Page 1
ECE750T-28:Computer-aided Reasoning for Software Engineering
Lecture 17: SMT Solvers andthe DPPL(T ) Framework
Vijay Ganesh(Original notes from Isil Dillig)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 1/34
Page 2
SMT Solvers
I An SMT (satisfiability modulo theory) solver is a tool that decidessatisfiability of formulas in combination of various first-order theories
I SMT solvers are generalizations of SAT solvers
I Can think of SMT formula as SAT formula where propositional variablesare replaced with formulas in first-order theories
I Common first-order theories SMT solvers reason about:
I Theory of equality
I Theory of rationals
I Theory of integers
I Theory of bitvectors
I Theory of arrays
I Difference logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 2/34
Page 3
SMT Solvers
I An SMT (satisfiability modulo theory) solver is a tool that decidessatisfiability of formulas in combination of various first-order theories
I SMT solvers are generalizations of SAT solvers
I Can think of SMT formula as SAT formula where propositional variablesare replaced with formulas in first-order theories
I Common first-order theories SMT solvers reason about:
I Theory of equality
I Theory of rationals
I Theory of integers
I Theory of bitvectors
I Theory of arrays
I Difference logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 2/34
Page 4
SMT Solvers
I An SMT (satisfiability modulo theory) solver is a tool that decidessatisfiability of formulas in combination of various first-order theories
I SMT solvers are generalizations of SAT solvers
I Can think of SMT formula as SAT formula where propositional variablesare replaced with formulas in first-order theories
I Common first-order theories SMT solvers reason about:
I Theory of equality
I Theory of rationals
I Theory of integers
I Theory of bitvectors
I Theory of arrays
I Difference logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 2/34
Page 5
SMT Solvers
I An SMT (satisfiability modulo theory) solver is a tool that decidessatisfiability of formulas in combination of various first-order theories
I SMT solvers are generalizations of SAT solvers
I Can think of SMT formula as SAT formula where propositional variablesare replaced with formulas in first-order theories
I Common first-order theories SMT solvers reason about:
I Theory of equality
I Theory of rationals
I Theory of integers
I Theory of bitvectors
I Theory of arrays
I Difference logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 2/34
Page 6
SMT Solvers
I An SMT (satisfiability modulo theory) solver is a tool that decidessatisfiability of formulas in combination of various first-order theories
I SMT solvers are generalizations of SAT solvers
I Can think of SMT formula as SAT formula where propositional variablesare replaced with formulas in first-order theories
I Common first-order theories SMT solvers reason about:
I Theory of equality
I Theory of rationals
I Theory of integers
I Theory of bitvectors
I Theory of arrays
I Difference logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 2/34
Page 7
SMT Solvers
I An SMT (satisfiability modulo theory) solver is a tool that decidessatisfiability of formulas in combination of various first-order theories
I SMT solvers are generalizations of SAT solvers
I Can think of SMT formula as SAT formula where propositional variablesare replaced with formulas in first-order theories
I Common first-order theories SMT solvers reason about:
I Theory of equality
I Theory of rationals
I Theory of integers
I Theory of bitvectors
I Theory of arrays
I Difference logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 2/34
Page 8
SMT Solvers
I An SMT (satisfiability modulo theory) solver is a tool that decidessatisfiability of formulas in combination of various first-order theories
I SMT solvers are generalizations of SAT solvers
I Can think of SMT formula as SAT formula where propositional variablesare replaced with formulas in first-order theories
I Common first-order theories SMT solvers reason about:
I Theory of equality
I Theory of rationals
I Theory of integers
I Theory of bitvectors
I Theory of arrays
I Difference logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 2/34
Page 9
SMT Solvers
I An SMT (satisfiability modulo theory) solver is a tool that decidessatisfiability of formulas in combination of various first-order theories
I SMT solvers are generalizations of SAT solvers
I Can think of SMT formula as SAT formula where propositional variablesare replaced with formulas in first-order theories
I Common first-order theories SMT solvers reason about:
I Theory of equality
I Theory of rationals
I Theory of integers
I Theory of bitvectors
I Theory of arrays
I Difference logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 2/34
Page 10
SMT Solvers
I An SMT (satisfiability modulo theory) solver is a tool that decidessatisfiability of formulas in combination of various first-order theories
I SMT solvers are generalizations of SAT solvers
I Can think of SMT formula as SAT formula where propositional variablesare replaced with formulas in first-order theories
I Common first-order theories SMT solvers reason about:
I Theory of equality
I Theory of rationals
I Theory of integers
I Theory of bitvectors
I Theory of arrays
I Difference logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 2/34
Page 11
SMT Solvers
I An SMT (satisfiability modulo theory) solver is a tool that decidessatisfiability of formulas in combination of various first-order theories
I SMT solvers are generalizations of SAT solvers
I Can think of SMT formula as SAT formula where propositional variablesare replaced with formulas in first-order theories
I Common first-order theories SMT solvers reason about:
I Theory of equality
I Theory of rationals
I Theory of integers
I Theory of bitvectors
I Theory of arrays
I Difference logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 2/34
Page 12
Applications of SMT Solvers
I SMT solvers have gained enormous popularity over the last several years
I SMT solving is active research topic today
I Many applications: software verification, programming languages, test casegeneration, planning and scheduling, . . .
I Slogan: “Whatever SAT solvers can do, SMT solvers can do better!”
I This is the case because SMT solvers generalize SAT solvers; they canhandle much richer theories than propositional logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 3/34
Page 13
Applications of SMT Solvers
I SMT solvers have gained enormous popularity over the last several years
I SMT solving is active research topic today
I Many applications: software verification, programming languages, test casegeneration, planning and scheduling, . . .
I Slogan: “Whatever SAT solvers can do, SMT solvers can do better!”
I This is the case because SMT solvers generalize SAT solvers; they canhandle much richer theories than propositional logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 3/34
Page 14
Applications of SMT Solvers
I SMT solvers have gained enormous popularity over the last several years
I SMT solving is active research topic today
I Many applications: software verification, programming languages, test casegeneration, planning and scheduling, . . .
I Slogan: “Whatever SAT solvers can do, SMT solvers can do better!”
I This is the case because SMT solvers generalize SAT solvers; they canhandle much richer theories than propositional logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 3/34
Page 15
Applications of SMT Solvers
I SMT solvers have gained enormous popularity over the last several years
I SMT solving is active research topic today
I Many applications: software verification, programming languages, test casegeneration, planning and scheduling, . . .
I Slogan: “Whatever SAT solvers can do, SMT solvers can do better!”
I This is the case because SMT solvers generalize SAT solvers; they canhandle much richer theories than propositional logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 3/34
Page 16
Applications of SMT Solvers
I SMT solvers have gained enormous popularity over the last several years
I SMT solving is active research topic today
I Many applications: software verification, programming languages, test casegeneration, planning and scheduling, . . .
I Slogan: “Whatever SAT solvers can do, SMT solvers can do better!”
I This is the case because SMT solvers generalize SAT solvers; they canhandle much richer theories than propositional logic
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 3/34
Page 17
Existing SMT Solvers
I Many existing off-the-shelf SMT solvers:
I Yices (SRI)
I Z3 (Microsoft Research)
I CVC3 (NYU, U Iowa)
I STP (Stanford)
I MathSAT (U Trento, Italy)
I Barcelogic (Catalonia, Spain)
I Annual competition SMT-COMP between solvers; tools ranked in variouscategories
I All of these SMT solvers have many users
I For instance, at Microsoft, there are at least two dozen projects that relyon the Z3 SMT solver
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 4/34
Page 18
Existing SMT Solvers
I Many existing off-the-shelf SMT solvers:
I Yices (SRI)
I Z3 (Microsoft Research)
I CVC3 (NYU, U Iowa)
I STP (Stanford)
I MathSAT (U Trento, Italy)
I Barcelogic (Catalonia, Spain)
I Annual competition SMT-COMP between solvers; tools ranked in variouscategories
I All of these SMT solvers have many users
I For instance, at Microsoft, there are at least two dozen projects that relyon the Z3 SMT solver
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 4/34
Page 19
Existing SMT Solvers
I Many existing off-the-shelf SMT solvers:
I Yices (SRI)
I Z3 (Microsoft Research)
I CVC3 (NYU, U Iowa)
I STP (Stanford)
I MathSAT (U Trento, Italy)
I Barcelogic (Catalonia, Spain)
I Annual competition SMT-COMP between solvers; tools ranked in variouscategories
I All of these SMT solvers have many users
I For instance, at Microsoft, there are at least two dozen projects that relyon the Z3 SMT solver
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 4/34
Page 20
Existing SMT Solvers
I Many existing off-the-shelf SMT solvers:
I Yices (SRI)
I Z3 (Microsoft Research)
I CVC3 (NYU, U Iowa)
I STP (Stanford)
I MathSAT (U Trento, Italy)
I Barcelogic (Catalonia, Spain)
I Annual competition SMT-COMP between solvers; tools ranked in variouscategories
I All of these SMT solvers have many users
I For instance, at Microsoft, there are at least two dozen projects that relyon the Z3 SMT solver
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 4/34
Page 21
Existing SMT Solvers
I Many existing off-the-shelf SMT solvers:
I Yices (SRI)
I Z3 (Microsoft Research)
I CVC3 (NYU, U Iowa)
I STP (Stanford)
I MathSAT (U Trento, Italy)
I Barcelogic (Catalonia, Spain)
I Annual competition SMT-COMP between solvers; tools ranked in variouscategories
I All of these SMT solvers have many users
I For instance, at Microsoft, there are at least two dozen projects that relyon the Z3 SMT solver
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 4/34
Page 22
Overview
I Plan for today: Get the complete picture of how SMT solvers work
I We’ve already learned about some aspects of SMT solvers
I Already know how to decide satisfiability of several qff first-order theories(theory of equality, theory of rationals, theory of integers)
I Also already know how to combine these theories using Nelson-Oppentechnique
I Big missing piece: How to handle boolean structure of SMT formulasincluding disjunctions
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 5/34
Page 23
Overview
I Plan for today: Get the complete picture of how SMT solvers work
I We’ve already learned about some aspects of SMT solvers
I Already know how to decide satisfiability of several qff first-order theories(theory of equality, theory of rationals, theory of integers)
I Also already know how to combine these theories using Nelson-Oppentechnique
I Big missing piece: How to handle boolean structure of SMT formulasincluding disjunctions
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 5/34
Page 24
Overview
I Plan for today: Get the complete picture of how SMT solvers work
I We’ve already learned about some aspects of SMT solvers
I Already know how to decide satisfiability of several qff first-order theories(theory of equality, theory of rationals, theory of integers)
I Also already know how to combine these theories using Nelson-Oppentechnique
I Big missing piece: How to handle boolean structure of SMT formulasincluding disjunctions
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 5/34
Page 25
Overview
