Satisfiability Modulo Theories Sinan Hanay 1 Boolean Satisfiability
Satisfiability Modulo Theories Sinan Hanay 1
Boolean Satisfiability (SAT) Is there an assignment to the p 1, p 2, …, pn variables such that evaluates to 1? Slide taken from [Barret 09] 2
Satisfiability Modulo Theories (SMT) Is there an assignment to the x, y, z, w variables s. t. evaluates to 1? Slide taken from [Barret 09] 3
SAT vs SMT n n n SMT extends SAT solving by adding extensions An SMT solver can solve a SAT problem, but not vice-versa. SMT Applications q Analog Circuit Verification q RTL Verification q Software Model Checking 4
Overview n n n Introduction SMT Theories Example: Difference Logic Combining Theories SMT Solvers and SMT Libraries. Conclusion 5
SMT Theories n n Real or Integer Arithmetic Equality and Uninterpreted Functions q Example: If x 1 = x 2, then f(x 1) = f(x 2) else f(x 1) ≠ f(x 2) Bitvectors and Arrays Properties: q Decidable: An effective procedure exists to check if a formula is a member of a theory T. q Often Quantifier-free: Free from quantifiers such as (∃, ∀ ) 6
SMT Theories n n Core Theory q Type: Boolean q Constants: {TRUE, FALSE} q Functions: {AND, OR, XOR} q Functions: Implication (=>) Integer Theory (Ints) q Type: Int q All numerals are Int constants q Functions: { + , - , x, mod, div, abs} 7
SMT Theories n n Reals Theory q Type: Real q Functions: { +, -, x, / } q Functions: { <, > } Arrays with Extentionality Theory (Arrays. Ex) q Type: type of index and type of values q Functions: {select, store} 8
Overview n n n Introduction SMT Theories Case Study: Difference Logic Theory SMT Solvers SMT-LIB Conclusion 9
SMT Example I– Difference Logic n n Can solve problems such as: q Is there a solution {x, y} satisfying x-y < 20 and x -y > 4 x, y can be integers or reals q If x, y are integers (QF_IDL: Integer Difference Logic) q If x, y are reals (QF_RDL : Real Difference Logic) q QF: Quantifier-free 10
![SMT Theories– Difference Logic n In difference logic [NO 05], we are interested in](http://slidetodoc.com/presentation_image_h/86e66d1ff198096e8ebe330b0522d4f8/image-11.jpg "SMT Theories– Difference Logic n In difference logic [NO 05], we are interested in")
SMT Theories– Difference Logic n In difference logic [NO 05], we are interested in the satisfiability of a conjunction of arithmetic atoms. n Each atom is of the form x − y OP c, where x and y are variables, c is a numeric constant, and OP ∈ {=, <, ≤, >, ≥}. Examples: x-y > 10, y-x < 12 n The variables can range over either the integers (QF_IDL) or the reals (QF_RDL). Slide taken from [Barret 09] 11
Difference Logic n n The first step is to rewrite everything in terms of ≤: x − y = c ⇒ x − y ≤ c ∧ x − y ≥ c ⇒ y − x ≤ −c x − y > c ⇒ y − x < −c q x − y < c ⇒ x − y ≤ c − 1 (integers) q x − y < c ⇒ x − y ≤ c − δ (reals) Slide adopted from [Barret 09] 12
Difference Logic n n n Now we have a conjunction of literals, all of the form x − y ≤ c. From these literals, we form a weighted directed graph with a vertex for each variable. c For each literal x − y ≤ c, create an edge x y The set of literals is satisfiable iff there is no cycle for which the sum of the weights on the edges is negative. There a number of efficient algorithms for detecting negative cycles in graphs [CG 96]. Slide adopted from [Barret 09] 13
Difference Logic x−y = 5 ∧ z −y ≥ 2 ∧ z −x > 2 ∧ w −x = 2 ∧ z −w < 0 1. 2. 3. 4. 5. x− y = 5 z − y ≥ 2 z − x > 2 w − x = 2 z − w < 0 1. Transform to a-b ≤ c 2. 3. 4. 5. Slide adopted from [Barret 09] x − y ≤ 5 ∧ y − x ≤ − 5 y − z ≤ − 2 x − z ≤ − 3 w − x ≤ 2 ∧ x − w ≤ − 2 z − w ≤ − 1 14
Difference Logic Is there a negative cycle? Satisfiable if there is not any. Slide taken from [Barret 09] 15
Combining Theories n QF_UFLIA 1 ≤ x ∧ x ≤ 2 ∧ f(x) ≠ f(1) ∧ f(x) ≠ f(2) Linear Integer Arithmetic (LIA) Uninterpreted Functions(UF) n How to Combine Theory Solvers? 16
