my slides (ppt)
TRANSCRIPT
Introduction to Satisfiability Modulo Theories
(SMT)
Clark Barrett, NYUSanjit A. Seshia, UC Berkeley
ICCAD Tutorial November 2, 2009
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 2
Boolean Satisfiability (SAT)
Ç
Æ:
Ç
ÆÇ
.
.
.
p2
p1
pn
Is there an assignment to the p1, p2, …, pn variables such that evaluates to 1?
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 3
Satisfiability Modulo Theories
Ç
Æ:
Ç
ÆÇ
.
.
.
p2
p1
pn
Is there an assignment to the x,y,z,w variables s.t. evaluates to 1?
x + 2 z ¸ 1
x % 26 = v
w & 0xFFFF = x
x = y
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 4
Satisfiability Modulo Theories
• Given a formula in first-order logic, with associated background theories, is the formula satisfiable?– Yes: return a satisfying solution– No [generate a proof of unsatisfiability]
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 5
Applications of SMT• Hardware verification at higher levels of
abstraction (RTL and above)• Verification of analog/mixed-signal circuits• Verification of hybrid systems• Software model checking• Software testing• Security: Finding vulnerabilities, verifying
electronic voting machines, …• Program synthesis• …
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 6
ReferencesSatisfiability Modulo Theories Clark Barrett, Roberto Sebastiani, Sanjit A. Seshia,
and Cesare Tinelli. Chapter 8 in the Handbook of Satisfiability, Armin
Biere, Hans van Maaren, and Toby Walsh, editors, IOS Press, 2009.
(available from our webpages)
SMTLIB: A repository for SMT formulas (common format) and tools
SMTCOMP: An annual competition of SMT solvers
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 7
Roadmap for this Tutorial
• Background and Notation• Survey of Theories• Theory Solvers• Approaches to SMT Solving
– Lazy Encoding to SAT– Eager Encoding to SAT
• Conclusion
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 8
Roadmap for this Tutorial
Background and Notation• Survey of Theories• Theory Solvers• Approaches to SMT Solving
– Lazy Encoding to SAT– Eager Encoding to SAT
• Conclusion
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 9
First-Order Logic
• A formal notation for mathematics, with expressions involving – Propositional symbols– Predicates– Functions and constant symbols– Quantifiers
• In contrast, propositional (Boolean) logic only involves propositional symbols and operators
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 10
First-Order Logic: Syntax
• As with propositional logic, expressions in first-order logic are made up of sequences of symbols.
• Symbols are divided into logical symbols and non-logical symbols or parameters.
• Example: (x = y) Æ (y = z) Æ (f(z) ¸ f(x)+1)
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 11
First-Order Logic: Syntax
• Logical Symbols– Propositional connectives: Ç, Æ, :, !, $– Variables: v1, v2, . . .– Quantifiers: 8, 9
• Non-logical symbols/Parameters– Equality: =– Functions: +, -, %, bit-wise &, f(), concat, …– Predicates: ·, is_substring, …– Constant symbols: 0, 1.0, null, …
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 12
Quantifier-free Subset
• We will largely restrict ourselves to formulas without quantifiers (8, 9)
• This is called the quantifier-free subset/fragment of first-order logic with the relevant theory
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 13
Logical Theory
• Defines a set of parameters (non-logical symbols) and their meanings
• This definition is called a signature.• Example of a signature: Theory of linear arithmetic over integers Signature is (0,1,+,-,·) interpreted over Z
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 14
Roadmap for this Tutorial
Background and NotationSurvey of Theories• Theory Solvers• Two Approaches to SMT Solving
– Lazy Encoding to SAT– Eager Encoding to SAT
• Conclusion
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 15
Some Useful Theories
• Equality (with uninterpreted functions)• Linear arithmetic (over Q or Z)• Difference logic (over Q or Z) • Finite-precision bit-vectors
– integer or floating-point• Arrays / memories• Misc.: Non-linear arithmetic, strings,
inductive datatypes (e.g. lists), sets, …
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 16
Theory of Equality and Uninterpreted Functions (EUF)
• Also called the “free theory”– Because function symbols can take any
meaning– Only property required is congruence: that
these symbols map identical arguments to identical values i.e., x = y ) f(x) = f(y)
• SMTLIB name: QF_UF
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 17
x0x1x2
xn-1
Data and Function Abstraction with EUF
ALU
x
f
Bit-vectors to Abstract Domain (e.g. Z)
Functional units to Uninterpreted Functions a = x Æ b = y ) f(a,b) = f(x,y)
Common Operations
1
0
xy
p
ITE(p, x, y)
If-then-elsex
y x = y=
Test for equality
…
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 18
Hardware Abstraction with EUF
• For any Block that Transforms or Evaluates Data:– Replace with generic, unspecified function– Also view instruction memory as function
Reg.File
IF/ID
InstrMem
+4
PC ID/EX
ALU
EX/WB
=
=
RdRa
Rb
Imm
Op
Adat
Control Control
F 2
F1
F 3
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 19
Example QF_UF (EUF) Formula
(x = y) Æ (y = z) Æ (f(x) f(z))
Transitivity: (x = y) Æ (y = z) ) (x = z)
Congruence: (x = z) ) (f(x) = f(z))
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 20
Equivalence Checking of Program Fragmentsint fun1(int y) { int x, z; z = y; y = x; x = z;
return x*x;}
int fun2(int y) { return y*y;} What if we use SAT to check equivalence?
