smt solvers for verification and synthesis
play

SMT Solvers for Verification and Synthesis Andrew Reynolds VTSA - PowerPoint PPT Presentation

Apr 25, 2023 •473 likes •720 views

SMT Solvers for Verification and Synthesis Andrew Reynolds VTSA Summer School August 1 and 3, 2017 Acknowledgements Thanks to past and present members of development team of CVC4: Cesare Tinelli, Clark Barrett, Tim King, Morgan Deters,

  1. SMT Solvers for Verification and Synthesis Andrew Reynolds VTSA Summer School August 1 and 3, 2017

  2. Acknowledgements • Thanks to past and present members of development team of CVC4: • Cesare Tinelli, Clark Barrett, Tim King, Morgan Deters, Dejan Jovanovic, Liana Hadarean, Kshitij Bansal, Tianyi Liang, Nestan Tsiskardidze, Christopher Conway, Francois Bobot, Guy Katz, Andres Noetzli, Paul Meng, Alain Mebsout, Burak Ekici • …and external collaborators: • Viktor Kuncak, Amit Goel, Sava Krstic, Leonardo de Moura, Jasmin Blanchette, Thomas Wies, Radu Iosif, Haniel Barbosa, Pascal Fontaine, Chantal Keller

  3. Satisfiability Modulo Theories (SMT) Solvers Software Interactive Symbolic Synthesis Verification Proof Execution Tools, Tools Assistants Engines Planners Verification Path Constraints Specifications Conjectures Conditions • SMT solvers are: SMT • Fully automated reasoners Solvers • Widely used in applications

  4. Satisfiability Modulo Theories (SMT) Solvers Software Interactive Symbolic Synthesis Verification Proof Execution Tools, Tools Assistants Engines Planners Verification Path Constraints Specifications Conjectures Conditions SMT Expressed in first-order logic formulas Solvers over some fixed background theory T

  5. Contract-Based Software Verification @precondition: x in >y in …does this function ensure that x out =y in  y out =x in ? void swap(int x, int y) { Software Verification Tools x := x + y; y := x – y; x := x – y; } @ensures x out =y in  y out =x in

  6. Contract-Based Software Verification @precondition: x in >y in …does this function ensure that x out =y in  y out =x in ? void swap(int x, int y) { Software Verification Tools x := x + y; y := x – y; x in >y in Pre-condition x := x – y; x 2 =x in +y in  y 2 =y in } x 3 =x 2  y 3 =x 2 -y 2 @ensures x out =y in  Function Body y out =x in x out =x 3 -y 3  y out =y 3 (Negated) (x out ≠y in  y out ≠x in ) Post-condition

  7. Contract-Based Software Verification @precondition: x in >y in void swap(int x, int y) { Software Verification Tools x := x + y; y := x – y; x in >y in Pre-condition x := x – y; x 2 =x in +y in  y 2 =y in } x 3 =x 2  y 3 =x 2 -y 2 Function Body @ensures x out =x 3 -y 3  y out =y 3 x out =y in ∧ y out =x in (Negated) (x out ≠y in  y out ≠x in ) Post-condition SMT Solver

  8. Interactive Proof Assistants Theorem app_rev: forall (x : list) (y : list), rev append x y = append (rev y) (rev x). Interactive Proof Proof. Assistant ….does this theorem hold? What is the proof?

  9. Interactive Proof Assistants Theorem app_rev: forall (x : list) (y : list), rev append x y = append (rev y) (rev x). Interactive Proof Proof. Assistant ….does this theorem hold? What is the proof? List := cons( head : Int, tail : List ) | nil Signature  x:L.length(x)=ite(is-cons(x),1+length(tail(x)),0)  xy:L.append(x)=ite(is-cons(x),cons(head(x),append(tail(x),y)),y) Axioms  x:L.rev(x)=ite(is-cons(x),append(rev(tail(x)),cons(head(x),nil),nil) (Negated)  xy:L.rev(append(x,y))  append(rev(y),rev(x)) conjecture