I Plan for today: Get the complete picture of how SMT solvers work
I We’ve already learned about some aspects of SMT solvers
I Already know how to decide satisfiability of several qff first-order theories(theory of equality, theory of rationals, theory of integers)
I Also already know how to combine these theories using Nelson-Oppentechnique
I Big missing piece: How to handle boolean structure of SMT formulasincluding disjunctions
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 5/34
Page 26
Overview
I Plan for today: Get the complete picture of how SMT solvers work
I We’ve already learned about some aspects of SMT solvers
I Already know how to decide satisfiability of several qff first-order theories(theory of equality, theory of rationals, theory of integers)
I Also already know how to combine these theories using Nelson-Oppentechnique
I Big missing piece: How to handle boolean structure of SMT formulasincluding disjunctions
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 5/34
Page 27
Motivation for DPLL(T )
I So far, decided satisfiability of first-order theories by converting to DNF
I In reality, this is completely impractical: DNF conversion can yieldexponentially larger formula
I For many real problems, DNF conversion is prohibitively expensive
I Thus, we need a way to decide satisfiability of SMT formulas withoutexpensive conversion to DNF
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 6/34
Page 28
Motivation for DPLL(T )
I So far, decided satisfiability of first-order theories by converting to DNF
I In reality, this is completely impractical: DNF conversion can yieldexponentially larger formula
I For many real problems, DNF conversion is prohibitively expensive
I Thus, we need a way to decide satisfiability of SMT formulas withoutexpensive conversion to DNF
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 6/34
Page 29
Motivation for DPLL(T )
I So far, decided satisfiability of first-order theories by converting to DNF
I In reality, this is completely impractical: DNF conversion can yieldexponentially larger formula
I For many real problems, DNF conversion is prohibitively expensive
I Thus, we need a way to decide satisfiability of SMT formulas withoutexpensive conversion to DNF
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 6/34
Page 30
Motivation for DPLL(T )
I So far, decided satisfiability of first-order theories by converting to DNF
I In reality, this is completely impractical: DNF conversion can yieldexponentially larger formula
I For many real problems, DNF conversion is prohibitively expensive
I Thus, we need a way to decide satisfiability of SMT formulas withoutexpensive conversion to DNF
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 6/34
Page 31
DPLL(T ) Overview
I Key idea underlying SMT solvers: Combine DPLL algorithm for SATsolving with theory solvers
I Theory solver: Decision procedure for checking satisfiability in conjunctivefragment
I This architecture where we combine DPLL-based SAT solvers with theorysolvers is known as DPLL(T ) framework
I Called DPLL(T ) because we combine DPLL algorithm with solver fortheory T
I However, T can be a combination theory, such as T= ∪ TZ
I As before, solver for T= ∪ TZ is obtained by using Nelson-Oppen technique
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 7/34
Page 32
DPLL(T ) Overview
I Key idea underlying SMT solvers: Combine DPLL algorithm for SATsolving with theory solvers
I Theory solver: Decision procedure for checking satisfiability in conjunctivefragment
I This architecture where we combine DPLL-based SAT solvers with theorysolvers is known as DPLL(T ) framework
I Called DPLL(T ) because we combine DPLL algorithm with solver fortheory T
I However, T can be a combination theory, such as T= ∪ TZ
I As before, solver for T= ∪ TZ is obtained by using Nelson-Oppen technique
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 7/34
Page 33
DPLL(T ) Overview
I Key idea underlying SMT solvers: Combine DPLL algorithm for SATsolving with theory solvers
I Theory solver: Decision procedure for checking satisfiability in conjunctivefragment
I This architecture where we combine DPLL-based SAT solvers with theorysolvers is known as DPLL(T ) framework
I Called DPLL(T ) because we combine DPLL algorithm with solver fortheory T
I However, T can be a combination theory, such as T= ∪ TZ
I As before, solver for T= ∪ TZ is obtained by using Nelson-Oppen technique
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 7/34
Page 34
DPLL(T ) Overview
I Key idea underlying SMT solvers: Combine DPLL algorithm for SATsolving with theory solvers
I Theory solver: Decision procedure for checking satisfiability in conjunctivefragment
I This architecture where we combine DPLL-based SAT solvers with theorysolvers is known as DPLL(T ) framework
I Called DPLL(T ) because we combine DPLL algorithm with solver fortheory T
I However, T can be a combination theory, such as T= ∪ TZ
I As before, solver for T= ∪ TZ is obtained by using Nelson-Oppen technique
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 7/34
Page 35
DPLL(T ) Overview
I Key idea underlying SMT solvers: Combine DPLL algorithm for SATsolving with theory solvers
I Theory solver: Decision procedure for checking satisfiability in conjunctivefragment
I This architecture where we combine DPLL-based SAT solvers with theorysolvers is known as DPLL(T ) framework
I Called DPLL(T ) because we combine DPLL algorithm with solver fortheory T
I However, T can be a combination theory, such as T= ∪ TZ
I As before, solver for T= ∪ TZ is obtained by using Nelson-Oppen technique
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 7/34
Page 36
DPLL(T ) Overview
I Key idea underlying SMT solvers: Combine DPLL algorithm for SATsolving with theory solvers
I Theory solver: Decision procedure for checking satisfiability in conjunctivefragment
I This architecture where we combine DPLL-based SAT solvers with theorysolvers is known as DPLL(T ) framework
I Called DPLL(T ) because we combine DPLL algorithm with solver fortheory T
I However, T can be a combination theory, such as T= ∪ TZ
I As before, solver for T= ∪ TZ is obtained by using Nelson-Oppen technique
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 7/34
Page 37
Main Idea of DPLL(T )
I In the DPLL(T ) framework, SAT solver handles boolean structure offormula
I For this, treat each atomic formula as a propositional variable ⇒ resultingformula called boolean abstraction
I Now, use SAT solver to decide satisfiability of boolean abstraction
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 8/34
Page 38
Main Idea of DPLL(T )
I In the DPLL(T ) framework, SAT solver handles boolean structure offormula
I For this, treat each atomic formula as a propositional variable ⇒ resultingformula called boolean abstraction
I Now, use SAT solver to decide satisfiability of boolean abstraction
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 8/34
Page 39
Main Idea of DPLL(T )
I In the DPLL(T ) framework, SAT solver handles boolean structure offormula
I For this, treat each atomic formula as a propositional variable ⇒ resultingformula called boolean abstraction
I Now, use SAT solver to decide satisfiability of boolean abstraction
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 8/34
Page 40
Main Idea of DPPL(T ), cont.
I If there is no satisfying assignment to boolean abstraction, formula isUNSAT
I If there is satisfying assignment to boolean abstraction, formula may notbe SAT
I Main job of the theory solver is to check whether assignments made bySAT solver is Satisfiable Modulo Theory (SMT)
I If SAT solver finds assignment that is consistent with theory, then SMTformula is satisfiable
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 9/34
Page 41
Main Idea of DPPL(T ), cont.
I If there is no satisfying assignment to boolean abstraction, formula isUNSAT
I If there is satisfying assignment to boolean abstraction, formula may notbe SAT
I Main job of the theory solver is to check whether assignments made bySAT solver is Satisfiable Modulo Theory (SMT)
I If SAT solver finds assignment that is consistent with theory, then SMTformula is satisfiable
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 9/34
Page 42
Main Idea of DPPL(T ), cont.
I If there is no satisfying assignment to boolean abstraction, formula isUNSAT
I If there is satisfying assignment to boolean abstraction, formula may notbe SAT
I Main job of the theory solver is to check whether assignments made bySAT solver is Satisfiable Modulo Theory (SMT)
I If SAT solver finds assignment that is consistent with theory, then SMTformula is satisfiable
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 9/34
Page 43
Main Idea of DPPL(T ), cont.
I If there is no satisfying assignment to boolean abstraction, formula isUNSAT
I If there is satisfying assignment to boolean abstraction, formula may notbe SAT
I Main job of the theory solver is to check whether assignments made bySAT solver is Satisfiable Modulo Theory (SMT)
I If SAT solver finds assignment that is consistent with theory, then SMTformula is satisfiable
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 9/34
Page 44
SMT Formulas and Boolean Abstraction
I SMT formula in theory T formed as usual (structural induction):F := a i
T | F1 ∧ F2 | F1 ∨ F2 | ¬F
I For each SMT formula, define a bijective function B, called booleanabstraction function, that maps SMT formula to overapproximate SATformula
I Function B defined inductively as follows:
B(a iT ) = bi
B(F1 ∧ F2) = B(F1) ∧ B(F2)B(F1 ∨ F2) = B(F1) ∨ B(F2)B(¬F ) = ¬B(F1)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 10/34
Page 45
SMT Formulas and Boolean Abstraction
I SMT formula in theory T formed as usual (structural induction):F := a i
T | F1 ∧ F2 | F1 ∨ F2 | ¬F
I For each SMT formula, define a bijective function B, called booleanabstraction function, that maps SMT formula to overapproximate SATformula
I Function B defined inductively as follows:
B(a iT ) = bi
B(F1 ∧ F2) = B(F1) ∧ B(F2)B(F1 ∨ F2) = B(F1) ∨ B(F2)B(¬F ) = ¬B(F1)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 10/34
Page 46
SMT Formulas and Boolean Abstraction
I SMT formula in theory T formed as usual (structural induction):F := a i
T | F1 ∧ F2 | F1 ∨ F2 | ¬F
I For each SMT formula, define a bijective function B, called booleanabstraction function, that maps SMT formula to overapproximate SATformula
I Function B defined inductively as follows:
B(a iT ) = bi
B(F1 ∧ F2) = B(F1) ∧ B(F2)B(F1 ∨ F2) = B(F1) ∨ B(F2)B(¬F ) = ¬B(F1)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 10/34
Page 47
SMT Formulas and Boolean Abstraction
I SMT formula in theory T formed as usual (structural induction):F := a i
T | F1 ∧ F2 | F1 ∨ F2 | ¬F
I For each SMT formula, define a bijective function B, called booleanabstraction function, that maps SMT formula to overapproximate SATformula
I Function B defined inductively as follows:
B(a iT ) = bi
B(F1 ∧ F2) = B(F1) ∧ B(F2)B(F1 ∨ F2) = B(F1) ∨ B(F2)B(¬F ) = ¬B(F1)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 10/34
Page 48
SMT Formulas and Boolean Abstraction
I SMT formula in theory T formed as usual (structural induction):F := a i
T | F1 ∧ F2 | F1 ∨ F2 | ¬F
I For each SMT formula, define a bijective function B, called booleanabstraction function, that maps SMT formula to overapproximate SATformula
I Function B defined inductively as follows:
B(a iT ) = bi
B(F1 ∧ F2) = B(F1) ∧ B(F2)
B(F1 ∨ F2) = B(F1) ∨ B(F2)B(¬F ) = ¬B(F1)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 10/34
Page 49
SMT Formulas and Boolean Abstraction
I SMT formula in theory T formed as usual (structural induction):F := a i
T | F1 ∧ F2 | F1 ∨ F2 | ¬F
I For each SMT formula, define a bijective function B, called booleanabstraction function, that maps SMT formula to overapproximate SATformula
I Function B defined inductively as follows:
B(a iT ) = bi
B(F1 ∧ F2) = B(F1) ∧ B(F2)B(F1 ∨ F2) = B(F1) ∨ B(F2)
B(¬F ) = ¬B(F1)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 10/34
Page 50
SMT Formulas and Boolean Abstraction
I SMT formula in theory T formed as usual (structural induction):F := a i
T | F1 ∧ F2 | F1 ∨ F2 | ¬F
I For each SMT formula, define a bijective function B, called booleanabstraction function, that maps SMT formula to overapproximate SATformula
I Function B defined inductively as follows:
B(a iT ) = bi
B(F1 ∧ F2) = B(F1) ∧ B(F2)B(F1 ∨ F2) = B(F1) ∨ B(F2)B(¬F ) = ¬B(F1)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 10/34
Page 51
Example
I What is the boolean abstraction of this formula?