SMT formula Satisfiable iff programs non-equivalent
( z = y Æ y1 = x Æ x1 = z Æ ret1 = x1*x1) Æ( ret2 = y*y ) Æ( ret1 ret2 )
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 21
Equivalence Checking of Program Fragmentsint fun1(int y) { int x, z; z = y; y = x; x = z;
return x*x;}
int fun2(int y) { return y*y;}
SMT formula Satisfiable iff programs non-equivalent
( z = y Æ y1 = x Æ x1 = z Æ ret1 = x1*x1) Æ( ret2 = y*y ) Æ( ret1 ret2 )
Using SAT to check equivalence (w/ Minisat) 32 bits for y: Did not finish in over 5 hours 16 bits for y: 37 sec. 8 bits for y: 0.5 sec.
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 22
Equivalence Checking of Program Fragmentsint fun1(int y) { int x, z; z = y; y = x; x = z;
return x*x;}
int fun2(int y) { return y*y;}
SMT formula ’
( z = y Æ y1 = x Æ x1 = z Æ ret1 = sq(x1) ) Æ( ret2 = sq(y) ) Æ( ret1 ret2 )
Using EUF solver: 0.01 sec
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 23
Equivalence Checking of Program Fragmentsint fun1(int y) { int x; x = x ^ y; y = x ^ y; x = x ^ y;
return x*x;}
int fun2(int y) { return y*y;}
Does EUF still work?
No! Must reason about bit-wise XOR.
Need a solver for bit-vector arithmetic.
Solvable in less than a sec. with a current bit-vector solver.
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 24
Finite-Precision Bit-Vector Arithmetic (QF_BV)
– Fixed width data words• Can model int, short, long, etc.
– Arithmetic operations• E.g., add/subtract/multiply/divide & comparisons• Two’s complement and unsigned operations
– Bit-wise logical operations• E.g., and/or/xor, shift/extract and equality
– Boolean connectives
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 25
Linear Arithmetic (QF_LRA, QF_LIA)
• Boolean combination of linear constraints of the form
(a1 x1 + a2 x2 + … + an xn » b)
• xi’s could be in Q or Z , » 2 {¸,>,·,<,=}
• Many applications, including:– Verification of analog circuits– Software verification, e.g., of array bounds
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 26
Difference Logic (QF_IDL, QF_RDL)• Boolean combination of linear constraints
of the form xi - xj » cij or xi » ci
» 2 {¸,>,·,<,=}, xi’s in Q or Z• Applications:
– Software verification (most linear constraints are of this form)
– Processor datapath verification– Job shop scheduling / real-time systems– Timing verification for circuits
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 27
Arrays/Memories
• SMT solvers can also be very effective in modeling data structures in software and hardware– Arrays in programs– Memories in hardware designs: e.g.
instruction and data memories, CAMs, etc.