  10. Interactive Proof Assistants Theorem app_rev: forall (x : list) (y : list), rev append x y = append (rev y) (rev x). Interactive Proof Proof. Assistant case is-cons x: rev append x y = by rev-def … case is-nil x: append x y = y by append-def List := cons( head : Int, tail : List ) | nil Signature rev x = nil by rev-def  x:L.length(x)=ite(is-cons(x),1+length(tail(x)),0) ∴ rev append x y = append (rev y) (rev x) by simplify  xy:L.append(x)=ite(is-cons(x),cons(head(x),append(tail(x),y)),y) Axioms QED.  x:L.rev(x)=ite(is-cons(x),append(rev(tail(x)),cons(head(x),nil),nil) (Negated)  xy:L.rev(append(x,y))  append(rev(y),rev(x)) conjecture SMT Solver

  11. Symbolic execution char buff[15]; char pass; Does this assertion hold cout << "Enter the password :"; for all executions? gets(buff); if (regex_match(buff, std::regex("([A-Z]+)") )) { if (strcmp(buff, “PASSWORD")) { cout << "Wrong Password"; Symbolic Execution } else { Engine cout << "Correct Password"; pass = ’Y’; } if (pass == ’Y’) { grant_root_permission (); Assert(strcmp(buff,” PASSWORD”)==0); } }

  12. Symbolic execution char buff[15]; char pass; Does this assertion hold cout << "Enter the password :"; for all executions? gets(buff); if (regex_match(buff, std::regex("([A-Z]+)") )) { if (strcmp(buff, “PASSWORD")) { cout << "Wrong Password"; Symbolic Execution } else { Engine cout << "Correct Password"; pass = ’Y’; } … if (pass == ’Y’) { ( assert (and ( = ( str.len buff) 15)) ( = ( str.len pass1) 1))) grant_root_permission (); ( assert (or (< ( str.len input) 15) ( = input ( str.++ buff pass0 rest))) Assert(strcmp(buff,”PASSWORD”)==0); ( assert ( str.in.re buff ( re.+ ( re.range "A" "Z")))) } ( assert (and ( not ( = buff "PASSWORD")) ( = pass1 pass0))) } ( assert ( = pass1 "Y")) ( assert ( not ( = buff "PASSWORD")))

  13. Symbolic execution char buff[15]; char pass; Does this assertion hold cout << "Enter the password :"; for all executions? gets(buff); if (regex_match(buff, std::regex("([A-Z]+)") )) { if (strcmp(buff, “PASSWORD")) { cout << "Wrong Password"; Symbolic Execution } else { Engine cout << "Correct Password"; pass = ’Y’; } … if (pass == ’Y’) { ( assert (and ( = ( str.len buff) 15)) ( = ( str.len pass1) 1))) grant_root_permission (); ( assert (or (< ( str.len input) 15) ( = input ( str.++ buff pass0 rest))) Assert(strcmp(buff,”PASSWORD”)==0); ( assert ( str.in.re buff ( re.+ ( re.range "A" "Z")))) } ( assert (and ( not ( = buff "PASSWORD")) ( = pass1 pass0))) } ( assert ( = pass1 "Y")) ( assert ( not ( = buff "PASSWORD"))) (define-fun input () String “AAAAAAAAAAAAAAAY”) SMT Solver (define-fun buff () String “AAAAAAAAAAAAAAA”) (define-fun pass () String “Y”)

  14. Symbolic execution char buff[15]; char pass; cout << "Enter the password :";  “ AAAAAAAAAAAAAAAY ” gets(buff); if (regex_match(buff, std::regex("([A-Z]+)") )) { if (strcmp(buff, “PASSWORD")) { cout << "Wrong Password"; Symbolic Execution } else { Engine cout << "Correct Password"; pass = ’Y’; } … if (pass == ’Y’) { ( assert (and ( = ( str.len buff) 15)) ( = ( str.len pass1) 1))) grant_root_permission (); ( assert (or (< ( str.len input) 15) ( = input ( str.++ buff pass0 rest))) Assert(strcmp(buff,” PASSWORD”)==0); ( assert ( str.in.re buff ( re.+ ( re.range "A" "Z")))) } ( assert (and ( not ( = buff "PASSWORD")) ( = pass1 pass0))) } ( assert ( = pass1 "Y")) ( assert ( not ( = buff "PASSWORD"))) (define-fun input () String “ AAAAAAAAAAAAAAAY ”) SMT Solver (define-fun buff () String “AAAAAAAAAAAAAAA”) (define-fun pass () String “Y”)

