1 / 53

Engineering DPLL(T) + Saturation IJCAR 2008

Engineering DPLL(T) + Saturation IJCAR 2008. Leonardo de Moura and Nikolaj Bjørner Microsoft Research. Satisfiability Modulo Theories (SMT). Arithmetic Bit-vectors Arrays …. Satisfiability Modulo Theories (SMT). Uninterpreted Functions. Array Theory. Arithmetic. M | F. DPLL.

emily
Download Presentation

Engineering DPLL(T) + Saturation IJCAR 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Engineering DPLL(T) + SaturationIJCAR 2008 Leonardo de Moura and Nikolaj Bjørner Microsoft Research

  2. Satisfiability Modulo Theories (SMT) • Arithmetic • Bit-vectors • Arrays • … Engineering DPLL(T) + Saturation

  3. Satisfiability Modulo Theories (SMT) Uninterpreted Functions Array Theory Arithmetic Engineering DPLL(T) + Saturation

  4. M | F DPLL Partial model Set of clauses Engineering DPLL(T) + Saturation

  5. Guessing DPLL • p | p  q, q  r p, q | p  q, q  r Engineering DPLL(T) + Saturation

  6. Deducing DPLL • p | p  q, p  s p, s| p  q, p  s Engineering DPLL(T) + Saturation

  7. Backtracking DPLL • p, s, q | p  q, s  q, p q p, s| p  q, s  q, p q Engineering DPLL(T) + Saturation

  8. Efficient decision procedures for conjunctions of ground atoms. SMT = DPLL + Theories • a=b, a<5 | a=b  f(a)=f(b), a < 5  a > 10 • Examples: • Congruence closure • Dual Simplex • Bellman-Ford • … Engineering DPLL(T) + Saturation

  9. SMT: many applications at MS... Engineering DPLL(T) + Saturation

  10. Verifying Compilers • A verifying compiler uses automated reasoning to check the • correctness of a program that is compiles. • Correctness is specified by types, assertions, . . . and other • redundant annotations that accompany the program. • Tony Hoare 2004

  11. Verification architecture Spec# C C Spec# compiler HAVOC VCC MSIL Bytecode translator V Boogie Static program verifier (Boogie) V.C. generator Verification condition Z3 “correct” or list of errors

  12. Verification conditions: Structure BIG and-or tree (ground) Axioms • (non-ground) Control & Data Flow

  13. Quantifiers, quantifiers, quantifiers, … Modeling the runtime  h,o,f: IsHeap(h) o ≠ null  read(h, o, alloc) = t  read(h,o, f) = null  read(h, read(h,o,f),alloc) = t Main Challenge Engineering DPLL(T) + Saturation

  14. Quantifiers, quantifiers, quantifiers, … Modeling the runtime Frame axioms  o, f: o ≠ null  read(h0, o, alloc) = t  read(h1,o,f) = read(h0,o,f)  (o,f)  M Main Challenge Engineering DPLL(T) + Saturation

  15. Quantifiers, quantifiers, quantifiers, … Modeling the runtime Frame axioms User provided assertions  i,j: i  j  read(a,i)  read(b,j) Main Challenge Engineering DPLL(T) + Saturation

  16. Quantifiers, quantifiers, quantifiers, … Modeling the runtime Frame axioms User provided assertions Theories x: p(x,x) x,y,z: p(x,y), p(y,z)  p(x,z) x,y: p(x,y), p(y,x)  x = y Main Challenge Engineering DPLL(T) + Saturation

  17. Quantifiers, quantifiers, quantifiers, … Modeling the runtime Frame axioms User provided assertions Theories Solver must be fast in satisfiable instances. Main Challenge We want to find bugs! Engineering DPLL(T) + Saturation

  18. E-matching & Quantifier instantiation • SMT solvers use heuristic quantifier instantiation. • E-matching (matching modulo equalities). • Example: • x: f(g(x)) = x { f(g(x)) } • a = g(b), • b = c, • f(a)  c Pattern Engineering DPLL(T) + Saturation

  19. E-matching & Quantifier instantiation • SMT solvers use heuristic quantifier instantiation. • E-matching (matching modulo equalities). • Example: • x: f(g(x)) = x { f(g(x)) } • a = g(b), • b = c, • f(a)  c x=b • f(g(b)) = b Equalities and ground terms come from the partial model M: • M | F Engineering DPLL(T) + Saturation

  20. E-matching: why do we use it? • Integrates smoothly with DPLL. • Software verification problems are big & shallow. • Decides useful theories: • Arrays • Partial orders • … Engineering DPLL(T) + Saturation

  21. E-matching: Limitations • E-matching needs ground seeds. • x: p(x), • x: not p(x) Engineering DPLL(T) + Saturation

  22. E-matching: Limitations • E-matching needs ground seeds. • Bad user provided patterns: • x: f(g(x))=x { f(g(x)) } • g(a) = c, • g(b) = c, • a  b Pattern is too restrictive Engineering DPLL(T) + Saturation

  23. E-matching: Limitations • E-matching needs ground seeds. • Bad user provided patterns: • x: f(g(x))=x { g(x) } • g(a) = c, • g(b) = c, • a  b More “liberal” pattern Engineering DPLL(T) + Saturation

  24. E-matching: Limitations • E-matching needs ground seeds. • Bad user provided patterns: • x: f(g(x))=x { g(x) } • g(a) = c, • g(b) = c, • a  b, • f(g(a)) = a, • f(g(b)) = b • a=b Engineering DPLL(T) + Saturation

  25. E-matching: Limitations • E-matching needs ground seeds. • Bad user provided patterns. • Matching loops: • x: f(x) = g(f(x)) {f(x)} • x: g(x) = f(g(x)) {g(x)} • f(a) = c Engineering DPLL(T) + Saturation