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 28
Theory of Arrays (QF_AX)Select and Store
• Two interpreted functions: select and store– select(A,i) Read from A at index i– store(A,i,d) Write d to A at index i
• Two main axioms:– select(store(A,i,d), i) = d– select(store(A,i,d), j) = select(A,j) for i j
• One other axiom: – (8 i. select(A,i) = select(B,i)) ) A = B
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 29
Equivalence Checking of Program Fragmentsint fun1(int y) { int x[2]; x[0] = y; y = x[1]; x[1] = x[0];
return x[1]*x[1];}
int fun2(int y) { return y*y;}
SMT formula ’’
[ x1 = store(x,0,y) Æ y1 = select(x1,1) Æ x2 = store(x1,1,select(x1,0)) Æ ret1 = sq(select(x2,1)) ] Æ( ret2 = sq(y) ) Æ( ret1 ret2 )
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 30
Roadmap for this Tutorial
Background and NotationSurvey of TheoriesTheory Solvers• Two Approaches to SMT Solving
– Lazy Encoding to SAT– Eager Encoding to SAT
• Conclusion
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 31
Over to Clark…
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 32
Roadmap for this Tutorial
Background and NotationSurvey of TheoriesTheory Solvers• Approaches to SMT Solving
– Lazy Encoding to SATEager Encoding to SAT
• Conclusion
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 33
Eager Approach to SMT
Key Ideas:• Small-domain encoding
– Constrain model search• Rewrite rules• Abstraction-based
methods (eager + lazy)
Example Solvers:UCLID, STP, Spear,
Boolector, Beaver, …
Input Formula
Boolean Formula
satisfiable unsatisfiable
Satisfiability-preserving Boolean
Encoder
SAT Solver
EAGER ENCODING
SAT Solver involved in Theory Reasoning
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 34
Theories
• Eager Encoding Methods have been demonstrated for the following Theories:– Equality & Uninterpreted Functions– Integer Linear Arithmetic– Restricted Lambda expressions
• Arrays, memories, etc.– Finite-precision Bit-Vector Arithmetic– Strings
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 35
UCLID Operation
OperationOperation– Series of Series of
transformations transformations leading to Boolean leading to Boolean formulaformula
– Each step is validity Each step is validity (satisfiability) (satisfiability) preservingpreserving
– Each step performs Each step performs optimizationsoptimizations
LambdaExpansionfor Arrays
Encoding Arithmetic
BooleanSatisfiability
InputFormula
-freeFormula
Linear/ Bitvector ArithmeticFormula
BooleanFormula
Function&
PredicateElimination
http://uclid.eecs.berkeley.edu
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 36
Rewrites: Eliminating Function Applications
– Two applications of an uninterpreted function f in a formula – f(x1) and f(x2)
Ackermann’s Ackermann’s EncodingEncoding
f(f(xx11)) vfvf11
f(f(xx22)) vfvf22
xx11== xx2 2 vfvf1 1 = = vfvf22
Bryant, German, Velev’s Bryant, German, Velev’s EncodingEncoding
f(f(xx11)) vfvf11
f(f(xx22))
ITE(ITE(xx11== xx22, vf, vf11, vf, vf22))
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 37
Small-Domain Encoding• Consider an SMT formula (x1, x2, …, xn) where
xi 2 Di • Small-domain encoding/Finite instantiation:
Derive finite set Si ½ Di s.t. |Si| ¿ |Di| – In some cases, Si is finite where Di is infinite
• Encode each xi to take values only in Si
– Could be done by encoding to SAT• Example: Integer Linear Arithmetic (QF_LIA)
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 38
Solving QF_LIA is NP-complete• In NP:
– If a satisfying solution exists, then one exists within a bound d
• log d is polynomial in input size– Expression for d [Papadimitriou, ‘82]
(n+m) ¢ (bmax+1) ¢ ( m ¢ amax ) 2m+3
– Input size:• m – # constraints • n – # variables• bmax – largest constant (absolute value)• amax– largest coefficient (absolute value)
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 39
Small-domain encoding / Finite Instantiation: Naïve approach• Steps
– Calculate the solution bound d– Encode each integer variable with d log d e
bits & translate to Boolean formula– Run SAT solver
• Problem: For QF_LIA, d is ( m m ) – ( m log m ) bits per variable
• Solution: Exploit special-cases and domain-specific structure
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 40
Special Case 1: Equality Logic• Linear constraints are equalities xi = xj • Result: d = n
xx11 xx22 ÆÆ xx22 xx33 ÆÆ xx11 xx33
3-valued domain is needed: {1, 2, 3}3-valued domain is needed: {1, 2, 3}
xx11 xx22 ÆÆ xx22 xx33 ÆÆ xx11 xx33
Can find solution with domain {1, 2}Can find solution with domain {1, 2}
[Pnueli et al., Information and Computation, 2002]
