advances in automated theorem proving leonardo de moura, nikolaj bjørner ken mcmillan, margus...
TRANSCRIPT
![Page 1: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/1.jpg)
Advances in Automated Theorem Proving
Leonardo de Moura, Nikolaj BjørnerKen McMillan, Margus Veanes
presented byThomas Ball
http://research.microsoft.com/rise/http://rise4fun.com/z3py/
![Page 2: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/2.jpg)
Symbolic ReasoningLogic is “The Calculus of Computer Science” Zohar Manna
Undecidable (FOL + LIA)
Semi Decidable (FOL)
NEXPTIME (EPR)
PSPACE (QBF)
NP (SAT)
Practical problems often have structure that can be exploited.
![Page 3: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/3.jpg)
Satisfiability
sat,
unsat, Proof
Solution/Model
![Page 4: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/4.jpg)
Z3 is a collection ofSymbolic Reasoning Engines
DPLLSimplex Rewriting
Superposition
CongruenceClosure Groebner
Basis
elimination
EuclideanSolver
Automated Theorem Provierhttp://research.microsoft.com/projects/z3/
Leonardo de Moura and Nikolaj Bjørner
![Page 5: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/5.jpg)
Learn about Z3 andget the source code!
• Start here– http://rise4fun.com/Z3Py/tutorial/guide
• Strategies– http://rise4fun.com/Z3Py/tutorial/strategies
• Advanced topics– http://rise4fun.com/Z3Py/tutorial/advanced
• Source code– http://z3.codeplex.com/
![Page 6: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/6.jpg)
Some Applications
• Functional verification• Defect detection• Test generation• Design-space exploration• New programming languages
![Page 7: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/7.jpg)
Impact
SAGE
Z3 used by many research groups (> 700 citations)More than 17k downloadsZ3 placed 1st in 17/21 categories in 2011 SMT competition
Design & PL Verification/Defect Detection Testing
![Page 8: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/8.jpg)
Recent Progress
Arithmetic, Bit-Vectors, Booleans, Arrays, Datatypes, Quantifiers
New Mathematics
1. Interpolants2. Fixed Points
3. Sequences/Strings4. Nonlinear arithmetic
BeyondSatisfiability
New Applications
![Page 9: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/9.jpg)
Craig Interpolationand Interpolating Z3
Ken McMillan
(FMCAD 2011)
![Page 10: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/10.jpg)
Introduction
Imagine two companies that want to do business...
Alice's Business Machines Bob's Good Hosting
Constraints
𝑀 ≥ 10,000𝐶⇒𝑊 ≤ 2,000
¬𝐶⇒𝑊 ≤1,000
Constraints UNSAT
(secret)involve
How do we explain the problem to Bob?
![Page 11: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/11.jpg)
Interpolants as Explanations
Aunknown,complex UNSAT!
A B
false!
Proof
unknownvariables! 𝑀
𝑊≤ 3
𝐼
feasible interpolation
Interpolant explains thefailure in terms of known variables.
most general
most specific
RELEVANTGENERALIZATION
B
𝑀≥ 10,000𝐶⇒𝑊 ≤ 2,000
¬𝐶⇒𝑊 ≤1,000
![Page 12: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/12.jpg)
𝑀≥ 10,000𝐶⇒𝑊 ≤ 2,000
¬𝐶⇒𝑊 ≤1,000
![Page 13: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/13.jpg)
𝑀𝑊
≤ 3𝑀≥ 10,000
𝐶⇒𝑊 ≤ 2,000¬𝐶⇒𝑊 ≤1,000
![Page 14: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/14.jpg)
Interpolants as Floyd-Hoare proofs
x1= y0
y1=y0+1
x1=y1
x := y
y := y+1
assume(x = y)
![Page 15: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/15.jpg)
Interpolants as Floyd-Hoare proofs
x1= y0
y1=y0+1
x1=y1
![Page 16: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/16.jpg)
Interpolants as Floyd-Hoare proofs
x1= y0
y1=y0+1
x1=y1
![Page 17: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/17.jpg)
Interpolants as Floyd-Hoare proofs
x1= y0
y1=y0+1
x1=y1
![Page 18: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/18.jpg)
Interpolants as Floyd-Hoare proofs
x1= y0
y1=y0+1
x1=y1
{False}
{x=y}
{True}
{y>x}
x := y
y := y+1
assume(x = y)
x := y
y := y+1
assume(x = y)
![Page 19: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/19.jpg)
Duality: Summaries from Interpolants
procedure instances
... ...
... ...
propertymain
Interpolant is a speculatedprocedure summary for P
P
F FF F
![Page 20: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/20.jpg)
Duality performance vs. Yogi
![Page 21: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/21.jpg)
Symbolic Automataand Transducers
Margus Veanes, Nikolaj Bjørner(POPL 2011)
![Page 22: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/22.jpg)
Core Question
Can classical automata theory and algorithms be extended to work
modulo large (infinite) alphabets ?