Combining Theory Solvers n Theory solvers become much more useful if they can be used together. mux_sel = 0 → mux_out = select(regfile, addr) mux_sel = 1 → mux_out = ALU(alu 0, alu 1) For such formulas, we are interested in satisfiability with respect to a combination of theories. n Fortunately, there exist methods for combining theory solvers. n The standard technique for this is the Nelson-Oppen method [NO 79, TH 96]. n Slide taken from [Barret 09] 17
The Nelson-Oppen Method n n 1. 2. 3. Suppose that T 1 and T 2 are theories and that Sat 1 is a theory solver for T 1 -satisfiability and Sat 2 for T 2 -satisfiability. We wish to determine if φ is T 1∪T 2 -satisfiable. Convert φ to its separate form φ1 ∧ φ2. Let S be the set of variables shared between φ1 and φ2. For each arrangement D of S: 1. Run Sat 1 on φ1 ∪ D. 2. Run Sat 2 on φ2 ∪ D. Slide taken from [Barret 09] 18
Combining Theories QF_UFLIA φ =1 ≤ x ∧ x ≤ 2 ∧ f(x) ≠ f(1) ∧ f(x) ≠ f(2) n We first convert φ to a separate form: n φUF = f(x) ≠ f(y) ∧ f(x) ≠ f(z) n φLIA = 1 ≤ x ∧ x ≤ 2 ∧ y = 1 ∧ z = 2 n Slide taken from [Barret 09] 19
Combining Theories n n n φUF = f(x) ≠ f(y) ∧ f(x) ≠ f(z) φLIA = 1 ≤ x ∧ x ≤ 2 ∧ y = 1 ∧ z = 2 {x, y, z} can have 5 possible arrangements based on equivalence classes of x, y, and z 1. 2. 3. Assume All Variables Equal: 1. {x = y, x = z, y = z} inconsistent with φUF Assume Two Variables Equal, One Different 1. {x = y, x ≠ z, y ≠ z} inconsistent with φUF 2. {x ≠ y, x = z, y ≠ z} inconsistent with φUF 3. {x ≠ y, x ≠ z, y = z} inconsistent with φLIA Assume All Variables Different: 1. {x ≠ y, x ≠ z, y ≠ z} inconsistent with φLIA Slide adopted from [Barret 09] Φ IS UNSAT 20
Overview n n n Introduction SMT Theories Case Study: Difference Logic Theory SMT Solvers and Libraries Summary 21
SMT-LIB n n SMT Library Provides standard rigorous descriptions of background theories Common input and output languages for SMT solvers Provides a library of benchmarks Ref: The SMT-LIB Standard 22
SMT Solvers n Proprietary q n Open Source q n Z 3, Yices, Barcelogic, Math. SAT Open-SMT, CVC 3, Boolector Some SMT-LIB Compatibility Solvers (Even partially) q CVC 3, Open-SMT, Math. SAT 5, Sonolar 23
SMT-LIB Example n Check if (p AND p’) is satisfiable? UNINTERPRETED FUNCTIONS UNSATISFIABLE Ref: SMT-LIB Tutorial by David R. Cok and Gramma. Tech Inc. 24
SMT-LIB Example Is there a solution to x+2 y = 20 and x-y = 2 LINEAR INTEGER ARITHMETIC SATISFIABLE x=8, y= 6 25
SUMMARY n n SMT problems include a wider range of problems than SAT. SMT-LIB initiative to bring standards to solvers. SMT Applications Include: q Analog, Mixed-Signal Circuit Checker [Walter 07] q Software Testing q RTL Verification Nelson-Oppen Method for Combining Theory Solvers 26
Trivia n n SMT Competition (SMT-COMP) q SMT Solvers Competition q Since 2005 q 2010 Winners: CVC 3, Open. SMT, Math. SAT 5, test_pmathsat, Mini. Smt, simplifying. STP. First International SAT/SMT Solver Summer School 2011 q June 12 - 17 at MIT. q Free for students. 27
![References n n n [Barret 09] Clark Barrett, Sanjit A. Seshia, ICCAD Tutorial 2009](http://slidetodoc.com/presentation_image_h/86e66d1ff198096e8ebe330b0522d4f8/image-28.jpg "References n n n [Barret 09] Clark Barrett, Sanjit A. Seshia, ICCAD Tutorial 2009")
References n n n [Barret 09] Clark Barrett, Sanjit A. Seshia, ICCAD Tutorial 2009 [NO 79] Greg Nelson and Derek C. Oppen. Simplification by cooperating decision procedures. ACM Trans. on Programming Languages and Systems, 1(2): 245– 257, October 1979 [Walter 07] David Walter, Scott Little, Chris Meyers, “Bounded model checking of analog and mixedsignal circuits using an SMT solver”, Proceeding ATVA'07. 28
Questions n Thank you. 29
Equivalence Checking of Programs int fun 1(int y) { int x, z; z = y; y = x; x = z; return x*x; } int fun 2(int y) { return y*y; } SMT formula Using SAT to check equivalence (w/ Satisfiable iff programs non-equivalent Minisat) 32 bits for y: Did not finish in over 5 hours ( z = y ∧ y 1 = x ∧ x 1 = z ∧ ret 1 = x 1*x 1) 16 bits for y: 37 sec. ∧ 8 bits for y: 0. 5 sec. ( ret 2 = y*y ) SMT: Using EUF solver: 0. 01 sec ∧ ( ret 1 ret 2 ) What if we use SAT to check equivalence? Slide adopted from [Barret 09] 30
- Slides: 30
