![Page 1: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/1.jpg)
Trends and Challenges in
Satisfiability Modulo Theories
Cesare Tinelli
The University of Iowa
DISPROVING-VERIFY’07 – p.1/38
![Page 2: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/2.jpg)
Intro: Validity Modulo Theories
In a number of CS applications one is interested in
determining the validity of a first-order sencence wrt abackground theory, a distinguished set T of first-ordermodels
A formula ϕ is T -valid if it is satisfied by every model of T
Examplex+ y > 0 ∧ y < 0 → x > 0
is T -valid if T is the set of all expansion of Z to the freeconstants x, y, z
DISPROVING-VERIFY’07 – p.2/38
![Page 3: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/3.jpg)
Validity Modulo Theories in a Nutshell
Distinguishing FeatureT -validity may be determined more efficiently usingspecialized methods on T as opposed to general-purposefirst-order reasoning
DISPROVING-VERIFY’07 – p.3/38
![Page 4: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/4.jpg)
Validity Modulo Theories in a Nutshell
Distinguishing FeatureT -validity may be determined more efficiently usingspecialized methods on T as opposed to general-purposefirst-order reasoning
Main IssueTension between the scope of background theories and theefficiency of their validity checkers
DISPROVING-VERIFY’07 – p.3/38
![Page 5: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/5.jpg)
Validity Modulo Theories in a Nutshell
Distinguishing FeatureT -validity may be determined more efficiently usingspecialized methods on T as opposed to general-purposefirst-order reasoning
Main IssueTension between the scope of background theories and theefficiency of their validity checkers
A lot of theoretical and practical work in
1. identifying fragments of theories with efficient checkers
2. enlarging theories and/or their fragments by using severalspecialized checkers in cooperation
DISPROVING-VERIFY’07 – p.3/38
![Page 6: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/6.jpg)
Theory fragments with efficient checkers
Examples
Universal fragment of theory of equality (over somesignature Σ)
Universal, linear fragment of theory of R
Universal, difference constraints fragment of theory of N
Universal fragment of theory of arrays with extensionality
Universal fragment of theories of inductive data types
DISPROVING-VERIFY’07 – p.4/38
![Page 7: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/7.jpg)
Why Satisfiability Modulo Theories?
Validity Modulo Theories’ dual problem
More popular setting because most validity checkers arerefutation-based(and so are actually unsatisfiability checkers)
Terminology originated with SMT-LIB initiative in 2003
SMT acronym caught on and is now widely used
DISPROVING-VERIFY’07 – p.5/38
![Page 8: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/8.jpg)
Goals of This Talk
Give an overview of SMT and its applications
Present main approaches and issues
Discuss some long-standing challenges
Highlight some new challenges for the field
DISPROVING-VERIFY’07 – p.6/38
![Page 9: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/9.jpg)
Applications of SMT
DISPROVING-VERIFY’07 – p.7/38
![Page 10: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/10.jpg)
Applications of SMT
Type checking
statically verifying the well-typedness of programs
Model checking of reactive (in)finite state systems
verifying safety properties
abstraction/refinement
Model-based test-case generation
generating better test sets
Specification checking
checking the consistency of formal specifications
DISPROVING-VERIFY’07 – p.7/38
![Page 11: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/11.jpg)
Applications of SMT
Extended static checking/static analysis
verifying the absence of certain run-time errors
Optimizing/certifying compilers
verifying correctness of optimizations
verifying PCC
Full functional verificationsupporting proofs of inductive invariants
supporting interactive proofs
DISPROVING-VERIFY’07 – p.8/38