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Boolean abstraction is also called boolean skeleton
I Since B is a bijective function, B−1 also exists
I What is B−1(b2 ∨ ¬b1)?
y = z ∨ ¬(x = z )
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 11/34
Page 52
Example
I What is the boolean abstraction of this formula?
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Boolean abstraction is also called boolean skeleton
I Since B is a bijective function, B−1 also exists
I What is B−1(b2 ∨ ¬b1)?
y = z ∨ ¬(x = z )
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 11/34
Page 53
Example
I What is the boolean abstraction of this formula?
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Boolean abstraction is also called boolean skeleton
I Since B is a bijective function, B−1 also exists
I What is B−1(b2 ∨ ¬b1)?
y = z ∨ ¬(x = z )
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 11/34
Page 54
Example
I What is the boolean abstraction of this formula?
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Boolean abstraction is also called boolean skeleton
I Since B is a bijective function, B−1 also exists
I What is B−1(b2 ∨ ¬b1)?
y = z ∨ ¬(x = z )
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 11/34
Page 55
Example
I What is the boolean abstraction of this formula?
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Boolean abstraction is also called boolean skeleton
I Since B is a bijective function, B−1 also exists
I What is B−1(b2 ∨ ¬b1)?
y = z ∨ ¬(x = z )
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 11/34
Page 56
Example
I What is the boolean abstraction of this formula?
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Boolean abstraction is also called boolean skeleton
I Since B is a bijective function, B−1 also exists
I What is B−1(b2 ∨ ¬b1)? y = z ∨ ¬(x = z )
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 11/34
Page 57
Boolean Abstraction as Overapproximation
I Observe: The boolean abstraction constructed this way overapproximatessatisfiability of the formula
I Is this formula satisfiable?
No
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I Boolean abstraction: B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Is this satisfiable?
Yes
I What is a sat assignment?
A = b1 ∧ b2 ∧ b3
I What is B−1(A) ?
x = y ∧ y = z ∧ x 6= z
I Is B−1(A) satisfiable?
No
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 12/34
Page 58
Boolean Abstraction as Overapproximation
I Observe: The boolean abstraction constructed this way overapproximatessatisfiability of the formula
I Is this formula satisfiable?
No
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I Boolean abstraction: B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Is this satisfiable?
Yes
I What is a sat assignment?
A = b1 ∧ b2 ∧ b3
I What is B−1(A) ?
x = y ∧ y = z ∧ x 6= z
I Is B−1(A) satisfiable?
No
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 12/34
Page 59
Boolean Abstraction as Overapproximation
I Observe: The boolean abstraction constructed this way overapproximatessatisfiability of the formula
I Is this formula satisfiable? No
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I Boolean abstraction: B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Is this satisfiable?
Yes
I What is a sat assignment?
A = b1 ∧ b2 ∧ b3
I What is B−1(A) ?
x = y ∧ y = z ∧ x 6= z
I Is B−1(A) satisfiable?
No
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 12/34
Page 60
Boolean Abstraction as Overapproximation
I Observe: The boolean abstraction constructed this way overapproximatessatisfiability of the formula
I Is this formula satisfiable? No
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I Boolean abstraction: B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Is this satisfiable?
Yes
I What is a sat assignment?
A = b1 ∧ b2 ∧ b3
I What is B−1(A) ?
x = y ∧ y = z ∧ x 6= z
I Is B−1(A) satisfiable?
No
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 12/34
Page 61
Boolean Abstraction as Overapproximation
I Observe: The boolean abstraction constructed this way overapproximatessatisfiability of the formula
I Is this formula satisfiable? No
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I Boolean abstraction: B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Is this satisfiable?
Yes
I What is a sat assignment?
A = b1 ∧ b2 ∧ b3
I What is B−1(A) ?
x = y ∧ y = z ∧ x 6= z
I Is B−1(A) satisfiable?
No
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 12/34
Page 62
Boolean Abstraction as Overapproximation
I Observe: The boolean abstraction constructed this way overapproximatessatisfiability of the formula
I Is this formula satisfiable? No
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I Boolean abstraction: B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Is this satisfiable? Yes
I What is a sat assignment?
A = b1 ∧ b2 ∧ b3
I What is B−1(A) ?
x = y ∧ y = z ∧ x 6= z
I Is B−1(A) satisfiable?
No
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 12/34
Page 63
Boolean Abstraction as Overapproximation
I Observe: The boolean abstraction constructed this way overapproximatessatisfiability of the formula
I Is this formula satisfiable? No
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I Boolean abstraction: B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Is this satisfiable? Yes
I What is a sat assignment?
A = b1 ∧ b2 ∧ b3
I What is B−1(A) ?
x = y ∧ y = z ∧ x 6= z
I Is B−1(A) satisfiable?
No
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 12/34
Page 64
Boolean Abstraction as Overapproximation
I Observe: The boolean abstraction constructed this way overapproximatessatisfiability of the formula
I Is this formula satisfiable? No
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I Boolean abstraction: B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Is this satisfiable? Yes
I What is a sat assignment? A = b1 ∧ b2 ∧ b3
I What is B−1(A) ?
x = y ∧ y = z ∧ x 6= z
I Is B−1(A) satisfiable?
No
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 12/34
Page 65
Boolean Abstraction as Overapproximation
I Observe: The boolean abstraction constructed this way overapproximatessatisfiability of the formula
I Is this formula satisfiable? No
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I Boolean abstraction: B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Is this satisfiable? Yes
I What is a sat assignment? A = b1 ∧ b2 ∧ b3
I What is B−1(A) ?
x = y ∧ y = z ∧ x 6= z
I Is B−1(A) satisfiable?
No
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 12/34
Page 66
Boolean Abstraction as Overapproximation
I Observe: The boolean abstraction constructed this way overapproximatessatisfiability of the formula
I Is this formula satisfiable? No
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I Boolean abstraction: B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Is this satisfiable? Yes
I What is a sat assignment? A = b1 ∧ b2 ∧ b3
I What is B−1(A) ? x = y ∧ y = z ∧ x 6= z
I Is B−1(A) satisfiable?
No
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 12/34
Page 67
Boolean Abstraction as Overapproximation
I Observe: The boolean abstraction constructed this way overapproximatessatisfiability of the formula
I Is this formula satisfiable? No
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I Boolean abstraction: B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Is this satisfiable? Yes
I What is a sat assignment? A = b1 ∧ b2 ∧ b3
I What is B−1(A) ? x = y ∧ y = z ∧ x 6= z
I Is B−1(A) satisfiable?
No
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 12/34
Page 68
Boolean Abstraction as Overapproximation
I Observe: The boolean abstraction constructed this way overapproximatessatisfiability of the formula
I Is this formula satisfiable? No
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I Boolean abstraction: B(F ) = b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Is this satisfiable? Yes
I What is a sat assignment? A = b1 ∧ b2 ∧ b3
I What is B−1(A) ? x = y ∧ y = z ∧ x 6= z
I Is B−1(A) satisfiable? No
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 12/34
Page 69
SMT Solving: Simplest Version
I In simplest version of SMT solvers, construct boolean abstraction B(F ) ofSMT formula F
I If B(F ) is unsat, return unsat
I If B(F ) is sat, get sat assignment A (conjunction of propositional literals)
I Construct B−1(A); this is conjunction of atomic T -formulas
I Query T -solver for satisfiability of B−1(A)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 13/34
Page 70
SMT Solving: Simplest Version
I In simplest version of SMT solvers, construct boolean abstraction B(F ) ofSMT formula F
I If B(F ) is unsat, return unsat
I If B(F ) is sat, get sat assignment A (conjunction of propositional literals)
I Construct B−1(A); this is conjunction of atomic T -formulas
I Query T -solver for satisfiability of B−1(A)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 13/34
Page 71
SMT Solving: Simplest Version
I In simplest version of SMT solvers, construct boolean abstraction B(F ) ofSMT formula F
I If B(F ) is unsat, return unsat
I If B(F ) is sat, get sat assignment A (conjunction of propositional literals)
I Construct B−1(A); this is conjunction of atomic T -formulas
I Query T -solver for satisfiability of B−1(A)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 13/34
Page 72
SMT Solving: Simplest Version
I In simplest version of SMT solvers, construct boolean abstraction B(F ) ofSMT formula F
I If B(F ) is unsat, return unsat
I If B(F ) is sat, get sat assignment A (conjunction of propositional literals)
I Construct B−1(A); this is conjunction of atomic T -formulas
I Query T -solver for satisfiability of B−1(A)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 13/34
Page 73
SMT Solving: Simplest Version
I In simplest version of SMT solvers, construct boolean abstraction B(F ) ofSMT formula F
I If B(F ) is unsat, return unsat
I If B(F ) is sat, get sat assignment A (conjunction of propositional literals)
I Construct B−1(A); this is conjunction of atomic T -formulas
I Query T -solver for satisfiability of B−1(A)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 13/34
Page 74
SMT Solving: Simplest Version, cont
I If T -solver decides B−1(A) is sat, return SAT
I Why? Because we found an assignment that (i) both satisfies booleanstructure, and (ii) consistent with theory axioms
I If B−1(A) is unsat, does this mean original formula is UNSAT?
