Satisfiability Modulo Theories

1
Satisfiability Modulo Theories

• Sinan Hanay

2
Boolean Satisfiability (SAT)
Is there an assignment to the p1, p2, , pn
variables such that ? evaluates to 1?
Slide taken from Barret09
3
Satisfiability Modulo Theories (SMT)
Is there an assignment to the x,y,z,w variables
s.t. ? evaluates to 1?
Slide taken from Barret09
4
SAT vs SMT

• SMT extends SAT solving by adding extensions
• An SMT solver can solve a SAT problem, but not
  vice-versa.
• SMT Applications
• Analog Circuit Verification
• RTL Verification
• Software Model Checking

5
Overview

• Introduction
• SMT Theories
• Example Difference Logic
• Combining Theories
• SMT Solvers and SMT Libraries.
• Conclusion

6
SMT Theories

• Real or Integer Arithmetic
• Equality and Uninterpreted Functions
• Example If x1 x2, then f(x1) f(x2)
• else f(x1) ? f(x2)
• Bitvectors and Arrays
• Properties
• Decidable An effective procedure exists to check
  if a formula is a member of a theory T.
• Often Quantifier-free Free from quantifiers such
  as (?, ? )

7
SMT Theories

• Core Theory
• Type Boolean
• Constants TRUE, FALSE
• Functions AND, OR, XOR
• Functions Implication (gt)
• Integer Theory (Ints)
• Type Int
• All numerals are Int constants
• Functions , - , x, mod, div, abs

8
SMT Theories

• Reals Theory
• Type Real
• Functions , -, x, /
• Functions lt, gt
• Arrays with Extentionality Theory (ArraysEx)
• Type type of index and type of values
• Functions select, store

9
Overview

• Introduction
• SMT Theories
• Case Study Difference Logic Theory
• SMT Solvers
• SMT-LIB
• Conclusion

10
SMT Example I Difference Logic

• Can solve problems such as
• Is there a solution x,y satisfying
• x-y lt 20 and x -y gt 4
• x,y can be integers or reals
• If x,y are integers (QF_IDL Integer Difference
  Logic)
• If x,y are reals (QF_RDL Real Difference Logic)
• QF Quantifier-free

11
SMT Theories Difference Logic

• In difference logic NO05, we are interested in
  the satisfiability of a conjunction of arithmetic
  atoms.
• Each atom is of the form x - y OP c, where x and
  y are variables, c is a numeric constant, and OP
  ? ,lt,,gt,.
• Examples x-y gt 10, y-x lt 12
• The variables can range over either the integers
  (QF_IDL) or the reals (QF_RDL).

Slide taken from Barret09
12
Difference Logic

• The first step is to rewrite everything in terms
  of
• x - y c ? x - y c ? x - y c
• x - y c ? y - x -c
• x - y gt c ? y - x lt -c
• x - y lt c ? x - y c - 1 (integers)
• x - y lt c ? x - y c - d (reals)

Slide adopted from Barret09
13
Difference Logic

• Now we have a conjunction of literals, all of the
  form x - y c.
• From these literals, we form a weighted directed
  graph with a vertex for each variable.
• For each literal x - y c, create an edge
• The set of literals is satisfiable iff there is
  no cycle for which the sum of the weights on the
  edges is negative.
• There are a number of efficient algorithms for
  detecting negative cycles in graphs CG96.

Slide adopted from Barret09
14
Difference Logic

• x-y 5 ? z -y 2 ? z -x gt 2 ? w -x 2 ? z -w lt
  0

1. x- y 5
2. z - y 2
3. z - x gt 2
4. w - x 2
5. z - w lt 0

1. x - y 5 ? y - x -5
2. y - z -2
3. x - z -3
4. w - x 2 ? x - w -2
5. z - w -1

Slide adopted from Barret09
15
Difference Logic
Is there a negative cycle? Satisfiable if there
is not any.
Slide taken from Barret09
16
Combining Theories

• QF_UFLIA
• How to Combine Theory Solvers?

1 x ? x 2 ? f(x) ? f(1) ? f(x) ? f(2)
Linear Integer Arithmetic (LIA)
Uninterpreted Functions(UF)
17
Combining Theory Solvers

• Theory solvers become much more useful if they
  can be used together.
• mux_sel 0 ? mux_out select(regfile, addr)
• mux_sel 1 ? mux_out ALU(alu0, alu1)
• For such formulas, we are interested in
  satisfiability with respect to a combination of
  theories.
• Fortunately, there exist methods for combining
  theory solvers.
• The standard technique for this is the
  Nelson-Oppen
• method NO79, TH96.