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 41
Special Case 2: Difference Logic
• Boolean combination of difference-bound constraints– xi ¸ xj + b, § xi ¸ b
• Result: d = n ¢ (bmax + 1) [Bryant, Lahiri, Seshia, CAV’02]
• Proof sketch: satisfying solution corresponds to shortest path in constraint graph– Longest such path has length · n ¢ (bmax + 1)
• Tighter formula-specific bounds possible
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 42
Special Case 3: Generalized 2SAT
• Generalized 2SAT constraints– xi + xj ¸ b, - xi - xj ¸ b, xi - xj ¸ b, xi ¸ b
• d = 2 ¢ n ¢ (bmax + 1) [Seshia, Subramani,
Bryant,’04]
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 43
Full Integer Linear Arithmetic
• Can we avoid the mm blow-up?• In fact, yes. The idea is to derive a new
parameterized solution bound d– Formalize parameters that the bound really
depends on– Parameters characterize sparse structure
• Occurs especially in software verification; also in many high-level hardware models
– [Seshia & Bryant, LICS’04, LMCS’05]
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 44
Structure of Linear Constraints in Software Verification• Characteristics of studied benchmarks
– Mostly difference constraints• Only 3% of constraints were NOT difference
constraints– Non-difference constraints are sparse
• At most 6 variables per constraint (total number of variables in 1000s)
• Some similar observations: Pratt’77, ESC/Java-Simplify-TR’03
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 45
Parameterized Solution Bound
m #constraintsn #variablesbmax max |constant|
amax max |coefficient|
New parameters: New parameters: – kk non-difference constraints, non-difference constraints, – ww variables per constraint (width) variables per constraint (width)
Our solution bound:Our solution bound: n n ¢¢ ( (bbmaxmax+1) +1) ¢¢ ( ( ww ¢¢ aamaxmax ) ) kk
Previous:Previous: ((nn++mm) ) ¢¢ ( (bbmaxmax+1) +1) ¢¢ ( ( mm ¢¢ aamaxmax ) ) 22mm+3+3
• Direct dependence on Direct dependence on mm eliminated eliminated (and (and kk ¿¿ mm ) )
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 46
Example
x1 - x2 ¸ 1
Ç
Æ
:
Ç
x1 + 2 x2 + x3 > -3x2 – x4 ¸ 0
m #constraints 3k #non-difference 1n #variables 4w width 3bmax max |constant| 3
amax max |coefficient| 2
d = d = 9696
PreviousPrevious d d = = 282,175,488282,175,488
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 47
Summary of d Values
Logic Solution Bound d
Equality logic n
Difference logic n ¢ ( bmax + 1 )
Generalized 2SAT logic
2 ¢ n ¢ ( bmax + 1 )
Full Integer Linear Arithmetic
n ¢ (bmax + 1) ¢ (amaxk ¢ w
k)
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 48
Abstraction-Based Methods
• For some logics, one cannot easily compute a closed-form expression for the small domain
• Example: Bit-Vector Arithmetic• In such cases, an abstraction-refinement
approach can be used to compute formula-specific small domains
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 49
Bit-Vector Arithmetic: Some History• B.C. (Before Chaff)
– String operations (concatenate, field extraction)– Linear arithmetic with bounds checking– Modular arithmetic
• SAT-Based “Bit Blasting” – Generate Boolean circuit based on bit-level behavior of
operations• Handles arbitrary operations
– Check with best available SAT solver– Effective in many applications
• CBMC [Clarke, Kroening, Lerda, TACAS ’04]• Microsoft Cogent + SLAM [Cook, Kroening, Sharygina, CAV ’05]
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 50
Research Challenge• Is there a better way than bit blasting?• Requirements
– Provide same functionality as with bit blasting• Must support all bit-vector operators
– Exploit word-level structure– Improve on performance of bit blasting
• Current Approaches based on two core ideas:1. Simplification: Simplify input formula using word-level
rewrite rules and solvers2. Abstraction: Can use automatic abstraction-refinement to
solve simplified formula
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 51
Bit-Vector SMT Solvers, circa Spr.’2009 Current Techniques with Sample Tools
– Proof-based abstraction-refinement – UCLID [Bryant et al., TACAS ’07]
– Solver for linear modular arithmetic to simplify the formula – STP [Ganesh & Dill, CAV’07]
– Automatic parameter tuning for SAT– Spear [Hutter et al., FMCAD ’07]
– Rewrites, underapproximation, efficient SAT engine – Boolector [Brummayer & Biere, TACAS’09]
– Equality/constant propagation, logic optimization, special rules for non-linear ops - Beaver [Jha et al., CAV’09]