I No b/c might be other ways of satisfying boolean structure
I In this case, construct new boolean abstraction B(F ) ∧ ¬A
I Repeat until we find assignment consistent with theory or until booleanabstraction is unsat
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 14/34
Page 75
SMT Solving: Simplest Version, cont
I If T -solver decides B−1(A) is sat, return SAT
I Why? Because we found an assignment that (i) both satisfies booleanstructure, and (ii) consistent with theory axioms
I If B−1(A) is unsat, does this mean original formula is UNSAT?
I No b/c might be other ways of satisfying boolean structure
I In this case, construct new boolean abstraction B(F ) ∧ ¬A
I Repeat until we find assignment consistent with theory or until booleanabstraction is unsat
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 14/34
Page 76
SMT Solving: Simplest Version, cont
I If T -solver decides B−1(A) is sat, return SAT
I Why? Because we found an assignment that (i) both satisfies booleanstructure, and (ii) consistent with theory axioms
I If B−1(A) is unsat, does this mean original formula is UNSAT?
I No b/c might be other ways of satisfying boolean structure
I In this case, construct new boolean abstraction B(F ) ∧ ¬A
I Repeat until we find assignment consistent with theory or until booleanabstraction is unsat
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 14/34
Page 77
SMT Solving: Simplest Version, cont
I If T -solver decides B−1(A) is sat, return SAT
I Why? Because we found an assignment that (i) both satisfies booleanstructure, and (ii) consistent with theory axioms
I If B−1(A) is unsat, does this mean original formula is UNSAT?
I No b/c might be other ways of satisfying boolean structure
I In this case, construct new boolean abstraction B(F ) ∧ ¬A
I Repeat until we find assignment consistent with theory or until booleanabstraction is unsat
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 14/34
Page 78
SMT Solving: Simplest Version, cont
I If T -solver decides B−1(A) is sat, return SAT
I Why? Because we found an assignment that (i) both satisfies booleanstructure, and (ii) consistent with theory axioms
I If B−1(A) is unsat, does this mean original formula is UNSAT?
I No b/c might be other ways of satisfying boolean structure
I In this case, construct new boolean abstraction B(F ) ∧ ¬A
I Repeat until we find assignment consistent with theory or until booleanabstraction is unsat
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 14/34
Page 79
SMT Solving: Simplest Version, cont
I If T -solver decides B−1(A) is sat, return SAT
I Why? Because we found an assignment that (i) both satisfies booleanstructure, and (ii) consistent with theory axioms
I If B−1(A) is unsat, does this mean original formula is UNSAT?
I No b/c might be other ways of satisfying boolean structure
I In this case, construct new boolean abstraction B(F ) ∧ ¬A
I Repeat until we find assignment consistent with theory or until booleanabstraction is unsat
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 14/34
Page 80
SMT Solving, Simplest Version: Correctness
I If B−1(A) is unsat, construct new abstraction as B(F ) ∧ ¬A
I Does B(F ) ∧ ¬A still overapproximate satisfiability?
I Yes because since B−1(A) is unsat B−1(¬A) is valid
I Thus, F ∧ B−1(¬A) is equivalent to F
I Hence, B(F ∧ B−1(¬A)) (i.e., B(F ) ∧ ¬A) still overapproximatessatisfiability
I Formulas such as ¬A that are T -valid are called theory conflict clauses
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 15/34
Page 81
SMT Solving, Simplest Version: Correctness
I If B−1(A) is unsat, construct new abstraction as B(F ) ∧ ¬A
I Does B(F ) ∧ ¬A still overapproximate satisfiability?
I Yes because since B−1(A) is unsat B−1(¬A) is valid
I Thus, F ∧ B−1(¬A) is equivalent to F
I Hence, B(F ∧ B−1(¬A)) (i.e., B(F ) ∧ ¬A) still overapproximatessatisfiability
I Formulas such as ¬A that are T -valid are called theory conflict clauses
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 15/34
Page 82
SMT Solving, Simplest Version: Correctness
I If B−1(A) is unsat, construct new abstraction as B(F ) ∧ ¬A
I Does B(F ) ∧ ¬A still overapproximate satisfiability?
I Yes because since B−1(A) is unsat B−1(¬A) is valid
I Thus, F ∧ B−1(¬A) is equivalent to F
I Hence, B(F ∧ B−1(¬A)) (i.e., B(F ) ∧ ¬A) still overapproximatessatisfiability
I Formulas such as ¬A that are T -valid are called theory conflict clauses
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 15/34
Page 83
SMT Solving, Simplest Version: Correctness
I If B−1(A) is unsat, construct new abstraction as B(F ) ∧ ¬A
I Does B(F ) ∧ ¬A still overapproximate satisfiability?
I Yes because since B−1(A) is unsat B−1(¬A) is valid
I Thus, F ∧ B−1(¬A) is equivalent to F
I Hence, B(F ∧ B−1(¬A)) (i.e., B(F ) ∧ ¬A) still overapproximatessatisfiability
I Formulas such as ¬A that are T -valid are called theory conflict clauses
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 15/34
Page 84
SMT Solving, Simplest Version: Correctness
I If B−1(A) is unsat, construct new abstraction as B(F ) ∧ ¬A
I Does B(F ) ∧ ¬A still overapproximate satisfiability?
I Yes because since B−1(A) is unsat B−1(¬A) is valid
I Thus, F ∧ B−1(¬A) is equivalent to F
I Hence, B(F ∧ B−1(¬A)) (i.e., B(F ) ∧ ¬A) still overapproximatessatisfiability
I Formulas such as ¬A that are T -valid are called theory conflict clauses
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 15/34
Page 85
SMT Solving, Simplest Version: Correctness
I If B−1(A) is unsat, construct new abstraction as B(F ) ∧ ¬A
I Does B(F ) ∧ ¬A still overapproximate satisfiability?
I Yes because since B−1(A) is unsat B−1(¬A) is valid
I Thus, F ∧ B−1(¬A) is equivalent to F
I Hence, B(F ∧ B−1(¬A)) (i.e., B(F ) ∧ ¬A) still overapproximatessatisfiability
I Formulas such as ¬A that are T -valid are called theory conflict clauses
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 15/34
Page 86
SMT Solving, Simplest Version: Correctness
I If B−1(A) is unsat, construct new abstraction as B(F ) ∧ ¬A
I Does B(F ) ∧ ¬A still overapproximate satisfiability?
I Yes because since B−1(A) is unsat B−1(¬A) is valid
I Thus, F ∧ B−1(¬A) is equivalent to F
I Hence, B(F ∧ B−1(¬A)) (i.e., B(F ) ∧ ¬A) still overapproximatessatisfiability
I Formulas such as ¬A that are T -valid are called theory conflict clauses
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 15/34
Page 87
SMT Solving, Simplest Version: Termination
I Approach is sound, but is it guaranteed to terminate?
Yes
I Suppose SAT solver gives assignment A s.t. B−1(A) is unsat
I We’ll never obtain same assignment A again because formula next time isB(F ) ∧ ¬A
I There are finitely many satisfying assignments to boolean abstraction, andwe get different sat assignment every time
I Thus, we’ll eventually either find assignment consistent with theory⇒ SAT
I Or all satisfying assignments contradict theory axioms ⇒ UNSAT
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 16/34
Page 88
SMT Solving, Simplest Version: Termination
I Approach is sound, but is it guaranteed to terminate? Yes
I Suppose SAT solver gives assignment A s.t. B−1(A) is unsat
I We’ll never obtain same assignment A again because formula next time isB(F ) ∧ ¬A
I There are finitely many satisfying assignments to boolean abstraction, andwe get different sat assignment every time
I Thus, we’ll eventually either find assignment consistent with theory⇒ SAT
I Or all satisfying assignments contradict theory axioms ⇒ UNSAT
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 16/34
Page 89
SMT Solving, Simplest Version: Termination
I Approach is sound, but is it guaranteed to terminate? Yes
I Suppose SAT solver gives assignment A s.t. B−1(A) is unsat
I We’ll never obtain same assignment A again because formula next time isB(F ) ∧ ¬A
I There are finitely many satisfying assignments to boolean abstraction, andwe get different sat assignment every time
I Thus, we’ll eventually either find assignment consistent with theory⇒ SAT
I Or all satisfying assignments contradict theory axioms ⇒ UNSAT
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 16/34
Page 90
SMT Solving, Simplest Version: Termination
I Approach is sound, but is it guaranteed to terminate? Yes
I Suppose SAT solver gives assignment A s.t. B−1(A) is unsat
I We’ll never obtain same assignment A again because formula next time isB(F ) ∧ ¬A
I There are finitely many satisfying assignments to boolean abstraction, andwe get different sat assignment every time
I Thus, we’ll eventually either find assignment consistent with theory⇒ SAT
I Or all satisfying assignments contradict theory axioms ⇒ UNSAT
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 16/34
Page 91
SMT Solving, Simplest Version: Termination
I Approach is sound, but is it guaranteed to terminate? Yes
I Suppose SAT solver gives assignment A s.t. B−1(A) is unsat
I We’ll never obtain same assignment A again because formula next time isB(F ) ∧ ¬A
I There are finitely many satisfying assignments to boolean abstraction, andwe get different sat assignment every time
I Thus, we’ll eventually either find assignment consistent with theory⇒ SAT
I Or all satisfying assignments contradict theory axioms ⇒ UNSAT
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 16/34
Page 92
SMT Solving, Simplest Version: Termination
I Approach is sound, but is it guaranteed to terminate? Yes
I Suppose SAT solver gives assignment A s.t. B−1(A) is unsat
I We’ll never obtain same assignment A again because formula next time isB(F ) ∧ ¬A
I There are finitely many satisfying assignments to boolean abstraction, andwe get different sat assignment every time
I Thus, we’ll eventually either find assignment consistent with theory⇒ SAT
I Or all satisfying assignments contradict theory axioms ⇒ UNSAT
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 16/34
Page 93
Example
I Consider example from before:
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I B(F ) : b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Sat assignment to B(F ) A : b1 ∧ b2 ∧ b3
I B−1(A) is unsat
I What is new boolean abstraction?