  26. E-matching: Limitations • E-matching needs ground seeds. • Bad user provided patterns. • Matching loops: • x: f(x) = g(f(x)) {f(x)} • x: g(x) = f(g(x)) {g(x)} • f(a) = c • f(a) = g(f(a)) Engineering DPLL(T) + Saturation

  27. E-matching: Limitations • E-matching needs ground seeds. • Bad user provided patterns. • Matching loops: • x: f(x) = g(f(x)) {f(x)} • x: g(x) = f(g(x)) {g(x)} • f(a) = c • f(a) = g(f(a)) • g(f(a)) = f(g(f(a))) Engineering DPLL(T) + Saturation

  28. E-matching: Limitations • E-matching needs ground seeds. • Bad user provided patterns. • Matching loops. • It is not refutationally complete. Engineering DPLL(T) + Saturation

  29. Z3: Beyond E-matching • Decidable fragments: • EPR (this morning) • Array property fragment • More coming soon • DPLL(): DPLL + Saturation (this talk) Engineering DPLL(T) + Saturation

  30. DPLL() • Tight integration: DPLL + Saturation solver. BIG and-or tree (ground) Axioms • (non-ground) Saturation Solver DPLL + Theories Engineering DPLL(T) + Saturation

  31. DPLL() • Inference rule: • DPLL() is parametric. • Examples: • Resolution • Superposition calculus • … Engineering DPLL(T) + Saturation

  32. DPLL() M | F Partial model Set of clauses Engineering DPLL(T) + Saturation

  33. DPLL(): Deduce I • p(a) | p(a)q(a), x: p(x)r(x), x: p(x)s(x) Engineering DPLL(T) + Saturation

  34. DPLL(): Deduce I • p(a) | p(a)q(a), p(x)r(x), p(x)s(x) Engineering DPLL(T) + Saturation

  35. DPLL(): Deduce I • p(a) | p(a)q(a), p(x)r(x), p(x)s(x) Resolution • p(a) | p(a)q(a), p(x)r(x), p(x)s(x), r(x)s(x) Engineering DPLL(T) + Saturation

  36. DPLL(): Deduce II • Using ground atoms from M: • M | F • Main issue: backtracking. • Hypothetical clauses: • H  C Track literals from M used to derive C (regular)Clause (hypothesis) Ground literals Engineering DPLL(T) + Saturation

  37. DPLL(): Deduce II • p(a)| p(a)q(a), p(x)r(x) • p(a), p(x)r(x) • r(a) • p(a) | p(a)q(a), p(x)r(x), p(a)r(a) Engineering DPLL(T) + Saturation

  38. DPLL(): Backtracking • p(a), r(a)| p(a)q(a), p(a)r(a), p(a)r(a), … Engineering DPLL(T) + Saturation

  39. DPLL(): Backtracking • p(a), r(a)| p(a)q(a), p(a)r(a), p(a)r(a), … p(a) is removed from M • p(a)| p(a)q(a), p(a)r(a), … Engineering DPLL(T) + Saturation

  40. DPLL(): Hypothesis Elimination • p(a), r(a) | p(a)q(a), p(a)r(a), p(a)r(a), … • p(a), r(a)| p(a)q(a), p(a)r(a), p(a)r(a), … Engineering DPLL(T) + Saturation

  41. DPLL(): Improvement • Saturation solver ignores non-unit ground clauses. • p(a) | p(a)q(a), p(x)r(x) Engineering DPLL(T) + Saturation

  42. DPLL(): Improvement • Saturation solver ignores non-unit ground clauses. • It is still refutanionally complete if: •  has the reduction property. BIG and-or tree (ground) Axioms • (non-ground) Saturation Solver DPLL + Theories Engineering DPLL(T) + Saturation

  43. DPLL(): Improvement • Saturation solver ignores non-unit ground clauses. • It is still refutanionally complete if: •  has the reduction property. Ground literals Saturation Solver DPLL + Theories Ground clauses Engineering DPLL(T) + Saturation

  44. DPLL(): Contraction rules • Contraction rules are very important. • Examples: • Subsumption • Demodulation • … • Contraction rules with a single premise are easy. Engineering DPLL(T) + Saturation

  45. DPLL(): Contraction rules • Contraction rules with several premises. • Example: • p(a) r(x), r(x)s(x) r(x)subsumes r(x)s(x) • Problem: p(a) r(x) can be deleted during backtracking. Engineering DPLL(T) + Saturation

  46. DPLL(): Contraction rules • Contraction rules with several premises. • Example: • p(a) r(x), r(x)s(x) • Naïve solution: use hypothesis elimination. • p(a)r(x), r(x)s(x) Engineering DPLL(T) + Saturation

  47. DPLL(): Contraction rules • Contraction rules with several premises. • Example: • p(a) r(x), r(x)s(x) • Solution: disable r(x)s(x) until p(a) is removed from the partial model M. Engineering DPLL(T) + Saturation

  48. DPLL(): Problems • Interpreted symtbols • (f(a) > 2), f(x) > 5 Disclaimer: Doesn’t occur very often • Solution: use E-matching for non-ground clauses containing interpreted symbols. Engineering DPLL(T) + Saturation

  49. DPLL(): Problems • Transitivity + monotonicity • p(x,y)  p(y,z)  p(x,z) • p(x,y)  p(f(x), f(y)) Saturation engine diverges • No satisfactory solution yet. Engineering DPLL(T) + Saturation

  50. DPLL(): Problems • Ground equations (duplication of work) • Superposition • Congruence closure Our problems have a huge number of ground equalities • Partial solution: E-graph (congruence closure) → canonical set of rewriting rules [17]. Engineering DPLL(T) + Saturation

More Related