– DPLL(T) framework: Layered approach, rewriting – CVC3 [Barrett et al.], MathSAT [Bruttomesso et al], Yices [Dutertre et al.], Z3 [de Moura et al]
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 52
Abstraction-Refinement• Deciding Bit-Vector Arithmetic with Abstraction
[Bryant et al., TACAS ’07, STTT ’09]– Use bit blasting as core technique– Apply to simplified versions of formula: under and over
approximations– Generate successive approximations until a solution is
found or formula shown unsatisfiable– Inspired by McMillan & Amla’s proof-based abstraction
for finite-state model checking• Small Motivating Example: (x + y y + x) Æ (x * y y * x)
– Sufficient to prove the left-hand conjunct unsat
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 53
Approximations to Formula
• Example Approximation Techniques– Underapproximating
• Restrict word-level variables to smaller ranges of values– Overapproximating
• Replace subformula with Boolean variable
Original Formula
+Overapproximation + More solutions:
If unsatisfiable, then so is
Underapproximation−
−
Fewer solutions:Satisfying solution also satisfies
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 54
Starting Iterations
• Initial Underapproximation– (Greatly) restrict ranges of word-level variables– Intuition: Satisfiable formula often has small-domain solution
1−
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 55
First Half of Iteration
• SAT Result for 1−– Satisfiable
• Then have found solution for – Unsatisfiable
• Use UNSAT proof to generate overapproximation 1+
1−If SAT, then done
1+
UNSAT proof:generate overapproximation
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 56
Second Half of Iteration
• SAT Result for 1+– Unsatisfiable: then have shown unsatisfiable– Satisfiable: solution indicates variable ranges that must
be expanded• Generate refined underapproximation
1−
If UNSAT, then done1+
SAT:Use solution to generate refined underapproximation
2−
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 57
Example
:= (x = y+2) Æ (x2 > y2)
1− := (x[1] = y[1]+2) Æ (x[1]2 > y[1]
2)
2− := (x[2] = y[2]+2) Æ (x[2]2 > y[2]
2)
1+ := (x = y+2)
SAT, done.
UNSATLook at proof
SATx = 2, y = 0
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 58
Iterative Behavior
• Underapproximations– Successively more precise
abstractions of – Allow wider variable ranges
• Overapproximations– No predictable relation– UNSAT proof not unique
1−
1+
2−
k−
2+
k+
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 59
Overall Effect• Soundness
– Only terminate with solution on underapproximation
– Only terminate as UNSAT on overapproximation
• Completeness– Successive underapproximations
approach – Finite variable ranges guarantee
termination• In worst case, get k−
SAT
UNSAT
1−
1+
2−
k−
2+
k+
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 60
Roadmap for this Tutorial
Background and NotationSurvey of TheoriesTheory SolversApproaches to SMT Solving
– Lazy Encoding to SAT– Eager Encoding to SAT
Conclusion
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 61
Summary of Ideas: Modeling
• Philosophy: Model systems in first-order logic + suitable theories
• Widely-used theories:– Equality and uninterpreted functions– Linear arithmetic– Bit-vector arithmetic– Arrays
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 62C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 62
Summary of Ideas: Lazy Methods
• Philosophy: Extend DPLL framework from SAT to SMT
• Literals assigned by SAT are sent to Theory Solver
• Theory Solver determines if literals are satisfiable in the theory
• Key optimizations: small explanations, early conflict detection, theory propagation
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 63
Summary of Ideas: Eager Methods
• Philosophy: Constrain solution space with logic-specific methods
• Small-domain encoding– Compute bounds that work for any formula in
the logic• Abstraction-refinement of domains
– Compute formula-specific small domains• Rewrite rules: high level and bit level
– Simplify formula before and after bit-blasting
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 64
Challenges and Opportunities
• Solvers for new theories– Strings– Non-linear arithmetic– Can we exploit domain-specific structure?
• Parallel SMT• Better support for quantifiers• Better proof/interpolant generation
C. Barrett & S. A. Seshia ICCAD 2009 Tutorial 65
Join the SMT Community
• We need your new, exciting applications!• Contribute to SMT-LIB• Create new solvers, compete in SMTCOMP
Slides and book chapter available on our websites:
Clark: http://cs.nyu.edu/~barrett
Sanjit: http://www.eecs.berkeley.edu/~sseshia