  15. Synthesis Tools Find an x that satisfies specification void maxList(List a, List b, List& c) x  a[i]  x  b[i] { int max; Synthesis for(i=0;i<a.size();i++){ Tools max = choose(x => x ≥ a[i] ∧ x ≥ b[i]); c := c.append(max); } return c; } @ensures:  i.(c out [i]  a[i]  c out [i]  b[i]) ?

  16. Synthesis Tools Find an x that satisfies specification void maxList(List a, List b, List& c) x  a[i]  x  b[i] { int max; Synthesis for(i=0;i<a.size();i++){ Tools max = choose(x => x  a[i]  x  b[i]); c := c.append(max); Is ite(a[i]  b[i],a[i],b[i]) } a solution? return c; }  (ite(a[i]  b[i],a[i],b[i])  a[i]  @ensures:  i.(c out [i]  a[i]  c out [i]  b[i]) ? ite(a[i]  b[i],a[i],b[i])  b[i])

  17. Synthesis Tools void maxList(List a, List b, List& c) { int max; Synthesis for(i=0;i<a.size();i++){ Tools max = if(a[i] ≥ b[i]{a[i]}else{b[i]}; c := c.append(max); Is ite(a[i]  b[i],a[i],b[i]) } a solution? return c; }  (ite(a[i]  b[i],a[i],b[i])  a[i]  @ensures: ∀ i.(c out [i] ≥ a[i] ∧ c out [i] ≥ b[i]) ite(a[i]  b[i],a[i],b[i])  b[i]) SMT Solver

  18. Constraints Supported by SMT Solvers • SMT solvers support: • Arbitrary Boolean combinations of theory constraints • Examples of supported theories : • Uninterpreted functions: f(a)=g(b,c) • Linear real/integer arithmetic: a  b+2*c+3 • Arrays: select(A,i)=select(store(A,i+1,3),i) • Bit-vectors: bvule(x,#xFF) • Algebraic Datatypes: x,y:List; tail(x)=cons(0,y) • Unbounded Strings: x,y:String; y=substr(x,0,len(x)-1) • … •  over each of these

  19. Constraints Supported by SMT Solvers • SMT solvers support: • Arbitrary Boolean combinations of theory constraints • Examples of supported theories  decision procedures • Uninterpreted functions:  Congruence Closure [ Nieuwenhuis/Oliveras 2005] • Linear real/integer arithmetic:  Simplex [ deMoura/Dutertre 2006] • Arrays:  [ deMoura/Bjorner 2009] • Bit-vectors:  Bitblasting, lazy approaches [Bruttomesso et al 2007,Hadarean et al 2014] • Algebraic Datatypes:  [ Barrett et al 2007,Reynolds/Blanchette 2015] • Unbounded Strings:  [ Zheng et al 2013,Liang et al 2014, Abdulla et al 2014] • … •  over each of these

Recommend

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning Sanjit A. Seshia EECS Department UC Berkeley Joint work with Susmit Jha (UTC) Dagstuhl Seminar Verified SW Working Group August 2014 July

661 views • 28 slides
+ proof obligations Automatic Verification of TLA with SMT solvers Stephan Merz and Hern an

+ proof obligations Automatic Verification of TLA with SMT solvers Stephan Merz and Hern an

+ proof obligations Automatic Verification of TLA with SMT solvers Stephan Merz and Hern an Vanzetto LPAR-18, M erida, Venezuela March 12th, 2012 1 + language The TLA Specification and verification language for (concurrent and