![Page 12: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/12.jpg)
Main SMT Approaches
DISPROVING-VERIFY’07 – p.9/38
![Page 13: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/13.jpg)
Main SMT Approaches
Small engines approaches
Eager encodings to propositional logicTypically relying on fast SAT solvers
Lazy encodings to propositional logicTypically relying on DPLL solvers + theory solvers(decision procedures)
Hybrid encodings, i.e., eager encodings to otherdecidable logics:
QF fragment of bit vectors
QF fragment of linear arithmetic with free symbols
DISPROVING-VERIFY’07 – p.9/38
![Page 14: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/14.jpg)
Main SMT Approaches
Big engines approaches
Eager, specialized encodings to FOL=
Relying on superposition engine + proper reductionorderings
DISPROVING-VERIFY’07 – p.10/38
![Page 15: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/15.jpg)
Claim of the Day
All these approaches can be seen as different instancesof a common logical abstraction/refinement framework
DISPROVING-VERIFY’07 – p.11/38
![Page 16: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/16.jpg)
Claim of the Day
All these approaches can be seen as different instancesof a common logical abstraction/refinement framework
Let’s see that
DISPROVING-VERIFY’07 – p.11/38
![Page 17: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/17.jpg)
Claim of the Day
All these approaches can be seen as different instancesof a common logical abstraction/refinement framework
Let’s see that
DiclaimerThe following formal presentation of the framework issomewhat wishy-washy
A proper treatment can be given, using, e.g., the theory ofinstitutions or similar theoretical tools
DISPROVING-VERIFY’07 – p.11/38
![Page 18: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/18.jpg)
A Few Technicalities: Logics in Abstract
A logic L is tuple (LanL,ModL, |=L,Ref L) where
LanL is a set of formulas
ModL is a set of models
|=L is a satisfiability relation ⊆ ModL × LanL
Ref L is a refutation system
DISPROVING-VERIFY’07 – p.12/38
![Page 19: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/19.jpg)
A Few Technicalities: Logics in Abstract
A logic L is tuple (LanL,ModL, |=L,Ref L) where
LanL is a set of formulas
ModL is a set of models
|=L is a satisfiability relation ⊆ ModL × LanL
Ref L is a refutation system
A formula ϕ is L-(un)satisfiable if there is some (no)A ∈ ModL s.t. A |=L ϕ
DISPROVING-VERIFY’07 – p.12/38
![Page 20: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/20.jpg)
A Few Technicalities: Logics in Abstract
A logic L is tuple (LanL,ModL, |=L,Ref L) where
LanL is a set of formulas
ModL is a set of models
|=L is a satisfiability relation ⊆ ModL × LanL
Ref L is a refutation system
Typically,
LanL is closed under negation (¬) and conjunction (∧)
Ref L is a (semi)-decision procedure for L-unsatisfiabilitywe write ϕ ⊢L ⊥ if Ref L returns “unsatisfiable” for ϕ
DISPROVING-VERIFY’07 – p.12/38
![Page 21: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/21.jpg)
A Few Technicalities: Logics in Abstract
A logic L is tuple (LanL,ModL, |=L,Ref L) where
LanL is a set of formulas
ModL is a set of models
|=L is a satisfiability relation ⊆ ModL × LanL
Ref L is a refutation system
SMT works with logics where
LanL is a fragment of FOL
ModL is the set of models of some FOL theory T
|=L is often decidable, and by efficient methodsDISPROVING-VERIFY’07 – p.12/38
![Page 22: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/22.jpg)
Efficiency Abstractions
For efficiency, SMT methods universally resort to
some reduction of L-satisfiability to satisfiability in one ormore simpler, and more efficient, logics
The reduction is achieved by a (possibly incremental)abstraction/refinement process
DISPROVING-VERIFY’07 – p.13/38
![Page 23: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/23.jpg)
Logic Abstractions
A logic L̂ effectively abstracts a logic L if there arecomputable mappings
(_)a : LanL → LanL̂
(_)a : ModL → ModL̂
(_)c : LanL̂→ LanL
s.t.
