ece750t-28: computer-aided reasoning for software ...vganesh/teaching/f2013/satsmt/lectures... ·...

ECE750T-28:Computer-aided Reasoning for Software Engineering

Lecture 17: SMT Solvers andthe DPPL(T ) Framework

Vijay Ganesh(Original notes from Isil Dillig)

Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 1/34

SMT Solvers

I An SMT (satisfiability modulo theory) solver is a tool that decidessatisfiability of formulas in combination of various first-order theories

I SMT solvers are generalizations of SAT solvers

I Can think of SMT formula as SAT formula where propositional variablesare replaced with formulas in first-order theories

I Common first-order theories SMT solvers reason about:

I Theory of equality

I Theory of rationals

I Theory of integers

I Theory of bitvectors

I Theory of arrays

I Difference logic

SMT Solvers

I Theory of arrays

I Difference logic

SMT Solvers

I Theory of arrays

I Difference logic

SMT Solvers

I Theory of arrays

I Difference logic

SMT Solvers

I Theory of arrays

I Difference logic

SMT Solvers

I Theory of arrays

I Difference logic

SMT Solvers

I Theory of arrays

I Difference logic

SMT Solvers

I Theory of arrays

I Difference logic

SMT Solvers

I Theory of arrays

I Difference logic

SMT Solvers

I Theory of arrays

I Difference logic

Applications of SMT Solvers

I SMT solvers have gained enormous popularity over the last several years

I SMT solving is active research topic today

I Many applications: software verification, programming languages, test casegeneration, planning and scheduling, . . .

I Slogan: “Whatever SAT solvers can do, SMT solvers can do better!”

I This is the case because SMT solvers generalize SAT solvers; they canhandle much richer theories than propositional logic

Existing SMT Solvers

I Many existing off-the-shelf SMT solvers:

I Yices (SRI)

I Z3 (Microsoft Research)

I CVC3 (NYU, U Iowa)

I STP (Stanford)

I MathSAT (U Trento, Italy)

I Barcelogic (Catalonia, Spain)

I Annual competition SMT-COMP between solvers; tools ranked in variouscategories

I All of these SMT solvers have many users

I For instance, at Microsoft, there are at least two dozen projects that relyon the Z3 SMT solver

I Yices (SRI)

I STP (Stanford)

I Yices (SRI)

I STP (Stanford)

I Yices (SRI)

I STP (Stanford)

I Yices (SRI)

I STP (Stanford)

Overview

I Plan for today: Get the complete picture of how SMT solvers work

I We’ve already learned about some aspects of SMT solvers

I Already know how to decide satisfiability of several qff first-order theories(theory of equality, theory of rationals, theory of integers)

I Also already know how to combine these theories using Nelson-Oppentechnique

I Big missing piece: How to handle boolean structure of SMT formulasincluding disjunctions

Overview

Motivation for DPLL(T )

I So far, decided satisfiability of first-order theories by converting to DNF

I In reality, this is completely impractical: DNF conversion can yieldexponentially larger formula

I For many real problems, DNF conversion is prohibitively expensive

I Thus, we need a way to decide satisfiability of SMT formulas withoutexpensive conversion to DNF

DPLL(T ) Overview

I Key idea underlying SMT solvers: Combine DPLL algorithm for SATsolving with theory solvers

I Theory solver: Decision procedure for checking satisfiability in conjunctivefragment

I This architecture where we combine DPLL-based SAT solvers with theorysolvers is known as DPLL(T ) framework

I Called DPLL(T ) because we combine DPLL algorithm with solver fortheory T

I However, T can be a combination theory, such as T= ∪ TZ

I As before, solver for T= ∪ TZ is obtained by using Nelson-Oppen technique

DPLL(T ) Overview

Main Idea of DPLL(T )

I In the DPLL(T ) framework, SAT solver handles boolean structure offormula

I For this, treat each atomic formula as a propositional variable ⇒ resultingformula called boolean abstraction

I Now, use SAT solver to decide satisfiability of boolean abstraction

Main Idea of DPPL(T ), cont.