(b1 ∧ ((b2 ∧ b3) ∨ ¬b1)) ∧ ¬(b1 ∧ b2 ∧ b3)
I Is this formula SAT?
No, thus original formula UNSAT
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 17/34
Page 94
Example
I Consider example from before:
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I B(F ) : b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Sat assignment to B(F ) A : b1 ∧ b2 ∧ b3
I B−1(A) is unsat
I What is new boolean abstraction?
(b1 ∧ ((b2 ∧ b3) ∨ ¬b1)) ∧ ¬(b1 ∧ b2 ∧ b3)
I Is this formula SAT?
No, thus original formula UNSAT
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 17/34
Page 95
Example
I Consider example from before:
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I B(F ) : b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Sat assignment to B(F ) A : b1 ∧ b2 ∧ b3
I B−1(A) is unsat
I What is new boolean abstraction?
(b1 ∧ ((b2 ∧ b3) ∨ ¬b1)) ∧ ¬(b1 ∧ b2 ∧ b3)
I Is this formula SAT?
No, thus original formula UNSAT
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 17/34
Page 96
Example
I Consider example from before:
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I B(F ) : b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Sat assignment to B(F ) A : b1 ∧ b2 ∧ b3
I B−1(A) is unsat
I What is new boolean abstraction?
(b1 ∧ ((b2 ∧ b3) ∨ ¬b1)) ∧ ¬(b1 ∧ b2 ∧ b3)
I Is this formula SAT?
No, thus original formula UNSAT
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 17/34
Page 97
Example
I Consider example from before:
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I B(F ) : b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Sat assignment to B(F ) A : b1 ∧ b2 ∧ b3
I B−1(A) is unsat
I What is new boolean abstraction?
(b1 ∧ ((b2 ∧ b3) ∨ ¬b1)) ∧ ¬(b1 ∧ b2 ∧ b3)
I Is this formula SAT?
No, thus original formula UNSAT
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 17/34
Page 98
Example
I Consider example from before:
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I B(F ) : b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Sat assignment to B(F ) A : b1 ∧ b2 ∧ b3
I B−1(A) is unsat
I What is new boolean abstraction?
(b1 ∧ ((b2 ∧ b3) ∨ ¬b1)) ∧ ¬(b1 ∧ b2 ∧ b3)
I Is this formula SAT?
No, thus original formula UNSAT
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 17/34
Page 99
Example
I Consider example from before:
F : x = z ∧ ((y = z ∧ x 6= z ) ∨ ¬(x = z ))
I B(F ) : b1 ∧ ((b2 ∧ b3) ∨ ¬b1)
I Sat assignment to B(F ) A : b1 ∧ b2 ∧ b3
I B−1(A) is unsat
I What is new boolean abstraction?
(b1 ∧ ((b2 ∧ b3) ∨ ¬b1)) ∧ ¬(b1 ∧ b2 ∧ b3)
I Is this formula SAT? No, thus original formula UNSAT
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 17/34
Page 100
Shortcoming of This Approach
I So far, we just add negation of current assignment as theory conflict clause
I Unfortunately, conflict clauses obtained this way are too weak
I Suppose A is a conjunction of 100 literals such that
B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98
I Theory conflict clause ¬A prevents exact same assignment
I But it doesn’t prevent many other bad assignments involvingx = y ∧ x 6= y such as:
B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ ¬a98
I In fact, there are 298 unsat assignments containing x = y ∧ x 6= y but ¬Aprevents only one of them!
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 18/34
Page 101
Shortcoming of This Approach
I So far, we just add negation of current assignment as theory conflict clause
I Unfortunately, conflict clauses obtained this way are too weak
I Suppose A is a conjunction of 100 literals such that
B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98
I Theory conflict clause ¬A prevents exact same assignment
I But it doesn’t prevent many other bad assignments involvingx = y ∧ x 6= y such as:
B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ ¬a98
I In fact, there are 298 unsat assignments containing x = y ∧ x 6= y but ¬Aprevents only one of them!
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 18/34
Page 102
Shortcoming of This Approach
I So far, we just add negation of current assignment as theory conflict clause
I Unfortunately, conflict clauses obtained this way are too weak
I Suppose A is a conjunction of 100 literals such that
B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98
I Theory conflict clause ¬A prevents exact same assignment
I But it doesn’t prevent many other bad assignments involvingx = y ∧ x 6= y such as:
B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ ¬a98
I In fact, there are 298 unsat assignments containing x = y ∧ x 6= y but ¬Aprevents only one of them!
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 18/34
Page 103
Shortcoming of This Approach
I So far, we just add negation of current assignment as theory conflict clause
I Unfortunately, conflict clauses obtained this way are too weak
I Suppose A is a conjunction of 100 literals such that
B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98
I Theory conflict clause ¬A prevents exact same assignment
I But it doesn’t prevent many other bad assignments involvingx = y ∧ x 6= y such as:
B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ ¬a98
I In fact, there are 298 unsat assignments containing x = y ∧ x 6= y but ¬Aprevents only one of them!
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 18/34
Page 104
Shortcoming of This Approach
I So far, we just add negation of current assignment as theory conflict clause
I Unfortunately, conflict clauses obtained this way are too weak
I Suppose A is a conjunction of 100 literals such that
B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98
I Theory conflict clause ¬A prevents exact same assignment
I But it doesn’t prevent many other bad assignments involvingx = y ∧ x 6= y such as:
B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ ¬a98
I In fact, there are 298 unsat assignments containing x = y ∧ x 6= y but ¬Aprevents only one of them!
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 18/34
Page 105
Shortcoming of This Approach
I So far, we just add negation of current assignment as theory conflict clause
I Unfortunately, conflict clauses obtained this way are too weak
I Suppose A is a conjunction of 100 literals such that
B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98
I Theory conflict clause ¬A prevents exact same assignment
I But it doesn’t prevent many other bad assignments involvingx = y ∧ x 6= y such as:
B−1(A) = x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ ¬a98
I In fact, there are 298 unsat assignments containing x = y ∧ x 6= y but ¬Aprevents only one of them!
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 18/34
Page 106
SMT solving, Improvement #1
I Suppose SAT solver makes assignment A s.t. B−1(A) is unsat
I Rather than adding ¬A as a conflict clause, better idea is to find anunsatisfiable core of B−1(A)
I An unsatisfiable core C of A contains a subset of atoms in A and B−1(C )is still unsatisfiable.
I Ideally, we would like to find the minimal unsatisfiable core
I Minimal unsatisfiable core C ∗ has property that if you drop any singleatom of C ∗, result is satisfiable
I What is a minimal unsat core of x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98?
x = y ∧ x 6= y
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 19/34
Page 107
SMT solving, Improvement #1
I Suppose SAT solver makes assignment A s.t. B−1(A) is unsat
I Rather than adding ¬A as a conflict clause, better idea is to find anunsatisfiable core of B−1(A)
I An unsatisfiable core C of A contains a subset of atoms in A and B−1(C )is still unsatisfiable.
I Ideally, we would like to find the minimal unsatisfiable core
I Minimal unsatisfiable core C ∗ has property that if you drop any singleatom of C ∗, result is satisfiable
I What is a minimal unsat core of x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98?
x = y ∧ x 6= y
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 19/34
Page 108
SMT solving, Improvement #1
I Suppose SAT solver makes assignment A s.t. B−1(A) is unsat
I Rather than adding ¬A as a conflict clause, better idea is to find anunsatisfiable core of B−1(A)
I An unsatisfiable core C of A contains a subset of atoms in A and B−1(C )is still unsatisfiable.
I Ideally, we would like to find the minimal unsatisfiable core
I Minimal unsatisfiable core C ∗ has property that if you drop any singleatom of C ∗, result is satisfiable
I What is a minimal unsat core of x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98?
x = y ∧ x 6= y
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 19/34
Page 109
SMT solving, Improvement #1
I Suppose SAT solver makes assignment A s.t. B−1(A) is unsat
I Rather than adding ¬A as a conflict clause, better idea is to find anunsatisfiable core of B−1(A)
I An unsatisfiable core C of A contains a subset of atoms in A and B−1(C )is still unsatisfiable.
I Ideally, we would like to find the minimal unsatisfiable core
I Minimal unsatisfiable core C ∗ has property that if you drop any singleatom of C ∗, result is satisfiable
I What is a minimal unsat core of x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98?
x = y ∧ x 6= y
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 19/34
Page 110
SMT solving, Improvement #1
I Suppose SAT solver makes assignment A s.t. B−1(A) is unsat
I Rather than adding ¬A as a conflict clause, better idea is to find anunsatisfiable core of B−1(A)
I An unsatisfiable core C of A contains a subset of atoms in A and B−1(C )is still unsatisfiable.
I Ideally, we would like to find the minimal unsatisfiable core
I Minimal unsatisfiable core C ∗ has property that if you drop any singleatom of C ∗, result is satisfiable
I What is a minimal unsat core of x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98?
x = y ∧ x 6= y
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 19/34
Page 111
SMT solving, Improvement #1
I Suppose SAT solver makes assignment A s.t. B−1(A) is unsat
I Rather than adding ¬A as a conflict clause, better idea is to find anunsatisfiable core of B−1(A)
I An unsatisfiable core C of A contains a subset of atoms in A and B−1(C )is still unsatisfiable.
I Ideally, we would like to find the minimal unsatisfiable core
I Minimal unsatisfiable core C ∗ has property that if you drop any singleatom of C ∗, result is satisfiable
I What is a minimal unsat core of x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98?
x = y ∧ x 6= y
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 19/34
Page 112
SMT solving, Improvement #1
I Suppose SAT solver makes assignment A s.t. B−1(A) is unsat
I Rather than adding ¬A as a conflict clause, better idea is to find anunsatisfiable core of B−1(A)
I An unsatisfiable core C of A contains a subset of atoms in A and B−1(C )is still unsatisfiable.
I Ideally, we would like to find the minimal unsatisfiable core
I Minimal unsatisfiable core C ∗ has property that if you drop any singleatom of C ∗, result is satisfiable
I What is a minimal unsat core of x = y ∧ x 6= y ∧ a1 ∧ a2 ∧ . . . ∧ a98?x = y ∧ x 6= y
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 19/34
Page 113
Computing Minimal Unsat Core
I How can we compute minimal unsat core of conjunctive T formulawithout modifying theory solver?