1. (ϕa)c is equisatisfiable with ϕ in L
2. (_)a : ModL → ModL̂
is surjective
3. if A |=L ϕ then Aa |=L̂ϕa
DISPROVING-VERIFY’07 – p.14/38
![Page 24: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/24.jpg)
L-satisfiability by Abstraction Refinement
Proposition ϕa ⊢L̂⊥ ⇒ ϕa is L̂-unsat ⇒ ϕ is L-unsat
So, if we abstract ϕ and L̂’s inference systems finds ϕa
unsatisfiable, we are done
DISPROVING-VERIFY’07 – p.15/38
![Page 25: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/25.jpg)
L-satisfiability by Abstraction Refinement
Proposition ϕa ⊢L̂⊥ ⇒ ϕa is L̂-unsat ⇒ ϕ is L-unsat
So, if we abstract ϕ and L̂’s inference systems finds ϕa
unsatisfiable, we are done
If A |=L̂ϕa for some A, ϕ may still be L-unsatisfiable
DISPROVING-VERIFY’07 – p.15/38
![Page 26: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/26.jpg)
L-satisfiability by Abstraction Refinement
Proposition ϕa ⊢L̂⊥ ⇒ ϕa is L̂-unsat ⇒ ϕ is L-unsat
So, if we abstract ϕ and L̂’s inference systems finds ϕa
unsatisfiable, we are done
If A |=L̂ϕa for some A, ϕ may still be L-unsatisfiable
In that case, we
DISPROVING-VERIFY’07 – p.15/38
![Page 27: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/27.jpg)
L-satisfiability by Abstraction Refinement
Proposition ϕa ⊢L̂⊥ ⇒ ϕa is L̂-unsat ⇒ ϕ is L-unsat
So, if we abstract ϕ and L̂’s inference systems finds ϕa
unsatisfiable, we are done
If A |=L̂ϕa for some A, ϕ may still be L-unsatisfiable
In that case, we
1. compute some ψ such that ϕ |=L ψ but A 6|=L̂ψa
DISPROVING-VERIFY’07 – p.15/38
![Page 28: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/28.jpg)
L-satisfiability by Abstraction Refinement
Proposition ϕa ⊢L̂⊥ ⇒ ϕa is L̂-unsat ⇒ ϕ is L-unsat
So, if we abstract ϕ and L̂’s inference systems finds ϕa
unsatisfiable, we are done
If A |=L̂ϕa for some A, ϕ may still be L-unsatisfiable
In that case, we
1. compute some ψ such that ϕ |=L ψ but A 6|=L̂ψa
2. check the L̂-satisfiability of ϕa ∧ ψa
DISPROVING-VERIFY’07 – p.15/38
![Page 29: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/29.jpg)
L-satisfiability by Abstraction Refinement
Proposition ϕa ⊢L̂⊥ ⇒ ϕa is L̂-unsat ⇒ ϕ is L-unsat
So, if we abstract ϕ and L̂’s inference systems finds ϕa
unsatisfiable, we are done
If A |=L̂ϕa for some A, ϕ may still be L-unsatisfiable
In that case, we
1. compute some ψ such that ϕ |=L ψ but A 6|=L̂ψa
2. check the L̂-satisfiability of ϕa ∧ ψa
Key to efficiency is how and when to compute and addthe refinement formula ψ
DISPROVING-VERIFY’07 – p.15/38
![Page 30: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/30.jpg)
Why we abstract
Typically,
we have an efficient, sound and complete RefL̂
and
we also have an efficient, sound but incomplete Ref L
Ref L is complete for a subset of LanL
DISPROVING-VERIFY’07 – p.16/38
![Page 31: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/31.jpg)
Why we abstract
Typically,
we have an efficient, sound and complete RefL̂
and
we also have an efficient, sound but incomplete Ref L
Ref L is complete for a subset of LanL
A good abstraction and a proper refinement strategy can yieldan efficient and complete refutation system for L thorough thecooperation of Ref
L̂and Ref L
DISPROVING-VERIFY’07 – p.16/38
![Page 32: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/32.jpg)
Why we abstract
Typically,
we have an efficient, sound and complete RefL̂
and
we also have an efficient, sound but incomplete Ref L
Ref L is complete for a subset of LanL