Slide taken from Barret09
18
The Nelson-Oppen Method

• Suppose that T1 and T2 are theories and that Sat
  1 is a theory solver for T1-satisfiability and
  Sat 2 for T2-satisfiability.
• We wish to determine if f is T1?T2-satisfiable.
• Convert f to its separate form f1 ? f2.
• Let S be the set of variables shared between f1
  and f2.
• For each arrangement D of S
• Run Sat 1 on f1 ? D .
• Run Sat 2 on f2 ? D.

Slide taken from Barret09
19
Combining Theories

• QF_UFLIA
• f 1 x ? x 2 ? f(x) ? f(1) ? f(x) ? f(2)
• We first convert f to a separate form
• fUF f(x) ? f(y) ? f(x) ? f(z)
• fLIA 1 x ? x 2 ? y 1 ? z 2

Slide taken from Barret09
20
Combining Theories

• fUF f(x) ? f(y) ? f(x) ? f(z)
• fLIA 1 x ? x 2 ? y 1 ? z 2
• x, y, z can have 5 possible arrangements based
  on equivalence classes of x, y, and z
• Assume All Variables Equal
• x y, x z, y z inconsistent with fUF
• Assume Two Variables Equal, One Different
• x y, x ? z, y ? z inconsistent with fUF
• x ? y, x z, y ? z inconsistent with fUF
• x ? y, x ? z, y z inconsistent with fLIA
• Assume All Variables Different
• x ? y, x ? z, y ? z inconsistent with fLIA

Slide adopted from Barret09
21
Overview

• Introduction
• SMT Theories
• Case Study Difference Logic Theory
• SMT Solvers and Libraries
• Summary

22
SMT-LIB

• SMT Library
• Provides standard rigorous descriptions of
  background theories
• Common input and output languages for SMT solvers
• Provides a library of benchmarks

Ref The SMT-LIB Standard
23
SMT Solvers

• Proprietary
• Z3, Yices, Barcelogic, MathSAT
• Open Source
• Open-SMT, CVC3, Boolector
• Some SMT-LIB Compatibility Solvers (Even
  partially)
• CVC3, Open-SMT, MathSAT5, Sonolar

24
SMT-LIB Example

• Check if (p AND p) is satisfiable?

Ref SMT-LIB Tutorial by David R. Cok and
GrammaTech Inc.
25
SMT-LIB Example
Is there a solution to x2y 20 and x-y 2
LINEAR INTEGER ARITHMETIC
SATISFIABLE
26
SUMMARY

• SMT problems include a wider range of problems
  than SAT.
• SMT-LIB initiative to bring standards to solvers.
• SMT Applications Include
• Analog, Mixed-Signal Circuit Checker Walter07
• Software Testing
• RTL Verification
• Nelson-Oppen Method for Combining Theory Solvers

27
Trivia

• SMT Competition (SMT-COMP)
• SMT Solvers Competition
• Since 2005
• 2010 Winners CVC3, OpenSMT, MathSAT 5,
  test_pmathsat, MiniSmt, simplifyingSTP.
• First International SAT/SMT Solver Summer School
  2011
• June 12- 17 at MIT.
• Free for students.

28
References

• Barret09 Clark Barrett, Sanjit A. Seshia, ICCAD
  Tutorial 2009
• NO79 Greg Nelson and Derek C. Oppen.
  Simplification by cooperating decision
  procedures. ACM Trans. on Programming Languages
  and Systems, 1(2)245257, October 1979
• Walter07 David Walter, Scott Little, Chris
  Meyers, Bounded model checking of analog and
  mixed-signal circuits using an SMT solver,
  Proceeding ATVA'07.

29
Questions

• Thank you.

30
Equivalence Checking of Programs
int fun1(int y) int x, z z y y
x x z return xx
SMT formula ? Satisfiable iff programs
non-equivalent ( z y ? y1 x ? x1 z ? ret1
x1x1) ? ( ret2 yy ) ? ( ret1 ? ret2
)
Using SAT to check equivalence (w/ Minisat) 32
bits for y Did not finish in over 5 hours 16
bits for y 37 sec. 8 bits for y 0.5 sec. SMT
Using EUF solver 0.01 sec
What if we use SAT to check equivalence?
int fun2(int y) return yy
Slide adopted from Barret09