I Let φ be original unsatisfiable conjunct
I Drop one atom from φ, call this φ′
I If φ′ is still unsat, φ := φ′
I Repeat this for every atom in φ
I Clearly, resulting φ is minimal unsat core of original formula
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 20/34
Page 114
Computing Minimal Unsat Core
I How can we compute minimal unsat core of conjunctive T formulawithout modifying theory solver?
I Let φ be original unsatisfiable conjunct
I Drop one atom from φ, call this φ′
I If φ′ is still unsat, φ := φ′
I Repeat this for every atom in φ
I Clearly, resulting φ is minimal unsat core of original formula
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 20/34
Page 115
Computing Minimal Unsat Core
I How can we compute minimal unsat core of conjunctive T formulawithout modifying theory solver?
I Let φ be original unsatisfiable conjunct
I Drop one atom from φ, call this φ′
I If φ′ is still unsat, φ := φ′
I Repeat this for every atom in φ
I Clearly, resulting φ is minimal unsat core of original formula
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 20/34
Page 116
Computing Minimal Unsat Core
I How can we compute minimal unsat core of conjunctive T formulawithout modifying theory solver?
I Let φ be original unsatisfiable conjunct
I Drop one atom from φ, call this φ′
I If φ′ is still unsat, φ := φ′
I Repeat this for every atom in φ
I Clearly, resulting φ is minimal unsat core of original formula
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 20/34
Page 117
Computing Minimal Unsat Core
I How can we compute minimal unsat core of conjunctive T formulawithout modifying theory solver?
I Let φ be original unsatisfiable conjunct
I Drop one atom from φ, call this φ′
I If φ′ is still unsat, φ := φ′
I Repeat this for every atom in φ
I Clearly, resulting φ is minimal unsat core of original formula
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 20/34
Page 118
Computing Minimal Unsat Core
I How can we compute minimal unsat core of conjunctive T formulawithout modifying theory solver?
I Let φ be original unsatisfiable conjunct
I Drop one atom from φ, call this φ′
I If φ′ is still unsat, φ := φ′
I Repeat this for every atom in φ
I Clearly, resulting φ is minimal unsat core of original formula
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 20/34
Page 119
Example
I Let’s compute minimal unsat core of
φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop x = y from φ. Is result unsat?
no, so keep x = y
I Drop f (x) + z = 5. Is result unsat?
yes, so drop f (x) + z = 5
I New formula: φ : x = y ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop f (x) 6= f (y). Is result unsat?
no, keep f (x) 6= f (y)
I Finally, drop y ≤ 3. Is result unsat?
yes, drop y ≤ 3
I What is minimal unsat core?
x = y ∧ f (x) 6= f (y)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 21/34
Page 120
Example
I Let’s compute minimal unsat core of
φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop x = y from φ. Is result unsat?
no, so keep x = y
I Drop f (x) + z = 5. Is result unsat?
yes, so drop f (x) + z = 5
I New formula: φ : x = y ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop f (x) 6= f (y). Is result unsat?
no, keep f (x) 6= f (y)
I Finally, drop y ≤ 3. Is result unsat?
yes, drop y ≤ 3
I What is minimal unsat core?
x = y ∧ f (x) 6= f (y)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 21/34
Page 121
Example
I Let’s compute minimal unsat core of
φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop x = y from φ. Is result unsat? no, so keep x = y
I Drop f (x) + z = 5. Is result unsat? yes, so drop f (x) + z = 5
I New formula: φ : x = y ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop f (x) 6= f (y). Is result unsat?
no, keep f (x) 6= f (y)
I Finally, drop y ≤ 3. Is result unsat?
yes, drop y ≤ 3
I What is minimal unsat core?
x = y ∧ f (x) 6= f (y)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 21/34
Page 122
Example
I Let’s compute minimal unsat core of
φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop x = y from φ. Is result unsat? no, so keep x = y
I Drop f (x) + z = 5. Is result unsat? yes, so drop f (x) + z = 5
I New formula: φ : x = y ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop f (x) 6= f (y). Is result unsat?
no, keep f (x) 6= f (y)
I Finally, drop y ≤ 3. Is result unsat?
yes, drop y ≤ 3
I What is minimal unsat core?
x = y ∧ f (x) 6= f (y)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 21/34
Page 123
Example
I Let’s compute minimal unsat core of
φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop x = y from φ. Is result unsat? no, so keep x = y
I Drop f (x) + z = 5. Is result unsat? yes, so drop f (x) + z = 5
I New formula: φ : x = y ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop f (x) 6= f (y). Is result unsat?
no, keep f (x) 6= f (y)
I Finally, drop y ≤ 3. Is result unsat?
yes, drop y ≤ 3
I What is minimal unsat core?
x = y ∧ f (x) 6= f (y)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 21/34
Page 124
Example
I Let’s compute minimal unsat core of
φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop x = y from φ. Is result unsat? no, so keep x = y
I Drop f (x) + z = 5. Is result unsat? yes, so drop f (x) + z = 5
I New formula: φ : x = y ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop f (x) 6= f (y). Is result unsat?
no, keep f (x) 6= f (y)
I Finally, drop y ≤ 3. Is result unsat?
yes, drop y ≤ 3
I What is minimal unsat core?
x = y ∧ f (x) 6= f (y)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 21/34
Page 125
Example
I Let’s compute minimal unsat core of
φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop x = y from φ. Is result unsat? no, so keep x = y
I Drop f (x) + z = 5. Is result unsat? yes, so drop f (x) + z = 5
I New formula: φ : x = y ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop f (x) 6= f (y). Is result unsat? no, keep f (x) 6= f (y)
I Finally, drop y ≤ 3. Is result unsat?
yes, drop y ≤ 3
I What is minimal unsat core?
x = y ∧ f (x) 6= f (y)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 21/34
Page 126
Example
I Let’s compute minimal unsat core of
φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop x = y from φ. Is result unsat? no, so keep x = y
I Drop f (x) + z = 5. Is result unsat? yes, so drop f (x) + z = 5
I New formula: φ : x = y ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop f (x) 6= f (y). Is result unsat? no, keep f (x) 6= f (y)
I Finally, drop y ≤ 3. Is result unsat?
yes, drop y ≤ 3
I What is minimal unsat core?
x = y ∧ f (x) 6= f (y)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 21/34
Page 127
Example
I Let’s compute minimal unsat core of
φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop x = y from φ. Is result unsat? no, so keep x = y
I Drop f (x) + z = 5. Is result unsat? yes, so drop f (x) + z = 5
I New formula: φ : x = y ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop f (x) 6= f (y). Is result unsat? no, keep f (x) 6= f (y)
I Finally, drop y ≤ 3. Is result unsat? yes, drop y ≤ 3
I What is minimal unsat core?
x = y ∧ f (x) 6= f (y)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 21/34
Page 128
Example
I Let’s compute minimal unsat core of
φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop x = y from φ. Is result unsat? no, so keep x = y
I Drop f (x) + z = 5. Is result unsat? yes, so drop f (x) + z = 5
I New formula: φ : x = y ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop f (x) 6= f (y). Is result unsat? no, keep f (x) 6= f (y)
I Finally, drop y ≤ 3. Is result unsat? yes, drop y ≤ 3
I What is minimal unsat core?
x = y ∧ f (x) 6= f (y)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 21/34
Page 129
Example
I Let’s compute minimal unsat core of
φ : x = y ∧ f (x) + z = 5 ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop x = y from φ. Is result unsat? no, so keep x = y
I Drop f (x) + z = 5. Is result unsat? yes, so drop f (x) + z = 5
I New formula: φ : x = y ∧ f (x) 6= f (y) ∧ y ≤ 3
I Drop f (x) 6= f (y). Is result unsat? no, keep f (x) 6= f (y)
I Finally, drop y ≤ 3. Is result unsat? yes, drop y ≤ 3
I What is minimal unsat core? x = y ∧ f (x) 6= f (y)
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 21/34
Page 130
SMT Solving Using Unsat Cores
I Given formula F , construct boolean abstraction B(F )
I Use SAT solver to decide if B(F ) is unsat; if so F also unsat
I Otherwise, get satisfying assignment A to B(F )
I Query theory solver if B−1(A) is sat; if so F is sat
I Otherwise, compute minimal unsat core C of B−1(A)
I Use ¬C as theory conflict clause
I i.e., construct new boolean abstraction as B(F ∧ ¬C )
I Repeat until we decide sat or unsat
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 22/34
Page 131
SMT Solving Using Unsat Cores
I Given formula F , construct boolean abstraction B(F )
I Use SAT solver to decide if B(F ) is unsat; if so F also unsat
I Otherwise, get satisfying assignment A to B(F )
I Query theory solver if B−1(A) is sat; if so F is sat
I Otherwise, compute minimal unsat core C of B−1(A)
I Use ¬C as theory conflict clause
I i.e., construct new boolean abstraction as B(F ∧ ¬C )
I Repeat until we decide sat or unsat
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 22/34
Page 132
SMT Solving Using Unsat Cores
I Given formula F , construct boolean abstraction B(F )
I Use SAT solver to decide if B(F ) is unsat; if so F also unsat
I Otherwise, get satisfying assignment A to B(F )
I Query theory solver if B−1(A) is sat; if so F is sat
I Otherwise, compute minimal unsat core C of B−1(A)
I Use ¬C as theory conflict clause
I i.e., construct new boolean abstraction as B(F ∧ ¬C )
I Repeat until we decide sat or unsat
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 22/34
Page 133
SMT Solving Using Unsat Cores
I Given formula F , construct boolean abstraction B(F )
I Use SAT solver to decide if B(F ) is unsat; if so F also unsat
I Otherwise, get satisfying assignment A to B(F )
I Query theory solver if B−1(A) is sat; if so F is sat
I Otherwise, compute minimal unsat core C of B−1(A)
I Use ¬C as theory conflict clause
I i.e., construct new boolean abstraction as B(F ∧ ¬C )
I Repeat until we decide sat or unsat
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 22/34
Page 134
SMT Solving Using Unsat Cores
I Given formula F , construct boolean abstraction B(F )
I Use SAT solver to decide if B(F ) is unsat; if so F also unsat
I Otherwise, get satisfying assignment A to B(F )
I Query theory solver if B−1(A) is sat; if so F is sat
I Otherwise, compute minimal unsat core C of B−1(A)
I Use ¬C as theory conflict clause
I i.e., construct new boolean abstraction as B(F ∧ ¬C )
I Repeat until we decide sat or unsat
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 22/34
Page 135
SMT Solving Using Unsat Cores
I Given formula F , construct boolean abstraction B(F )
I Use SAT solver to decide if B(F ) is unsat; if so F also unsat
I Otherwise, get satisfying assignment A to B(F )
I Query theory solver if B−1(A) is sat; if so F is sat
I Otherwise, compute minimal unsat core C of B−1(A)
I Use ¬C as theory conflict clause
I i.e., construct new boolean abstraction as B(F ∧ ¬C )
I Repeat until we decide sat or unsat
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 22/34
Page 136
SMT Solving Using Unsat Cores
I Given formula F , construct boolean abstraction B(F )
I Use SAT solver to decide if B(F ) is unsat; if so F also unsat
I Otherwise, get satisfying assignment A to B(F )
I Query theory solver if B−1(A) is sat; if so F is sat
I Otherwise, compute minimal unsat core C of B−1(A)
I Use ¬C as theory conflict clause
I i.e., construct new boolean abstraction as B(F ∧ ¬C )
I Repeat until we decide sat or unsat
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 22/34
Page 137
SMT Solving Using Unsat Cores
I Given formula F , construct boolean abstraction B(F )
I Use SAT solver to decide if B(F ) is unsat; if so F also unsat
I Otherwise, get satisfying assignment A to B(F )
I Query theory solver if B−1(A) is sat; if so F is sat
I Otherwise, compute minimal unsat core C of B−1(A)
I Use ¬C as theory conflict clause
I i.e., construct new boolean abstraction as B(F ∧ ¬C )
I Repeat until we decide sat or unsat
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 22/34
Page 138
Discussion
I This strategy is much better than simplest strategy where we add B−1(A)as theory conflict clause.