Even when completeness is out of reach,abstraction/refinement is still useful to improve accuracy, i.e.,a higher number of correctly classified unsat queries
DISPROVING-VERIFY’07 – p.16/38
![Page 33: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/33.jpg)
Prototypical Refutation System Ref L̂
Expansion RulesΓ, ∆
Γ, ∆, ∆′(*)
Splitting RulesΓ, ∆
Γ, ∆, ∆1 | · · · | Γ, ∆, ∆n
(*), n ≥ 2
Contraction RulesΓ, ∆
Γ(*)
Closing RulesΓ, ∆
⊥(*)
(*) some condition on ∆
Γ,∆(i) sets of L̂-formulas
DISPROVING-VERIFY’07 – p.17/38
![Page 34: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/34.jpg)
Ref L̂ with L Refinement
Expansion RulesΓ, ∆
Γ, ∆, ∆′(*)
Splitting RulesΓ, ∆
Γ, ∆, ∆1 | · · · | Γ, ∆, ∆n
(*), n ≥ 2
Contraction RulesΓ, ∆
Γ(*)
Closing RulesΓ, ∆
⊥(*)
Refinement RulesΓ, ∆
Γ, ∆, ϕa
if (*), ∆c |=L ϕ
(*) some condition on ∆
DISPROVING-VERIFY’07 – p.18/38
![Page 35: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/35.jpg)
Example: Eager Reduction to SAT
L = Integer Difference LogicLanL = Boolean combinations of x− y < ±n atomsModL = expansions of Z to free constants
L̂ = propositional logicLan
L̂= CNF formulas
ModL̂
= propositional modelsRef
L̂= any SAT solver
DISPROVING-VERIFY’07 – p.19/38
![Page 36: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/36.jpg)
Example: Eager Reduction to SAT
L = Integer Difference LogicLanL = Boolean combinations of x− y < ±n atomsModL = expansions of Z to free constants
L̂ = propositional logicLan
L̂= CNF formulas
ModL̂
= propositional modelsRef
L̂= any SAT solver
Abstraction:ϕa is a Boolean abstraction of ϕ’s CNF
Refinement:Selected ground instances of IDL axioms over constants in ϕ(more or less . . . )
DISPROVING-VERIFY’07 – p.19/38
![Page 37: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/37.jpg)
Example: Eager Reduction to SAT
L = Integer Difference LogicLanL = Boolean combinations of x− y < ±n atomsModL = expansions of Z to free constants
L̂ = propositional logicLan
L̂= CNF formulas
ModL̂
= propositional modelsRef
L̂= any SAT solver
Proof strategy:
1. Start with Γ = {ϕa}
2. Apply refinement rules so that Γc becomes equisat with ϕ
3. Apply other rules to Γ (i.e., give Γ to SAT solver)DISPROVING-VERIFY’07 – p.19/38
![Page 38: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/38.jpg)
Example: Eager Reduction to FOL =
L = Arrays with extensionalityLanL = Boolean combinations of read/write atomsModL = expansions of array models to free constants
L̂ = FOL with equalityLan
L̂= FOL clauses
ModL̂
= models of FOL with equalityRef
L̂= any superposition-based prover
DISPROVING-VERIFY’07 – p.20/38
![Page 39: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/39.jpg)
Example: Eager Reduction to FOL =
L = Arrays with extensionalityLanL = Boolean combinations of read/write atomsModL = expansions of array models to free constants
L̂ = FOL with equalityLan
L̂= FOL clauses
ModL̂
= models of FOL with equalityRef
L̂= any superposition-based prover
Abstraction:ϕa is a certain flat form of ϕ’s CNF
Refinement:Array axioms
DISPROVING-VERIFY’07 – p.20/38
![Page 40: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/40.jpg)
Example: Eager Reduction to FOL =
L = Arrays with extensionalityLanL = Boolean combinations of read/write atomsModL = expansions of array models to free constants
L̂ = FOL with equalityLan
L̂= FOL clauses
ModL̂
= models of FOL with equalityRef
L̂= any superposition-based prover
Proof strategy:
1. Start with Γ = {ϕa}
2. Apply refinement rules to add array axioms
3. Apply other rules to Γ (i.e., give Γ to superposition prover)DISPROVING-VERIFY’07 – p.20/38