I If there is no satisfying assignment to boolean abstraction, formula isUNSAT

I If there is satisfying assignment to boolean abstraction, formula may notbe SAT

I Main job of the theory solver is to check whether assignments made bySAT solver is Satisfiable Modulo Theory (SMT)

I If SAT solver finds assignment that is consistent with theory, then SMTformula is satisfiable

SMT Formulas and Boolean Abstraction

I SMT formula in theory T formed as usual (structural induction):F := a i

T | F1 ∧ F2 | F1 ∨ F2 | ¬F

I For each SMT formula, define a bijective function B, called booleanabstraction function, that maps SMT formula to overapproximate SATformula

I Function B defined inductively as follows:

B(a iT ) = bi

B(F1 ∧ F2) = B(F1) ∧ B(F2)B(F1 ∨ F2) = B(F1) ∨ B(F2)B(¬F ) = ¬B(F1)

T | F1 ∧ F2 | F1 ∨ F2 | ¬F

B(a iT ) = bi

T | F1 ∧ F2 | F1 ∨ F2 | ¬F

B(a iT ) = bi

T | F1 ∧ F2 | F1 ∨ F2 | ¬F

B(a iT ) = bi

T | F1 ∧ F2 | F1 ∨ F2 | ¬F

B(a iT ) = bi

B(F1 ∧ F2) = B(F1) ∧ B(F2)

B(F1 ∨ F2) = B(F1) ∨ B(F2)B(¬F ) = ¬B(F1)

T | F1 ∧ F2 | F1 ∨ F2 | ¬F

B(a iT ) = bi

B(F1 ∧ F2) = B(F1) ∧ B(F2)B(F1 ∨ F2) = B(F1) ∨ B(F2)

B(¬F ) = ¬B(F1)

T | F1 ∧ F2 | F1 ∨ F2 | ¬F

B(a iT ) = bi

Example

I What is the boolean abstraction of this formula?

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)

I Boolean abstraction is also called boolean skeleton

I Since B is a bijective function, B−1 also exists

I What is B−1(b2 ∨ ¬b1)?

y = z ∨ ¬(x = z )

Example

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)

y = z ∨ ¬(x = z )

Example

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)

y = z ∨ ¬(x = z )

Example

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)

y = z ∨ ¬(x = z )

Example

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)

y = z ∨ ¬(x = z )

Example

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)

I What is B−1(b2 ∨ ¬b1)? y = z ∨ ¬(x = z )

Boolean Abstraction as Overapproximation

I Observe: The boolean abstraction constructed this way overapproximatessatisfiability of the formula

I Is this formula satisfiable?

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I Boolean abstraction: B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)

I Is this satisfiable?

I What is a sat assignment?

A = b1 ∧ b2 ∧ b3

I What is B−1(A) ?

x = y ∧ y = z ∧ x 6= z

I Is B−1(A) satisfiable?

I Is this formula satisfiable?

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

A = b1 ∧ b2 ∧ b3

x = y ∧ y = z ∧ x 6= z

I Is this formula satisfiable? No

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

A = b1 ∧ b2 ∧ b3

x = y ∧ y = z ∧ x 6= z

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

A = b1 ∧ b2 ∧ b3

x = y ∧ y = z ∧ x 6= z

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

A = b1 ∧ b2 ∧ b3

x = y ∧ y = z ∧ x 6= z

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I Is this satisfiable? Yes

A = b1 ∧ b2 ∧ b3

x = y ∧ y = z ∧ x 6= z

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

A = b1 ∧ b2 ∧ b3

x = y ∧ y = z ∧ x 6= z

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I What is a sat assignment? A = b1 ∧ b2 ∧ b3

x = y ∧ y = z ∧ x 6= z

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

x = y ∧ y = z ∧ x 6= z

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I What is B−1(A) ? x = y ∧ y = z ∧ x 6= z

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I Is B−1(A) satisfiable? No

SMT Solving: Simplest Version

I In simplest version of SMT solvers, construct boolean abstraction B(F ) ofSMT formula F

I If B(F ) is unsat, return unsat

I If B(F ) is sat, get sat assignment A (conjunction of propositional literals)

I Construct B−1(A); this is conjunction of atomic T -formulas

I Query T -solver for satisfiability of B−1(A)

SMT Solving: Simplest Version, cont

I If T -solver decides B−1(A) is sat, return SAT

I Why? Because we found an assignment that (i) both satisfies booleanstructure, and (ii) consistent with theory axioms

I If B−1(A) is unsat, does this mean original formula is UNSAT?