![Page 23: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/23.jpg)
Symbolic Word Transducers
Symbolic Automata: Relativized Formal Language Theory
Classical Word Transducers(e.g. decoding automata,
rational transductions)
Classical I/O Automata(e.g. Mealy machine)
ClassicalWord Acceptors
(NFA, DFA)
Symbolic Word Acceptors
regex matching
string transformation
Classical Word Acceptors modulo Th()
Classical Word Transducers modulo Th()
![Page 24: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/24.jpg)
Symbolic Finite Transducer (SFT)
• Classical transducer modulo a rich label theory• Core Idea: represent labels with guarded transformers
– Separation of concerns: finite graph / theory of labels
Concrete transitions:
p
q
Symbolic transition:
‘\x80’/“\xC2\x80”
… ‘\x7FF’/“\xDF\xBF”
q
p
x. 8016 ≤ x ≤ 7FF16/[C016|x10,6, 8016|x5,0]
guard
bitvector operations
1920transitions
![Page 25: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/25.jpg)
Algorithms
• New algorithms for SFAs and SFTs
• Extensions of classical algorithms modulo Th()
• Big-O complexity matches that of classical algorithms, with factor for decision procedure
Using Z3
![Page 26: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/26.jpg)
Analysis
Example 1: x(utf8encode(x) Rutf8) ?1. E = SFT(utf8encode)2. A = Complement(SFA(Rutf8))
3. B = x. A(E(x))
4. B ?
Example 2: x.utf8decode(utf8encode(x)) Id ?
Does there exist an input x that causes
a bad output ?
![Page 27: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/27.jpg)
Links
• Symbolic Automata Tool Kithttp://research.microsoft.com/automata/
• Rex (acceptors) onlinehttp://rise4fun.com/rex/
• Bek (transducers) onlineSamples: http://rise4fun.com/Bek/ Tutorials: http://rise4fun.com/Bek/tutorial
![Page 28: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/28.jpg)
Solving Nonlinear Arithmetic
Dejan Jovanović (NYU) and Leonardo de Moura
(IJCAR 2012)
![Page 29: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/29.jpg)
Polynomial Constraints
AKAExistential Theory of the Reals
R
![Page 30: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/30.jpg)
Milestones
1637 1732 1830 1835 1876 1930 1975820 1247
RCF admits QEnon elementary complexity
QE by CADDoubly exponential
![Page 31: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/31.jpg)
Applications
![Page 32: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/32.jpg)
PSPACE
R
How hard is R?
NP-hardnessx is “Boolean” x (x-1) = 0 x or y or z x + y + z > 0
PSPACE membershipCanny – 1988,Grigor’ev – 1988
NP
![Page 33: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/33.jpg)
CAD “Big Picture”
𝑥2+ 𝑦2 −1<0𝑥 𝑦−1>0 1. Saturate
𝑥4 −𝑥2+1
𝑥𝑥2−1
+ + + + + + +
+ 0 - - - 0 +
- - - 0 + + +
𝑥−2
+ + +
+ 0 -
2. Search
![Page 34: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/34.jpg)
Our Procedure
• Start search before saturate/project
• Saturate on demand
• Apply SAT solver heuristics– Learn lemmas from conflicts– Non-chronological backtracking
![Page 35: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/35.jpg)
Our Procedure (1)Key ideas: Use partial solution to guide the search
𝑥3+2𝑥2+3 𝑦 2−5<0
𝑥2+𝑦2<1
− 4 𝑥𝑦− 4 𝑥+𝑦>1
Feasible Region
Starting searchPartial solution:
Can we extend it to ?
What is the core?
![Page 36: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/36.jpg)
Our Procedure (2)Key ideas: Nonchronological Backtracking
𝒙=𝟎
𝒚=√𝟐
= 1
𝒘 Conflict
The values chosen for and are irrelevant.
![Page 37: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/37.jpg)
Our Procedure (3)
Current assignment
Conflict
Key ideas: Lemma LearningPrevent a Conflict from happening again.
Lemma implies False
Current assignments does not satisfy new constraint.
![Page 38: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/38.jpg)
Complexity Trap: P Efficient
Every detail mattersGCD of two polynomials
Our procedure “dies” in polynomial time stepsReal algebraic number computationsComputing PSCsRoot isolation of polynomials with irrational coefficients
“Real algebraic numbers are efficient”“CAD is polynomial for a fixed number of variables”
(2𝑛)3𝑟 +1
𝑚2𝑟
𝑑2
![Page 39: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/39.jpg)
Experimental ResultsNEW ENGINE
![Page 40: Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ea85503460f94bab4fa/html5/thumbnails/40.jpg)
Conclusions“Logic is the Calculus of Computer Science”Automating mathematical logicLogic engines as a service
Arithmetic, Bit-Vectors, Booleans, Arrays, Datatypes, Quantifiers
New Mathematics
1. Interpolants2. Fixed Points
3. Sequences/Strings4. Nonlinear arithmetic
BeyondSatisfiability
NewApplications