![Page 41: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/41.jpg)
Example: Eager Reduction to FOL =
L = Arrays with extensionalityLanL = Boolean combinations of read/write atomsModL = expansions of array models to free constants
L̂ = FOL with equalityLan
L̂= FOL clauses
ModL̂
= models of FOL with equalityRef
L̂= any superposition-based prover
Termination Conditions:
Γ = {⊥} or
Γ is saturated (*)
(*) Termination is guaranteed with proper reduction orderingDISPROVING-VERIFY’07 – p.20/38
![Page 42: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/42.jpg)
Superposition Rules
Expansion RulesSuperposition Right
Γ, C ∨ s[u] = t, C′ ∨ u′ = v′
Γ, C ∨ s[u] = t, C′ ∨ u′ = v′, µ(C ∨ C′ ∨ s[v′] = t)if
µ = mgu(u′, u),
. . .
. . .
Splitting RulesNone
Closing Rules
FailΓ, �
⊥
DISPROVING-VERIFY’07 – p.21/38
![Page 43: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/43.jpg)
Superposition Rules
Contraction Rules
SubsumptionΓ, C, C′
Γ, Cif σ(C) ⊆ C for some σ, . . .
DeletionΓ, C ∨ t = t
Γ
. . .
Refinement Rules
T -AxiomΓ
Γ, Cif C is an axiom of T
DISPROVING-VERIFY’07 – p.22/38
![Page 44: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/44.jpg)
Example: Lazy Reduction to SAT (DPLL( T ))
L = QF fragment of some theory T
LanL = Boolean combinations of T -atomsModL = expansions of models of T to free constants
L̂ = propositional logicLan
L̂= CNF formulas
ModL̂
= propositional modelsRef
L̂= DPLL-based solver
DISPROVING-VERIFY’07 – p.23/38
![Page 45: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/45.jpg)
Example: Lazy Reduction to SAT (DPLL( T ))
L = QF fragment of some theory T
LanL = Boolean combinations of T -atomsModL = expansions of models of T to free constants
L̂ = propositional logicLan
L̂= CNF formulas
ModL̂
= propositional modelsRef
L̂= DPLL-based solver
Abstraction:ϕa is a Boolean abstraction of ϕ’s CNF
Refinement:Selected ground theorems or unit consequences of Γc in T
DISPROVING-VERIFY’07 – p.23/38
![Page 46: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/46.jpg)
Example: Lazy Reduction to SAT (DPLL( T ))
L = QF fragment of some theory T
LanL = Boolean combinations of T -atomsModL = expansions of models of T to free constants
L̂ = propositional logicLan
L̂= CNF formulas
ModL̂
= propositional modelsRef
L̂= DPLL-based solver
Proof strategy:
1. Start with Γ = {ϕa}
2. Apply a mix of DPLL and refinement rules (*)
(*) Termination guaranteed by mild restrictions on rule application mix
DISPROVING-VERIFY’07 – p.23/38
![Page 47: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/47.jpg)
Example: Lazy Reduction to SAT (DPLL( T ))
L = QF fragment of some theory T
LanL = Boolean combinations of T -atomsModL = expansions of models of T to free constants
L̂ = propositional logicLan
L̂= CNF formulas
ModL̂
= propositional modelsRef
L̂= DPLL-based solver
Termination Conditions:
Γ = {⊥} (on all branches) or
∆c is T -consistent and ∆ |= ϕa, where∆ = { literals of Γ }
DISPROVING-VERIFY’07 – p.23/38
![Page 48: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/48.jpg)
DPLL(T ) Rules
Expansion Rules
Unit PropagationΓ, l1, . . . , ln, l1 ∨ · · · ∨ ln ∨ l
Γ, l1, . . . , ln, l1 ∨ · · · ∨ ln ∨ l, l
LearnΓ
Γ, Cif Γ |= C
Splitting Rules
SplitΓ
Γ, l | Γ, lif neither l nor l is in Γ
Closing Rules
FailΓ, l1, . . . , ln, l1 ∨ · · · ∨ ln
⊥ DISPROVING-VERIFY’07 – p.24/38
![Page 49: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/49.jpg)
DPLL(T ) Rules
Contraction Rules
ForgetΓ, C