735 views • 27 slides
Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli

Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli

Lecture 1: Overview of System Synthesis A. Pnueli Lectures Outline Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli Fair Discrete Systems and their Computations. Model Checking Invariance and

309 views • 19 slides
Towards synthesis of distributed algorithms with SMT solvers C. Delporte-Gallet, H. Fauconnier,

Towards synthesis of distributed algorithms with SMT solvers C. Delporte-Gallet, H. Fauconnier,

Towards synthesis of distributed algorithms with SMT solvers C. Delporte-Gallet, H. Fauconnier, Y. Jurski, F . Laroussinie and Arnaud Sangnier IRIF - Univ Paris Diderot ANR DESCARTES 9th October 2019 1 Conception of distributed algorithms

391 views • 25 slides
Understanding Modern SAT Solvers VTSA12 Summer School 2012 Verification Technology, Systems

Understanding Modern SAT Solvers VTSA12 Summer School 2012 Verification Technology, Systems

Understanding Modern SAT Solvers VTSA12 Summer School 2012 Verification Technology, Systems &amp; Applications September 2012 Max Planck Institut Informatik Saarbr ucken, Germany Armin Biere Institute for Formal Models and Verification

1.59k views • 131 slides
Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of Recurrence Sets via Constraint Solving Andreas Podelski January 17, 2012 1 Program Verification and Constraints Reasoning about program

422 views • 28 slides
Verification and Synthesis of Security Chains Stephan Merz joint work with N. Schnepf, R.

Verification and Synthesis of Security Chains Stephan Merz joint work with N. Schnepf, R.

Verification and Synthesis of Security Chains Stephan Merz joint work with N. Schnepf, R. Badonnel, A. Lahmadi Inria &amp; LORIA, Nancy, France IFIP Working Group 2.2 Vienna, September 2019 Stephan Merz Verification and Synthesis of Security

863 views • 22 slides
From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91

From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91

From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91 Reference From Program Verification to Program Synthesis. @ POPL10; January 17-23, 2010 Saurabh Srivastava , University of Maryland, College Park

1.21k views • 91 slides
Programming with Constraint Solvers CS294: Program Synthesis for Everyone Ras Bodik Division of

Programming with Constraint Solvers CS294: Program Synthesis for Everyone Ras Bodik Division of

Programming with Constraint Solvers CS294: Program Synthesis for Everyone Ras Bodik Division of Computer Science University of California, Berkeley Emina Torlak Today Today: we describe four programming problems that a satisfiability

738 views • 61 slides
SAT Solvers: Theory and Practice Clark Barrett barrett@cs.nyu.edu New York University Summer

SAT Solvers: Theory and Practice Clark Barrett barrett@cs.nyu.edu New York University Summer

SAT Solvers: Theory and Practice Clark Barrett barrett@cs.nyu.edu New York University Summer School on Verification Technology, Systems &amp; Applications, September 17, 2008 p. 1/98 Formal Verification [Formal] software verification

2.41k views • 193 slides
Verilog Synthesis and Formal Verification with Yosys Clifford Wolf Easterhegg 2016 Overview A)

Verilog Synthesis and Formal Verification with Yosys Clifford Wolf Easterhegg 2016 Overview A)

Verilog Synthesis and Formal Verification with Yosys Clifford Wolf Easterhegg 2016 Overview A) Quick introduction to HDLs, digital design flows, ... B) Verilog HDL Synthesis with Yosys 1. OSS iCE40 FPGA Synthesis flow 2. Xilinx

671 views • 55 slides
Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open

Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open

Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open Synthesis Suite) is an open source project aiming at creating a fully-featured HDL synthesis tool, and more. Lately a lot of features related to

302 views • 28 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

707 views • 56 slides
Challenges for Fast Synthesis Procedures in SMT Andrew Reynolds ARCADE Workshop August 6, 2017

Challenges for Fast Synthesis Procedures in SMT Andrew Reynolds ARCADE Workshop August 6, 2017

Challenges for Fast Synthesis Procedures in SMT Andrew Reynolds ARCADE Workshop August 6, 2017 Synthesis SMT solvers act as subroutines for automated synthesis For program snippets, planning, digital circuits, programming by examples,