I Using simple strategy, we block just one assignment
I Using minimal unsat cores, we block many assignments using one theoryconflict clause
I However, our strategy still not ideal because it waits for full assignment toboolean abstraction to generate conflict clause
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 23/34
Page 139
Discussion
I This strategy is much better than simplest strategy where we add B−1(A)as theory conflict clause.
I Using simple strategy, we block just one assignment
I Using minimal unsat cores, we block many assignments using one theoryconflict clause
I However, our strategy still not ideal because it waits for full assignment toboolean abstraction to generate conflict clause
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 23/34
Page 140
Discussion
I This strategy is much better than simplest strategy where we add B−1(A)as theory conflict clause.
I Using simple strategy, we block just one assignment
I Using minimal unsat cores, we block many assignments using one theoryconflict clause
I However, our strategy still not ideal because it waits for full assignment toboolean abstraction to generate conflict clause
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 23/34
Page 141
Discussion
I This strategy is much better than simplest strategy where we add B−1(A)as theory conflict clause.
I Using simple strategy, we block just one assignment
I Using minimal unsat cores, we block many assignments using one theoryconflict clause
I However, our strategy still not ideal because it waits for full assignment toboolean abstraction to generate conflict clause
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 23/34
Page 142
Motivation for Integration with DPLL
I Consider very large formula F containing x = y and x 6= y withcorresponding boolean variables b1 and b2
I Also, suppose B(F ) contains hundreds of boolean variables
I As soon as sat solver makes assignment b1 = >, b2 = >, we are doomedbecause this is unsatisfiable in theory
I Thus, no need to continue with SAT solving after this bad partialassignment
I Idea: Don’t use SAT solver as “blackbox”
I Instead, integrate theory solver right into the DPLL algorithm
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 24/34
Page 143
Motivation for Integration with DPLL
I Consider very large formula F containing x = y and x 6= y withcorresponding boolean variables b1 and b2
I Also, suppose B(F ) contains hundreds of boolean variables
I As soon as sat solver makes assignment b1 = >, b2 = >, we are doomedbecause this is unsatisfiable in theory
I Thus, no need to continue with SAT solving after this bad partialassignment
I Idea: Don’t use SAT solver as “blackbox”
I Instead, integrate theory solver right into the DPLL algorithm
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 24/34
Page 144
Motivation for Integration with DPLL
I Consider very large formula F containing x = y and x 6= y withcorresponding boolean variables b1 and b2
I Also, suppose B(F ) contains hundreds of boolean variables
I As soon as sat solver makes assignment b1 = >, b2 = >, we are doomedbecause this is unsatisfiable in theory
I Thus, no need to continue with SAT solving after this bad partialassignment
I Idea: Don’t use SAT solver as “blackbox”
I Instead, integrate theory solver right into the DPLL algorithm
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 24/34
Page 145
Motivation for Integration with DPLL
I Consider very large formula F containing x = y and x 6= y withcorresponding boolean variables b1 and b2
I Also, suppose B(F ) contains hundreds of boolean variables
I As soon as sat solver makes assignment b1 = >, b2 = >, we are doomedbecause this is unsatisfiable in theory
I Thus, no need to continue with SAT solving after this bad partialassignment
I Idea: Don’t use SAT solver as “blackbox”
I Instead, integrate theory solver right into the DPLL algorithm
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 24/34
Page 146
Motivation for Integration with DPLL
I Consider very large formula F containing x = y and x 6= y withcorresponding boolean variables b1 and b2
I Also, suppose B(F ) contains hundreds of boolean variables
I As soon as sat solver makes assignment b1 = >, b2 = >, we are doomedbecause this is unsatisfiable in theory
I Thus, no need to continue with SAT solving after this bad partialassignment
I Idea: Don’t use SAT solver as “blackbox”
I Instead, integrate theory solver right into the DPLL algorithm
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 24/34
Page 147
Motivation for Integration with DPLL
I Consider very large formula F containing x = y and x 6= y withcorresponding boolean variables b1 and b2
I Also, suppose B(F ) contains hundreds of boolean variables
I As soon as sat solver makes assignment b1 = >, b2 = >, we are doomedbecause this is unsatisfiable in theory
I Thus, no need to continue with SAT solving after this bad partialassignment
I Idea: Don’t use SAT solver as “blackbox”
I Instead, integrate theory solver right into the DPLL algorithm
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 24/34
Page 148
DPLL-Based SAT Solver Architecture
Decide
SAT
BCPno conflict
conflict
AnalyzeConflict
UNSAT
backtrackif d > 0
I Idea: Integrate theory solver right into this SAT solving loop!
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 25/34
Page 149
DPLL-Based SAT Solver Architecture
Decide
SAT
BCPno conflict
conflict
AnalyzeConflict
UNSAT
backtrackif d > 0
I Idea: Integrate theory solver right into this SAT solving loop!
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 25/34
Page 150
DPLL(T ) Framework
Decide
SAT
BCP
no conflict, theory propagation lemma(s)
conflict
AnalyzeConflict
UNSAT
backtrackif d > 0
TheorySolveconflict clause
C(A)
I Combination of DPLL-based SAT solver and decision procedure forconjunctive T formula called DPLL(T ) framework
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 26/34
Page 151
DPLL(T ) Framework
Decide
SAT
BCP
no conflict, theory propagation lemma(s)
conflict
AnalyzeConflict
UNSAT
backtrackif d > 0
TheorySolveconflict clause
C(A)
I Combination of DPLL-based SAT solver and decision procedure forconjunctive T formula called DPLL(T ) framework
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 26/34
Page 152
DPLL(T ) Framework
I Suppose SAT solver has made assignment in Decide step and performedBCP
I If no conflict detected, immediately invoke theory solver
I Specifically, suppose A is current partial assignment to boolean abstraction
I Use theory solver to decide if B−1(A) is unsat
I If B−1(A) unsat, add theory conflict clause ¬A to clause database
I Or better, add negation of unsat core of A to clause database
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 27/34
Page 153
DPLL(T ) Framework
I Suppose SAT solver has made assignment in Decide step and performedBCP
I If no conflict detected, immediately invoke theory solver
I Specifically, suppose A is current partial assignment to boolean abstraction
I Use theory solver to decide if B−1(A) is unsat
I If B−1(A) unsat, add theory conflict clause ¬A to clause database
I Or better, add negation of unsat core of A to clause database
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 27/34
Page 154
DPLL(T ) Framework
I Suppose SAT solver has made assignment in Decide step and performedBCP
I If no conflict detected, immediately invoke theory solver
I Specifically, suppose A is current partial assignment to boolean abstraction
I Use theory solver to decide if B−1(A) is unsat
I If B−1(A) unsat, add theory conflict clause ¬A to clause database
I Or better, add negation of unsat core of A to clause database
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 27/34
Page 155
DPLL(T ) Framework
I Suppose SAT solver has made assignment in Decide step and performedBCP
I If no conflict detected, immediately invoke theory solver
I Specifically, suppose A is current partial assignment to boolean abstraction
I Use theory solver to decide if B−1(A) is unsat
I If B−1(A) unsat, add theory conflict clause ¬A to clause database
I Or better, add negation of unsat core of A to clause database
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 27/34
Page 156
DPLL(T ) Framework
I Suppose SAT solver has made assignment in Decide step and performedBCP
I If no conflict detected, immediately invoke theory solver
I Specifically, suppose A is current partial assignment to boolean abstraction
I Use theory solver to decide if B−1(A) is unsat
I If B−1(A) unsat, add theory conflict clause ¬A to clause database
I Or better, add negation of unsat core of A to clause database
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 27/34
Page 157
DPLL(T ) Framework
I Suppose SAT solver has made assignment in Decide step and performedBCP
I If no conflict detected, immediately invoke theory solver
I Specifically, suppose A is current partial assignment to boolean abstraction
I Use theory solver to decide if B−1(A) is unsat
I If B−1(A) unsat, add theory conflict clause ¬A to clause database
I Or better, add negation of unsat core of A to clause database
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 27/34
Page 158
DPLL(T ) Framework
Decide
SAT
BCP
no conflict, theory propagation lemma(s)
conflict
AnalyzeConflict
UNSAT
backtrackif d > 0
TheorySolveconflict clause
C(A)
I Add theory conflict clause and continue doing BCP, which will detectconflict
I As before, AnalyzeConflict decides what level to backtrack to
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 28/34
Page 159
DPLL(T ) Framework
Decide
SAT
BCP
no conflict, theory propagation lemma(s)
conflict
AnalyzeConflict
UNSAT
backtrackif d > 0
TheorySolveconflict clause
C(A)
I Add theory conflict clause and continue doing BCP, which will detectconflict
I As before, AnalyzeConflict decides what level to backtrack to
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 28/34
Page 160
Theory Propagation
I What we described so far is sufficient to solve SMT formulas, but we canmuch better!