Γif Γ |= C
RestartΓ, ∆
Γif ∆ = propagated and splitting literals
Refinement Rules
T -LearnΓ
Γ, Cif |=T Cc, atoms of C from Γ
T -PropagateΓ, ∆
Γ, ∆, lif ∆ set of literals, atom of l from Γ, ∆c |=T lc
DISPROVING-VERIFY’07 – p.25/38
![Page 50: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/50.jpg)
Example: Eager Reduction to LRA+UF
L = finite multisetsLanL = Boolean combinations of multiset atomsModL = expansions of multiset models to free constants
L̂ = linear real arithmetic with uninterpreted symbolsLan
L̂= Boolean combination of linear expressions
ModL̂
= expansions of Reals to free symbolsRef
L̂= DPLL(LRA+UF) solver
Proof strategy:
1. Start with Γ = {ϕa}
2. Apply refinement rules until Γc is equisat with ϕ
3. Apply other rules to Γ (i.e., give Γ to DPLL(T) solver)DISPROVING-VERIFY’07 – p.26/38
![Page 51: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/51.jpg)
Theory Combinations as Refinement
When T = T1 + . . .+ Tn combination methods apply
DISPROVING-VERIFY’07 – p.27/38
![Page 52: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/52.jpg)
Theory Combinations as Refinement
When T = T1 + . . .+ Tn combination methods apply
DISPROVING-VERIFY’07 – p.27/38
![Page 53: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/53.jpg)
Theory Combinations as Refinement
When T = T1 + . . .+ Tn combination methods apply
Eager approachesReduce T1 + . . .+ Tn to some theory T0
DISPROVING-VERIFY’07 – p.27/38
![Page 54: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/54.jpg)
Theory Combinations as Refinement
When T = T1 + . . .+ Tn combination methods apply
Eager approachesReduce T1 + . . .+ Tn to some theory T0
Lazy approachesDPLL(T1, . . . , Tn) with Nelson-Oppen combination
Query abstraction involves purification
Refinement is done per theory, with refinement formulasincluding shared equalities
DISPROVING-VERIFY’07 – p.27/38
![Page 55: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/55.jpg)
Long-standing Issue in SMT: Quantifiers
DISPROVING-VERIFY’07 – p.28/38
![Page 56: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/56.jpg)
Long-standing Issue in SMT: Quantifiers
Most SMT solvers accept only ground formulas
In most cases, queries are ground formulas
DISPROVING-VERIFY’07 – p.28/38
![Page 57: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/57.jpg)
Long-standing Issue in SMT: Quantifiers
Most SMT solvers accept only ground formulas
In most cases, queries are ground formulas
Dealing with quantified formula is however a real andfrequent need
DISPROVING-VERIFY’07 – p.28/38
![Page 58: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/58.jpg)
Long-standing Issue in SMT: Quantifiers
Most SMT solvers accept only ground formulas
In most cases, queries are ground formulas
Dealing with quantified formula is however a real andfrequent need
Here is why
DISPROVING-VERIFY’07 – p.28/38
![Page 59: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/59.jpg)
Creeping Quantifiers
Often, we want ground satisfiability in a theory TFull
DISPROVING-VERIFY’07 – p.29/38
![Page 60: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/60.jpg)
Creeping Quantifiers
Often, we want ground satisfiability in a theory TFull
However, we only have a solver for ground satisfiability in asubtheory T of Tf with
T ’s signature ⊆ TFull’s signature
T ’s theorems ⊆ TFull’s theorems
DISPROVING-VERIFY’07 – p.29/38
![Page 61: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/61.jpg)
Creeping Quantifiers