657 views • 46 slides
Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir

Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir

Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir aebnenas@mtu.edu Department of Computer Science College of Computing Michigan Technological University Houghton MI 49931 http://asd.cs.mtu.edu/

584 views • 56 slides
Validation and Verification Case Study of Various Vlasov Solvers David Bilyeu Air Force Research

Validation and Verification Case Study of Various Vlasov Solvers David Bilyeu Air Force Research

AFTC PA Release# 15007, 1 6 Jan 2015 Validation and Verification Case Study of Various Vlasov Solvers David Bilyeu Air Force Research Lab, In-space Propulsion, NRC Post-doc (formerly) January 20, 2015 Distribution A: For Public Release;

729 views • 44 slides
Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW

Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW

Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW MSR Intentionet UW One of the first paper was Understanding BGP misconfiguration (2002) Ryan Beckett Princeton MSR

835 views • 23 slides
Syntax-Guided Synthesis Rajeev Alur University of Pennsylvania 1 Program Verification Program

Syntax-Guided Synthesis Rajeev Alur University of Pennsylvania 1 Program Verification Program

Syntax-Guided Synthesis Rajeev Alur University of Pennsylvania 1 Program Verification Program P Specification S Verifier Proof of correctness or Witness of a bug 2 Classical Program Synthesis Specification S High Level WHAT

1.28k views • 59 slides
KAIROS: Incremental Verification in High-Level Synthesis through Latency-Insensitive Design Luca

KAIROS: Incremental Verification in High-Level Synthesis through Latency-Insensitive Design Luca

ACM FMCAD, San Jose, USA KAIROS: Incremental Verification in High-Level Synthesis through Latency-Insensitive Design Luca Piccolboni, Giuseppe Di Guglielmo, and Luca P. Carloni Columbia University, NY, USA High-Level Synthesis (HLS)

838 views • 52 slides
Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using

Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using

Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using SMT-LIB 2.5 Clifford Wolf 1 Abstract Bounded model checking and other SAT-based formal methods are an important part of todays digital design

773 views • 52 slides
Leonardo de Moura and Nikolaj Bjrner Microsoft Research Verification/Analysis tools need some

Leonardo de Moura and Nikolaj Bjrner Microsoft Research Verification/Analysis tools need some

Leonardo de Moura and Nikolaj Bjrner Microsoft Research Verification/Analysis tools need some form of Symbolic Reasoning Verification/Analysis tools need some form of Symbolic Reasoning Many Flavors: SAT Solvers SMT Solvers First-order

1.19k views • 55 slides
Synthesis of Domain Specific Encoders for Bit- Vector Solvers Jeevana Priya Inala with Rohit

Synthesis of Domain Specific Encoders for Bit- Vector Solvers Jeevana Priya Inala with Rohit

Synthesis of Domain Specific Encoders for Bit- Vector Solvers Jeevana Priya Inala with Rohit Singh, Armando Solar-Lezama Appears in SAT16 High-level constraint to CNF clauses SMT solver SAT solver High-level constraint CNF clauses msb

571 views • 41 slides
Verification Verification, Performance Performance Analysis Performance Performance Analysis

Verification Verification, Performance Performance Analysis Performance Performance Analysis

Verification Verification, Performance Performance Analysis Performance Performance Analysis Analysis and Analysis and Synthesis Synthesis of Embedd f E E b dd d S b dded Sys ystems t ems Kim G. Larsen Kim G. Larsen Aalborg

1.44k views • 116 slides
On Maximal Permissiveness in Partially-Observed Discrete Event Systems: Verification and Synthesis

On Maximal Permissiveness in Partially-Observed Discrete Event Systems: Verification and Synthesis

On Maximal Permissiveness in Partially-Observed Discrete Event Systems: Verification and Synthesis Xiang Yin and Stphane Lafortune EECS Department, University of Michigan 13th WODES, May 30-June 1, 2016 , Xian, China 0/14 X.Yin &amp;

760 views • 55 slides

More recommend