SMT with Z3

Alexander Tchitchigin

Innosoft LLC

Outline

  • SMT overview
  • Intro into Logic
  • SMT Lib
  • Z3 overview
  • Exercises

Satisfiability Modulo Theories

Applications

  • Static Checking
  • Test-Case Generation
  • Bounded Model Checking
  • Symbolic Simulation
  • Planning and Scheduling
  • Program Synthesis

Characteristics

  • SAT Generalization
  • First-Order Logic
  • Decidable/Undecidable

SAT aka Boolean Satisfiability

x_1 \wedge \neg x_2
x1¬x2x_1 \wedge \neg x_2
(x_1 \vee \neg x_2) \wedge (\neg x_1 \vee x_2 \vee x_3) \wedge \neg x_1
(x1¬x2)(¬x1x2x3)¬x1(x_1 \vee \neg x_2) \wedge (\neg x_1 \vee x_2 \vee x_3) \wedge \neg x_1

SAT

  • Decidable
  • NP-hard
  • Hundreds of variables

SMT

  • Multisorted first-order logic
  • Linear arithmetic
  • Non-linear arithmetic
  • Arrays
  • Bit-vectors
  • Quantifiers
  • ...

SMT

(declare-const x Int)
(declare-const y Int)
(assert (= (+ x y) 10))
(assert (= (+ x (* 2 y)) 20))
(check-sat)
(get-model)

Logic Basics

Language

Interpretation

Proof

Propositional calculus

  • A, B, C, ...
  • not A, (A implies B)
  • And that's all folks

Interpretation

  • {0, 1}
  • (A and B) = ([A] * [B])
  • And so on

Truth tables

A B (A \/ B) => B
0 0 1
0 1 1
1 0 0
1 1 1

Proofs

  • MP: (A=>B), A |- B
  • Couple of axioms
  • Soundness and Completeness
  • Excluded middle (classical logic)

Predicate calculus

  • The same plus
  • Atoms (constants): a, b, c, ...
  • Variables: x, y, z, ...
  • (Uninterpreted) functions: f(x, b), ...
  • Predicates: P(x, g(x, b), c), ...
  • Quantifiers:  ∀ and ∃

Interpretaton

  • Set theory
  • Domain theory
  • Category theory
  • ...

Predicate calculus

  • Still Sound and Complete
  • But semi-decidable (Turing-complete)
  • Proofs are much more complicated

SMT-LIB Basics

SMT-LIB

  • International collaboration
  • Formal documentation
  • De-facto standard
  • http://smtlib.cs.uiowa.edu

Elements of Syntax

  • Lisp-like (s-expressions)
  • Commands to the solver
  • Sets options
  • Sets theory
  • Sets assertions

Example

(set-logic QF_LIA)
(declare-const x Int)
(declare-const y Int)
(assert (= (- x y) (+ x (- y) 1)))
(check-sat)
; unsat
(exit)

Example

(set-logic QF_LIA)
(declare-const x Int)
(declare-const y Int)
(assert (= (+ x (* 2 y)) 20))
(assert (= (- x y) 2))
(check-sat)
; sat
(get-model)
; ((define-fun x () Int 8)
;  (define-fun y () Int 6)
; )
(exit)

Example

; Modeling sequential code in SSA form
;; Buggy swap
; int x, y;
; int t = x;
; y = t;
; x = y;

(set-logic QF_UFLIA)
(declare-fun x (Int) Int)
(declare-fun y (Int) Int)
(declare-fun t (Int) Int)
(assert (= (t 0) (x 0)))
(assert (= (y 1) (t 0)))
(assert (= (x 1) (y 1)))

(assert (not 
  (and (= (x 1) (y 0)) 
       (= (y 1) (x 0)))))

(check-sat)
(get-model)
; possible returned model:
; (
;  (define-fun x ((_ufmt_1 Int)) Int (- 1))
;  (define-fun y ((_ufmt_1 Int)) Int (ite (= _ufmt_1 1) (- 1) 2))
;  (define-fun t ((_ufmt_1 Int)) Int (- 1))
; )
(exit)

Z3

Features

  • C/C++ lib with bindings
  • Optimized extended DPLL
  • Is used for everything
  • http://rise4fun.com/z3

Exercise

  CHOO
+ CHOO
 -----
 TRAIN

Stack ADT

TYPES
• INT_STACK

FUNCTIONS
• put: INT_STACK x INT -> INT_STACK
• remove: INT_STACK -/> INT_STACK
• item: INT_STACK -/> INT
• empty: INT_STACK -> BOOLEAN
• new: INT_STACK

AXIOMS
For any x:INT, s:INT_STACK
• A1 - item(put(s,x)) = x
• A2 - remove(put(s,x)) = s
• A3 - empty(new)
• A4 - not empty(put(s,x))

PRECONDITIONS
• remove(s:INT_STACK) require not empty(s)
• item(s:INT_STACK) require not empty(s)
Made with Slides.com