Often, we want ground satisfiability in a theory TFull
However, we only have a solver for ground satisfiability in asubtheory T of Tf with
T ’s signature ⊆ TFull’s signature
T ’s theorems ⊆ TFull’s theorems
We then approximate TFull-satisfiability with T -satisfiability ofΓ ∪ Φ where
Φ is the original ground query and
Γ is a fixed, selected set of quantified axioms of TFull thatare not theorems of T
DISPROVING-VERIFY’07 – p.29/38
![Page 62: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/62.jpg)
Creeping Quantifiers: Example
T : Theory of integers and lists (with only cons, nil, head, tail)
TFull: Theory of integers and lists with length function
Γ : {len(nil) = 0, ∀x, y. len(cons(x, y)) = len(y) + 1}
DISPROVING-VERIFY’07 – p.30/38
![Page 63: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/63.jpg)
Creeping Quantifiers: Example
T : Theory of integers and lists (with only cons, nil, head, tail)
TFull: Theory of integers and lists with length function
Γ : {len(nil) = 0, ∀x, y. len(cons(x, y)) = len(y) + 1}
Note T ∪ Γ is weaker (strictly in this example) than TFull butstronger than T
But we can catch more TFull-unsatisfiable formulas if wecheck the T -satisfiability of Γ ∪ Φ instead of just Φ
DISPROVING-VERIFY’07 – p.30/38
![Page 64: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/64.jpg)
Creeping Quantifiers: Example
T : Theory of integers and lists (with only cons, nil, head, tail)
TFull: Theory of integers and lists with length function
Γ : {len(nil) = 0, ∀x, y. len(cons(x, y)) = len(y) + 1}
Note T ∪ Γ is weaker (strictly in this example) than TFull butstronger than T
But we can catch more TFull-unsatisfiable formulas if wecheck the T -satisfiability of Γ ∪ Φ instead of just Φ
Problem How to deal with quantifiers in Γ?
DISPROVING-VERIFY’07 – p.30/38
![Page 65: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/65.jpg)
Creeping Quantifiers: Example
T : Theory of integers and lists (with only cons, nil, head, tail)
TFull: Theory of integers and lists with length function
Γ : {len(nil) = 0, ∀x, y. len(cons(x, y)) = len(y) + 1}
Note T ∪ Γ is weaker (strictly in this example) than TFull butstronger than T
But we can catch more TFull-unsatisfiable formulas if wecheck the T -satisfiability of Γ ∪ Φ instead of just Φ
Problem How to deal with quantifiers in Γ?
(Still) Current Solution Logical abstraction and thenrefinement via heuristic quantifier instantiation
DISPROVING-VERIFY’07 – p.30/38
![Page 66: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/66.jpg)
Heuristic Instantiation as Generic Refinement
The case of DPLL( T ) systems
1. Abstract each quantified subformula Qx. ϕ(x) in thequery by a fresh Boolean predicate P
2. If P gets ever asserted, refine it by adding one or moreinstances of ϕ(x) as needed
DISPROVING-VERIFY’07 – p.31/38
![Page 67: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/67.jpg)
Heuristic Instantiation as Generic Refinement
The case of DPLL( T ) systems
1. Abstract each quantified subformula Qx. ϕ(x) in thequery by a fresh Boolean predicate P
2. If P gets ever asserted, refine it by adding one or moreinstances of ϕ(x) as needed
Main Challenges When, how and how much to instantiate
State of the art Patterns, (incomplete) T -matchingSee Wednesday morning’s talks
DISPROVING-VERIFY’07 – p.31/38
![Page 68: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/68.jpg)
Beyond Decision Procedures
As SMT solvers get be embedded in more and different toolsmore complex forms of outputs are being asked
E.g.