I Suppose original formula contains literals x = y , y = z , x 6= z withcorresponding boolean variables b1, b2, b3
I Suppose SAT solver makes partial assignment b1 : >, b2 : >
I In next Decide step, free to assign b3 : > or b3 : ⊥
I But assignment b3 : > is sub-optimal, b/c will lead to conflict in T
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 29/34
Page 161
Theory Propagation
I What we described so far is sufficient to solve SMT formulas, but we canmuch better!
I Suppose original formula contains literals x = y , y = z , x 6= z withcorresponding boolean variables b1, b2, b3
I Suppose SAT solver makes partial assignment b1 : >, b2 : >
I In next Decide step, free to assign b3 : > or b3 : ⊥
I But assignment b3 : > is sub-optimal, b/c will lead to conflict in T
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 29/34
Page 162
Theory Propagation
I What we described so far is sufficient to solve SMT formulas, but we canmuch better!
I Suppose original formula contains literals x = y , y = z , x 6= z withcorresponding boolean variables b1, b2, b3
I Suppose SAT solver makes partial assignment b1 : >, b2 : >
I In next Decide step, free to assign b3 : > or b3 : ⊥
I But assignment b3 : > is sub-optimal, b/c will lead to conflict in T
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 29/34
Page 163
Theory Propagation
I What we described so far is sufficient to solve SMT formulas, but we canmuch better!
I Suppose original formula contains literals x = y , y = z , x 6= z withcorresponding boolean variables b1, b2, b3
I Suppose SAT solver makes partial assignment b1 : >, b2 : >
I In next Decide step, free to assign b3 : > or b3 : ⊥
I But assignment b3 : > is sub-optimal, b/c will lead to conflict in T
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 29/34
Page 164
Theory Propagation
I What we described so far is sufficient to solve SMT formulas, but we canmuch better!
I Suppose original formula contains literals x = y , y = z , x 6= z withcorresponding boolean variables b1, b2, b3
I Suppose SAT solver makes partial assignment b1 : >, b2 : >
I In next Decide step, free to assign b3 : > or b3 : ⊥
I But assignment b3 : > is sub-optimal, b/c will lead to conflict in T
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 29/34
Page 165
Theory Propagation Lemma, cont
I Idea: Theory solver can communicate which literals are implied by currentpartial assignment
I In our example, ¬x 6= z implied by current partial assignmentx = y ∧ y = z
I Thus, can safely add b1 ∧ b2 → b3 to clause database
I These kinds of clauses implied by theory are called theory propagationlemmas
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 30/34
Page 166
Theory Propagation Lemma, cont
I Idea: Theory solver can communicate which literals are implied by currentpartial assignment
I In our example, ¬x 6= z implied by current partial assignmentx = y ∧ y = z
I Thus, can safely add b1 ∧ b2 → b3 to clause database
I These kinds of clauses implied by theory are called theory propagationlemmas
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 30/34
Page 167
Theory Propagation Lemma, cont
I Idea: Theory solver can communicate which literals are implied by currentpartial assignment
I In our example, ¬x 6= z implied by current partial assignmentx = y ∧ y = z
I Thus, can safely add b1 ∧ b2 → b3 to clause database
I These kinds of clauses implied by theory are called theory propagationlemmas
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 30/34
Page 168
Theory Propagation Lemma, cont
I Idea: Theory solver can communicate which literals are implied by currentpartial assignment
I In our example, ¬x 6= z implied by current partial assignmentx = y ∧ y = z
I Thus, can safely add b1 ∧ b2 → b3 to clause database
I These kinds of clauses implied by theory are called theory propagationlemmas
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 30/34
Page 169
DPLL(T ) Framework
Decide
SAT
BCP
no conflict, theory propagation lemma(s)
conflict
AnalyzeConflict
UNSAT
backtrackif d > 0
TheorySolveconflict clause
C(A)
I After adding theory propagation lemma, continue doing BCP
I Adding theory propagation lemmas prevents bad assignments to booleanabstraction
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 31/34
Page 170
DPLL(T ) Framework
Decide
SAT
BCP
no conflict, theory propagation lemma(s)
conflict
AnalyzeConflict
UNSAT
backtrackif d > 0
TheorySolveconflict clause
C(A)
I After adding theory propagation lemma, continue doing BCP
I Adding theory propagation lemmas prevents bad assignments to booleanabstraction
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 31/34
Page 171
Inferring Theory Propagation Lemmas
I How do we obtain theory propagation lemmas?
I Option #1: Treat theory solver as blackbox, query whether particularliteral a is implied by current partial assisgnment?
I Option #2: Modify theory solver so that it can figure out implied literals
I Second option is considered more efficient, but have to figure out how todo this for each different theory
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 32/34
Page 172
Inferring Theory Propagation Lemmas
I How do we obtain theory propagation lemmas?
I Option #1: Treat theory solver as blackbox, query whether particularliteral a is implied by current partial assisgnment?
I Option #2: Modify theory solver so that it can figure out implied literals
I Second option is considered more efficient, but have to figure out how todo this for each different theory
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 32/34
Page 173
Inferring Theory Propagation Lemmas
I How do we obtain theory propagation lemmas?
I Option #1: Treat theory solver as blackbox, query whether particularliteral a is implied by current partial assisgnment?
I Option #2: Modify theory solver so that it can figure out implied literals
I Second option is considered more efficient, but have to figure out how todo this for each different theory
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 32/34
Page 174
Inferring Theory Propagation Lemmas
I How do we obtain theory propagation lemmas?
I Option #1: Treat theory solver as blackbox, query whether particularliteral a is implied by current partial assisgnment?
I Option #2: Modify theory solver so that it can figure out implied literals
I Second option is considered more efficient, but have to figure out how todo this for each different theory
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 32/34
Page 175
Which Theory Propagation Lemmas to Add
I Which theory propagation lemmas do we add?
I Option #1: Figure out and add all literals implied by current partialassignment; called exhaustive theory propagation
I Option #2: Only figure out literals “obviously” implied by current partialassignment
I Exhaustive theory propagation can be very expensive; second optionconsidered preferable
I There isn’t much of a science behind which literals are “obviously” implied
I Solvers use different strategies to obtain simple-to-find implications
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 33/34
Page 176
Which Theory Propagation Lemmas to Add
I Which theory propagation lemmas do we add?
I Option #1: Figure out and add all literals implied by current partialassignment; called exhaustive theory propagation
I Option #2: Only figure out literals “obviously” implied by current partialassignment
I Exhaustive theory propagation can be very expensive; second optionconsidered preferable
I There isn’t much of a science behind which literals are “obviously” implied
I Solvers use different strategies to obtain simple-to-find implications
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 33/34
Page 177
Which Theory Propagation Lemmas to Add
I Which theory propagation lemmas do we add?
I Option #1: Figure out and add all literals implied by current partialassignment; called exhaustive theory propagation
I Option #2: Only figure out literals “obviously” implied by current partialassignment
I Exhaustive theory propagation can be very expensive; second optionconsidered preferable
I There isn’t much of a science behind which literals are “obviously” implied
I Solvers use different strategies to obtain simple-to-find implications
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 33/34
Page 178
Which Theory Propagation Lemmas to Add
I Which theory propagation lemmas do we add?
I Option #1: Figure out and add all literals implied by current partialassignment; called exhaustive theory propagation
I Option #2: Only figure out literals “obviously” implied by current partialassignment
I Exhaustive theory propagation can be very expensive; second optionconsidered preferable
I There isn’t much of a science behind which literals are “obviously” implied
I Solvers use different strategies to obtain simple-to-find implications
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 33/34
Page 179
Which Theory Propagation Lemmas to Add
I Which theory propagation lemmas do we add?
I Option #1: Figure out and add all literals implied by current partialassignment; called exhaustive theory propagation
I Option #2: Only figure out literals “obviously” implied by current partialassignment
I Exhaustive theory propagation can be very expensive; second optionconsidered preferable
I There isn’t much of a science behind which literals are “obviously” implied
I Solvers use different strategies to obtain simple-to-find implications
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 33/34
Page 180
Which Theory Propagation Lemmas to Add
I Which theory propagation lemmas do we add?
I Option #1: Figure out and add all literals implied by current partialassignment; called exhaustive theory propagation
I Option #2: Only figure out literals “obviously” implied by current partialassignment
I Exhaustive theory propagation can be very expensive; second optionconsidered preferable
I There isn’t much of a science behind which literals are “obviously” implied
I Solvers use different strategies to obtain simple-to-find implications
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 33/34
Page 181
Summary
I SMT solvers decide satisfiability in boolean combinations of differenttheories
I Instead of converting to DNF, they handle boolean structure using SATsolving technqiues
I Most common approach is to construct boolean abstraction and lazily infertheory conflict clauses
I To do this, can either consider SAT solver as blackbox or can integratewith it
I Latter strategy considered superior and known as DPLL(T ) framework
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 34/34
Page 182
Summary
I SMT solvers decide satisfiability in boolean combinations of differenttheories
I Instead of converting to DNF, they handle boolean structure using SATsolving technqiues
I Most common approach is to construct boolean abstraction and lazily infertheory conflict clauses
I To do this, can either consider SAT solver as blackbox or can integratewith it
I Latter strategy considered superior and known as DPLL(T ) framework
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 34/34
Page 183
Summary
I SMT solvers decide satisfiability in boolean combinations of differenttheories
I Instead of converting to DNF, they handle boolean structure using SATsolving technqiues
I Most common approach is to construct boolean abstraction and lazily infertheory conflict clauses
I To do this, can either consider SAT solver as blackbox or can integratewith it
I Latter strategy considered superior and known as DPLL(T ) framework
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 34/34
Page 184
Summary
I SMT solvers decide satisfiability in boolean combinations of differenttheories
I Instead of converting to DNF, they handle boolean structure using SATsolving technqiues
I Most common approach is to construct boolean abstraction and lazily infertheory conflict clauses
I To do this, can either consider SAT solver as blackbox or can integratewith it
I Latter strategy considered superior and known as DPLL(T ) framework
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 34/34
Page 185
Summary
I SMT solvers decide satisfiability in boolean combinations of differenttheories
I Instead of converting to DNF, they handle boolean structure using SATsolving technqiues
I Most common approach is to construct boolean abstraction and lazily infertheory conflict clauses
I To do this, can either consider SAT solver as blackbox or can integratewith it
I Latter strategy considered superior and known as DPLL(T ) framework
Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 17: SMT Solvers and the DPPL(T ) Framework 34/34