining whether a quantifier-free formula admits a model that is a model of a given theory. If the formula mixes theories, the considered theory is their union, and combination of theories is the problem of combining decision procedures for the individual theories to get one for their union. A standard solution is the equality-sharing method by Nelson and Oppen, which requires the theories to be disjoint and stably infinite. This paper surveys selected approaches to the problem of reasoning in the union of disjoint theories, that aim at going beyond equality sharing, including: asymmetric extensions of equality sharing, where some theories are unrestricted, while others must satisfy stronger requirements than stable infiniteness; superposition-based decision procedures; and current work on conflict-driven satisfiability (CDSAT)
A Dual-Engine for Early Analysis of Critical Systems
This paper presents a framework for modeling, simulating, and checking
properties of critical systems based on the Alloy language -- a declarative,
first-order, relational logic with a built-in transitive closure operator. The
paper introduces a new dual-analysis engine that is capable of providing both
counterexamples and proofs. Counterexamples are found fully automatically using
an SMT solver, which provides a better support for numerical expressions than
the existing Alloy Analyzer. Proofs, however, cannot always be found
automatically since the Alloy language is undecidable. Our engine offers an
economical approach by first trying to prove properties using a
fully-automatic, SMT-based analysis, and switches to an interactive theorem
prover only if the first attempt fails. This paper also reports on applying our
framework to Microsoft's COM standard and the mark-and-sweep garbage collection
algorithm.Comment: Workshop on Dependable Software for Critical Infrastructures (DSCI),
Berlin 201
Building Better Bit-Blasting for Floating-Point Problems
An effective approach to handling the theory of floating-point is to reduce it to the theory of bit-vectors. Implementing the required encodings is complex, error prone and requires a deep understanding of floating-point hardware. This paper presents SymFPU, a library of encodings that can be included in solvers. It also includes a verification argument for its correctness, and experimental results showing that its use in CVC4 out-performs all previous tools. As well as a significantly improved performance and correctness, it is hoped this will give a simple route to add support for the theory of floating-point
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Invariant Generation through Strategy Iteration in Succinctly Represented Control Flow Graphs
We consider the problem of computing numerical invariants of programs, for
instance bounds on the values of numerical program variables. More
specifically, we study the problem of performing static analysis by abstract
interpretation using template linear constraint domains. Such invariants can be
obtained by Kleene iterations that are, in order to guarantee termination,
accelerated by widening operators. In many cases, however, applying this form
of extrapolation leads to invariants that are weaker than the strongest
inductive invariant that can be expressed within the abstract domain in use.
Another well-known source of imprecision of traditional abstract interpretation
techniques stems from their use of join operators at merge nodes in the control
flow graph. The mentioned weaknesses may prevent these methods from proving
safety properties. The technique we develop in this article addresses both of
these issues: contrary to Kleene iterations accelerated by widening operators,
it is guaranteed to yield the strongest inductive invariant that can be
expressed within the template linear constraint domain in use. It also eschews
join operators by distinguishing all paths of loop-free code segments. Formally
speaking, our technique computes the least fixpoint within a given template
linear constraint domain of a transition relation that is succinctly expressed
as an existentially quantified linear real arithmetic formula. In contrast to
previously published techniques that rely on quantifier elimination, our
algorithm is proved to have optimal complexity: we prove that the decision
problem associated with our fixpoint problem is in the second level of the
polynomial-time hierarchy.Comment: 35 pages, conference version published at ESOP 2011, this version is
a CoRR version of our submission to Logical Methods in Computer Scienc
Conflict-Driven Conditional Termination
International audienceConflict-driven learning, which is essential to the performance of SAT and SMT solvers, consists of a procedure that searches for a model of a formula, and refutation procedure for proving that no model exists. This paper shows that conflict-driven learning can improve the precision of a termination analysis based on abstract interpretation. We encode non-termination as satisfiability in a monadic second-order logic and use abstract interpreters to reason about the satisfiability of this formula. Our search procedure combines decisions with reachability analysis to find potentially non-terminating executions and our refutation procedure uses a conditional termination analysis. Our implementation extends the set of conditional termination arguments discovered by an existing termination analyzer
A Unifying Splitting Framework
International audienceAVATAR is an elegant and effective way to split clauses in a saturation prover using a SAT solver. But is it refutationally complete? And how does it relate to other splitting architectures? To answer these questions, we present a unifying framework that extends a saturation calculus (e.g., superposition) with splitting and embeds the result in a prover guided by a SAT solver. The framework also allows us to study locking, a subsumption-like mechanism based on the current propositional model. Various architectures are instances of the framework, including AVATAR, labeled splitting, and SMT with quantifiers
Abstract Interpretation as Automated Deduction
International audienceAlgorithmic deduction and abstract interpretation are two widely used and successful approaches to implementing program veri-fiers. A major impediment to combining these approaches is that their mathematical foundations and implementation approaches are fundamentally different. This paper presents a new, logical perspective on abstract interpreters that perform reachability analysis using non-relational domains. We encode reachability of a location in a control-flow graph as satisfiability in a monadic, second-order logic parameterized by a first-order theory. We show that three components of an abstract interpreter, the lattice, transformers and iteration algorithm, represent a first-order, substructural theory, parametric deduction and abduction in that theory, and second-order constraint propagation
Understanding the Relative Strength of QBF CDCL Solvers and QBF Resolution
QBF solvers implementing the QCDCL paradigm are powerful algorithms that
successfully tackle many computationally complex applications. However, our
theoretical understanding of the strength and limitations of these QCDCL
solvers is very limited.
In this paper we suggest to formally model QCDCL solvers as proof systems. We
define different policies that can be used for decision heuristics and unit
propagation and give rise to a number of sound and complete QBF proof systems
(and hence new QCDCL algorithms). With respect to the standard policies used in
practical QCDCL solving, we show that the corresponding QCDCL proof system is
incomparable (via exponential separations) to Q-resolution, the classical QBF
resolution system used in the literature. This is in stark contrast to the
propositional setting where CDCL and resolution are known to be p-equivalent.
This raises the question what formulas are hard for standard QCDCL, since
Q-resolution lower bounds do not necessarily apply to QCDCL as we show here. In
answer to this question we prove several lower bounds for QCDCL, including
exponential lower bounds for a large class of random QBFs.
We also introduce a strengthening of the decision heuristic used in classical
QCDCL, which does not necessarily decide variables in order of the prefix, but
still allows to learn asserting clauses. We show that with this decision
policy, QCDCL can be exponentially faster on some formulas.
We further exhibit a QCDCL proof system that is p-equivalent to Q-resolution.
In comparison to classical QCDCL, this new QCDCL version adapts both decision
and unit propagation policies
- …