Unsatisfiable cores
Proofs
Interpolants
Models
Each of these introduces challenges of its own
DISPROVING-VERIFY’07 – p.32/38
![Page 69: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/69.jpg)
Unsatisfiable Cores
When Γ is T -unsatisfiable, return minimally T -unsatisfiablesubsets of Γ
Uses Conflict analysis, intelligent backtracking
Challenges Minimization is a hard problem, even for simpletheories
Approaches Compute almost minimal sets
DISPROVING-VERIFY’07 – p.33/38
![Page 70: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/70.jpg)
Proofs
When Γ is T -unsatisfiable, produce a proof in some suitableproof system
Uses Embedding in untrusting tools, interpolant generation
Challenges Minimization of overhead, tradeoff between proofsize and rule granularity, choice of the proof system
Approaches Several, no unifying themes yet
DISPROVING-VERIFY’07 – p.34/38
![Page 71: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/71.jpg)
Interpolants
When Γ1 ∪ Γ2 is T -unsatisfiable, return a T -interpolant of Γ1
and Γ2
(a formula I whose free symbols occur in Γ1 and Γ2, and s.t.Γ1 |=T I and Γ2, I |=T ⊥)
Uses Model checking
Challenges New topic, few known interpolating procedures,tricky combination issues
Approaches Eager reduction to LRA+UF
DISPROVING-VERIFY’07 – p.35/38
![Page 72: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/72.jpg)
Models
When Γ is satisfiable, return a concrete assignment of valuesto its free-symbols
Uses Counter-example generation in modelchecking/ESC/verification, test-case generation
Challenges Potential exponential overhead (differencebetween sat-checking and constraint solving), compactrepresentation of solutions, combination of solutions
Approaches Mining constraint solving research, more workneeded on model generation modulo theories
DISPROVING-VERIFY’07 – p.36/38
![Page 73: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/73.jpg)
Foundational Issues
Which version of FOL= is best for SMT?
More concretely, which type system?
DISPROVING-VERIFY’07 – p.37/38
![Page 74: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/74.jpg)
Foundational Issues
Which version of FOL= is best for SMT?
More concretely, which type system?
Unsorted
Many-sorted
Order-subsorted
With predicate subtyping
With parametrized types
With dependent types
DISPROVING-VERIFY’07 – p.37/38
![Page 75: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/75.jpg)
Foundational Issues
Which version of FOL= is best for SMT?
More concretely, which type system?
Current trend Towards more sophisticated type systems
Rationale Simplifies combination/refinement issues
Challenges Increases complexity of refutation systems,persistent belief that types are mostly a nuisance
DISPROVING-VERIFY’07 – p.37/38
![Page 76: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/76.jpg)
Practical Issues
Embedding of SMT solvers into other tools
Interoperability of SMT solvers
Standardization of API’s and input/output formats
Availability of benchmarks
Comparative experimental evaluations
DISPROVING-VERIFY’07 – p.38/38
![Page 77: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/77.jpg)
Practical Issues
Embedding of SMT solvers into other tools
Interoperability of SMT solvers
Standardization of API’s and input/output formats
Availability of benchmarks
Comparative experimental evaluations
Being addressed by the SMT-LIB initiative
More info at www.smt-lib.orgDISPROVING-VERIFY’07 – p.38/38
![Page 78: Trends and Challenges in Satisfiability Modulo Theorieshomepage.cs.uiowa.edu/~tinelli/talks/VERIFY-07.pdfValidity Modulo Theories in a Nutshell Distinguishing Feature T -validity](https://reader033.vdocuments.pub/reader033/viewer/2022042914/5f4f74d3d5bff46483611332/html5/thumbnails/78.jpg)
Thank you
DISPROVING-VERIFY’07 – p.39/38