I No b/c might be other ways of satisfying boolean structure

I In this case, construct new boolean abstraction B(F ) ∧ ¬A

I Repeat until we find assignment consistent with theory or until booleanabstraction is unsat

SMT Solving, Simplest Version: Correctness

I If B−1(A) is unsat, construct new abstraction as B(F ) ∧ ¬A

I Does B(F ) ∧ ¬A still overapproximate satisfiability?

I Yes because since B−1(A) is unsat B−1(¬A) is valid

I Thus, F ∧ B−1(¬A) is equivalent to F

I Hence, B(F ∧ B−1(¬A)) (i.e., B(F ) ∧ ¬A) still overapproximatessatisfiability

I Formulas such as ¬A that are T -valid are called theory conflict clauses

SMT Solving, Simplest Version: Termination

I Approach is sound, but is it guaranteed to terminate?

I Suppose SAT solver gives assignment A s.t. B−1(A) is unsat

I We’ll never obtain same assignment A again because formula next time isB(F ) ∧ ¬A

I There are finitely many satisfying assignments to boolean abstraction, andwe get different sat assignment every time

I Thus, we’ll eventually either find assignment consistent with theory⇒ SAT

I Or all satisfying assignments contradict theory axioms ⇒ UNSAT

I Approach is sound, but is it guaranteed to terminate? Yes

Example

I Consider example from before:

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I B(F ) : b1 ∧ ((b2 ∧ b3) ∨ ¬b1)

I Sat assignment to B(F ) A : b1 ∧ b2 ∧ b3

I B−1(A) is unsat

I What is new boolean abstraction?

(b1 ∧ ((b2 ∧ b3) ∨ ¬b1)) ∧ ¬(b1 ∧ b2 ∧ b3)

I Is this formula SAT?

No, thus original formula UNSAT

Example

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I B(F ) : b1 ∧ ((b2 ∧ b3) ∨ ¬b1)

I B−1(A) is unsat

(b1 ∧ ((b2 ∧ b3) ∨ ¬b1)) ∧ ¬(b1 ∧ b2 ∧ b3)

Example

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I B(F ) : b1 ∧ ((b2 ∧ b3) ∨ ¬b1)

I B−1(A) is unsat

(b1 ∧ ((b2 ∧ b3) ∨ ¬b1)) ∧ ¬(b1 ∧ b2 ∧ b3)

Example

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I B(F ) : b1 ∧ ((b2 ∧ b3) ∨ ¬b1)

I B−1(A) is unsat

(b1 ∧ ((b2 ∧ b3) ∨ ¬b1)) ∧ ¬(b1 ∧ b2 ∧ b3)

Example

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I B(F ) : b1 ∧ ((b2 ∧ b3) ∨ ¬b1)

I B−1(A) is unsat

(b1 ∧ ((b2 ∧ b3) ∨ ¬b1)) ∧ ¬(b1 ∧ b2 ∧ b3)

Example

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I B(F ) : b1 ∧ ((b2 ∧ b3) ∨ ¬b1)

I B−1(A) is unsat

(b1 ∧ ((b2 ∧ b3) ∨ ¬b1)) ∧ ¬(b1 ∧ b2 ∧ b3)

Example

F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))

I B(F ) : b1 ∧ ((b2 ∧ b3) ∨ ¬b1)

I B−1(A) is unsat

(b1 ∧ ((b2 ∧ b3) ∨ ¬b1)) ∧ ¬(b1 ∧ b2 ∧ b3)

I Is this formula SAT? No, thus original formula UNSAT

Shortcoming of This Approach

I So far, we just add negation of current assignment as theory conflict clause

I Unfortunately, conflict clauses obtained this way are too weak

I Suppose A is a conjunction of 100 literals such that

B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98

I Theory conflict clause ¬A prevents exact same assignment

I But it doesn’t prevent many other bad assignments involvingx = y ∧ x 6= y such as:

B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ ¬a98

I In fact, there are 298 unsat assignments containing x = y ∧ x 6= y but ¬Aprevents only one of them!

B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98

B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ ¬a98

B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98

B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ ¬a98

B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98

B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ ¬a98

B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98

B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ ¬a98

B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98

B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ ¬a98

SMT solving, Improvement #1

I Suppose SAT solver makes assignment A s.t. B−1(A) is unsat

I Rather than adding ¬A as a conflict clause, better idea is to find anunsatisfiable core of B−1(A)

I An unsatisfiable core C of A contains a subset of atoms in A and B−1(C )is still unsatisfiable.

I Ideally, we would like to find the minimal unsatisfiable core

I Minimal unsatisfiable core C ∗ has property that if you drop any singleatom of C ∗, result is satisfiable

I What is a minimal unsat core of x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98?

x = y ∧ x 6= y

I What is a minimal unsat core of x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98?x = y ∧ x 6= y

Computing Minimal Unsat Core

I How can we compute minimal unsat core of conjunctive T formulawithout modifying theory solver?

I Let φ be original unsatisfiable conjunct

I Drop one atom from φ, call this φ′

I If φ′ is still unsat, φ := φ′

I Repeat this for every atom in φ

I Clearly, resulting φ is minimal unsat core of original formula

Example

I Let’s compute minimal unsat core of

φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3

I Drop x = y from φ. Is result unsat?

no, so keep x = y

I Drop f (x) + z = 5. Is result unsat?

yes, so drop f (x) + z = 5

I New formula: φ : x = y ∧ f (x) 6= f (y) ∧ y ≤ 3

I Drop f (x) 6= f (y). Is result unsat?

no, keep f (x) 6= f (y)

I Finally, drop y ≤ 3. Is result unsat?

yes, drop y ≤ 3

I What is minimal unsat core?

x = y ∧ f (x) 6= f (y)

Example

φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3

I Drop x = y from φ. Is result unsat?

no, so keep x = y

I Drop f (x) + z = 5. Is result unsat?

yes, so drop f (x) + z = 5

yes, drop y ≤ 3

x = y ∧ f (x) 6= f (y)

Example

φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3

I Drop x = y from φ. Is result unsat? no, so keep x = y

I Drop f (x) + z = 5. Is result unsat? yes, so drop f (x) + z = 5

yes, drop y ≤ 3

x = y ∧ f (x) 6= f (y)

Example

φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3

yes, drop y ≤ 3

x = y ∧ f (x) 6= f (y)

Example

φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3

yes, drop y ≤ 3

x = y ∧ f (x) 6= f (y)

Example

φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3

yes, drop y ≤ 3

x = y ∧ f (x) 6= f (y)

Example

φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3

I Drop f (x) 6= f (y). Is result unsat? no, keep f (x) 6= f (y)

yes, drop y ≤ 3

x = y ∧ f (x) 6= f (y)

Example

φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3

yes, drop y ≤ 3

x = y ∧ f (x) 6= f (y)

Example

φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3

I Finally, drop y ≤ 3. Is result unsat? yes, drop y ≤ 3

x = y ∧ f (x) 6= f (y)

Example

φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3

x = y ∧ f (x) 6= f (y)

Example

φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3

I What is minimal unsat core? x = y ∧ f (x) 6= f (y)

SMT Solving Using Unsat Cores

I Given formula F , construct boolean abstraction B(F )

I Use SAT solver to decide if B(F ) is unsat; if so F also unsat

I Otherwise, get satisfying assignment A to B(F )

I Query theory solver if B−1(A) is sat; if so F is sat

I Otherwise, compute minimal unsat core C of B−1(A)

I Use ¬C as theory conflict clause

I i.e., construct new boolean abstraction as B(F ∧ ¬C )

I Repeat until we decide sat or unsat

Discussion

I This strategy is much better than simplest strategy where we add B−1(A)as theory conflict clause.

I Using simple strategy, we block just one assignment

I Using minimal unsat cores, we block many assignments using one theoryconflict clause

I However, our strategy still not ideal because it waits for full assignment toboolean abstraction to generate conflict clause

Discussion

Motivation for Integration with DPLL

I Consider very large formula F containing x = y and x 6= y withcorresponding boolean variables b1 and b2

I Also, suppose B(F ) contains hundreds of boolean variables

I As soon as sat solver makes assignment b1 = >, b2 = >, we are doomedbecause this is unsatisfiable in theory

I Thus, no need to continue with SAT solving after this bad partialassignment

I Idea: Don’t use SAT solver as “blackbox”

I Instead, integrate theory solver right into the DPLL algorithm

DPLL-Based SAT Solver Architecture

Decide

BCPno conflict

conflict

AnalyzeConflict

backtrackif d > 0

I Idea: Integrate theory solver right into this SAT solving loop!

DPLL-Based SAT Solver Architecture

Decide

BCPno conflict

conflict

AnalyzeConflict

backtrackif d > 0

I Idea: Integrate theory solver right into this SAT solving loop!

DPLL(T ) Framework

Decide

no conflict, theory propagation lemma(s)

conflict

AnalyzeConflict

backtrackif d > 0

TheorySolveconflict clause

I Combination of DPLL-based SAT solver and decision procedure forconjunctive T formula called DPLL(T ) framework

DPLL(T ) Framework

Decide

conflict

AnalyzeConflict

backtrackif d > 0

I Combination of DPLL-based SAT solver and decision procedure forconjunctive T formula called DPLL(T ) framework

DPLL(T ) Framework

I Suppose SAT solver has made assignment in Decide step and performedBCP

I If no conflict detected, immediately invoke theory solver

I Specifically, suppose A is current partial assignment to boolean abstraction

I Use theory solver to decide if B−1(A) is unsat

I If B−1(A) unsat, add theory conflict clause ¬A to clause database

I Or better, add negation of unsat core of A to clause database

DPLL(T ) Framework

Decide

conflict

AnalyzeConflict

backtrackif d > 0

I Add theory conflict clause and continue doing BCP, which will detectconflict

I As before, AnalyzeConflict decides what level to backtrack to

DPLL(T ) Framework

Decide

conflict

AnalyzeConflict

backtrackif d > 0

I Add theory conflict clause and continue doing BCP, which will detectconflict

I As before, AnalyzeConflict decides what level to backtrack to

Theory Propagation

I What we described so far is sufficient to solve SMT formulas, but we canmuch better!

I Suppose original formula contains literals x = y , y = z , x 6= z withcorresponding boolean variables b1, b2, b3

I Suppose SAT solver makes partial assignment b1 : >, b2 : >

I In next Decide step, free to assign b3 : > or b3 : ⊥

I But assignment b3 : > is sub-optimal, b/c will lead to conflict in T

Theory Propagation

Theory Propagation Lemma, cont

I Idea: Theory solver can communicate which literals are implied by currentpartial assignment

I In our example, ¬x 6= z implied by current partial assignmentx = y ∧ y = z

I Thus, can safely add b1 ∧ b2 → b3 to clause database

I These kinds of clauses implied by theory are called theory propagationlemmas

DPLL(T ) Framework

Decide

conflict

AnalyzeConflict

backtrackif d > 0

I After adding theory propagation lemma, continue doing BCP

I Adding theory propagation lemmas prevents bad assignments to booleanabstraction

DPLL(T ) Framework

Decide

conflict

AnalyzeConflict

backtrackif d > 0

I After adding theory propagation lemma, continue doing BCP

I Adding theory propagation lemmas prevents bad assignments to booleanabstraction

Inferring Theory Propagation Lemmas

I How do we obtain theory propagation lemmas?

I Option #1: Treat theory solver as blackbox, query whether particularliteral a is implied by current partial assisgnment?

I Option #2: Modify theory solver so that it can figure out implied literals

I Second option is considered more efficient, but have to figure out how todo this for each different theory

Which Theory Propagation Lemmas to Add

I Which theory propagation lemmas do we add?

I Option #1: Figure out and add all literals implied by current partialassignment; called exhaustive theory propagation

I Option #2: Only figure out literals “obviously” implied by current partialassignment

I Exhaustive theory propagation can be very expensive; second optionconsidered preferable

I There isn’t much of a science behind which literals are “obviously” implied

I Solvers use different strategies to obtain simple-to-find implications

Summary

I SMT solvers decide satisfiability in boolean combinations of differenttheories

I Instead of converting to DNF, they handle boolean structure using SATsolving technqiues

I Most common approach is to construct boolean abstraction and lazily infertheory conflict clauses

I To do this, can either consider SAT solver as blackbox or can integratewith it

I Latter strategy considered superior and known as DPLL(T ) framework

Summary

ece750t-28: computer-aided reasoning for software ...vganesh/teaching/f2013/satsmt/lectures... ·...

Documents