New techniques for instantiation and proof production in...
Transcript of New techniques for instantiation and proof production in...
New techniques for instantiation and proof productionin SMT solving
Haniel Barbosa
University of Lorraine, CNRS, Inria, LORIA, Nancy, France
PPgSC, DIMAp, UFRN, Natal, Brazil
Advisors: Pascal Fontaine, David Deharbe, and Stephan Merz
PhD defense
2017–09–05, Nancy, France
Formal Verification
ProgramAnalysis
Automatic Testing
ProgramSynthesis
Automated Reasoning
PhD defense 1 / 33
Formal Verification
ProgramAnalysis
Automatic Testing
ProgramSynthesis
SMTSolvers
PhD defense 1 / 33
Problem statement
ϕ = a ≤ b ∧ b ≤ a+ x ∧ x ' 0 ∧ [f(a) 6' f(b) ∨ (q(a) ∧ ¬q(b+ x))]
PhD defense 2 / 33
Problem statement
ϕ = a ≤ b ∧ b ≤ a+ x ∧ x ' 0 ∧ [f(a) 6' f(b) ∨ (q(a) ∧ ¬q(b+ x))]
Clausified formula:
ϕ′ = a ≤ b∧ b ≤ a+x∧x ' 0∧ [f(a) 6' f(b)∨ q(a)]∧ [f(a) 6' f(b)∨¬q(b+x)]
PhD defense 2 / 33
Problem statement
ϕ = a ≤ b ∧ b ≤ a+ x ∧ x ' 0 ∧ [f(a) 6' f(b) ∨ (q(a) ∧ ¬q(b+ x))]
Clausified formula:
ϕ′ = a ≤ b∧ b ≤ a+x∧x ' 0∧ [f(a) 6' f(b)∨ q(a)]∧ [f(a) 6' f(b)∨¬q(b+x)]
Propositional abstraction:
abs(ϕ′) = pa≤b ∧ pb≤a+x ∧ px'0 ∧ (¬pf(a)'f(b) ∨ pq(a))∧ (¬pf(a)'f(b) ∨¬pq(b+x))
PhD defense 2 / 33
Problem statement
ϕ = a ≤ b ∧ b ≤ a+ x ∧ x ' 0 ∧ [f(a) 6' f(b) ∨ (q(a) ∧ ¬q(b+ x))]
Clausified formula:
ϕ′ = a ≤ b∧ b ≤ a+x∧x ' 0∧ [f(a) 6' f(b)∨ q(a)]∧ [f(a) 6' f(b)∨¬q(b+x)]
Propositional abstraction:
abs(ϕ′) = pa≤b ∧ pb≤a+x ∧ px'0 ∧ (¬pf(a)'f(b) ∨ pq(a))∧ (¬pf(a)'f(b) ∨¬pq(b+x))
Satisfying assignment:
{pa≤b, pb≤a+x, px'0, ¬pf(a)'f(b)} ⇒ {a ≤ b, b ≤ a+ x, x ' 0, f(a) 6' f(b)}
PhD defense 2 / 33
Problem statement
ϕ = a ≤ b ∧ b ≤ a+ x ∧ x ' 0 ∧ [f(a) 6' f(b) ∨ (q(a) ∧ ¬q(b+ x))]
Clausified formula:
ϕ′ = a ≤ b∧ b ≤ a+x∧x ' 0∧ [f(a) 6' f(b)∨ q(a)]∧ [f(a) 6' f(b)∨¬q(b+x)]
Propositional abstraction:
abs(ϕ′) = pa≤b ∧ pb≤a+x ∧ px'0 ∧ (¬pf(a)'f(b) ∨ pq(a))∧ (¬pf(a)'f(b) ∨¬pq(b+x))
Satisfying assignment:
{pa≤b, pb≤a+x, px'0, ¬pf(a)'f(b)} ⇒ {a ≤ b, b ≤ a+ x, x ' 0, f(a) 6' f(b)}
Conflict clause: ¬(a ≤ b) ∨ ¬(b ≤ a+ x) ∨ ¬(x ' 0) ∨ f(a) ' f(b)
PhD defense 2 / 33
Problem statement
ϕ = a ≤ b ∧ b ≤ a+ x ∧ x ' 0 ∧ [f(a) 6' f(b) ∨ (q(a) ∧ ¬q(b+ x))]
Clausified formula:
ϕ′ = a ≤ b∧ b ≤ a+x∧x ' 0∧ [f(a) 6' f(b)∨ q(a)]∧ [f(a) 6' f(b)∨¬q(b+x)]
ϕ′′ = ϕ′ ∧ ¬(a ≤ b) ∨ ¬(b ≤ a+ x) ∨ ¬(x ' 0) ∨ f(a) ' f(b)
PhD defense 2 / 33
Problem statement
ϕ = a ≤ b ∧ b ≤ a+ x ∧ x ' 0 ∧ [f(a) 6' f(b) ∨ (q(a) ∧ ¬q(b+ x))]
Clausified formula:
ϕ′ = a ≤ b∧ b ≤ a+x∧x ' 0∧ [f(a) 6' f(b)∨ q(a)]∧ [f(a) 6' f(b)∨¬q(b+x)]
ϕ′′ = ϕ′ ∧ ¬(a ≤ b) ∨ ¬(b ≤ a+ x) ∨ ¬(x ' 0) ∨ f(a) ' f(b)
Satisfying assignment: {a ≤ b, b ≤ a+ x, x ' 0, q(a), ¬q(b+ x)}
PhD defense 2 / 33
Problem statement
ϕ = a ≤ b ∧ b ≤ a+ x ∧ x ' 0 ∧ [f(a) 6' f(b) ∨ (q(a) ∧ ¬q(b+ x))]
Clausified formula:
ϕ′ = a ≤ b∧ b ≤ a+x∧x ' 0∧ [f(a) 6' f(b)∨ q(a)]∧ [f(a) 6' f(b)∨¬q(b+x)]
ϕ′′ = ϕ′ ∧ ¬(a ≤ b) ∨ ¬(b ≤ a+ x) ∨ ¬(x ' 0) ∨ f(a) ' f(b)
Satisfying assignment: {a ≤ b, b ≤ a+ x, x ' 0, q(a), ¬q(b+ x)}
Conflict clause: ¬(a ≤ b) ∨ ¬(b ≤ a+ x) ∨ ¬(x ' 0) ∨ ¬q(a) ∨ q(b+ x)
PhD defense 2 / 33
Problem statement
ϕ = a ≤ b ∧ b ≤ a+ x ∧ x ' 0 ∧ [f(a) 6' f(b) ∨ (q(a) ∧ ¬q(b+ x))]
Clausified formula:
ϕ′ = a ≤ b∧ b ≤ a+x∧x ' 0∧ [f(a) 6' f(b)∨ q(a)]∧ [f(a) 6' f(b)∨¬q(b+x)]
ϕ′′ = ϕ′ ∧ ¬(a ≤ b) ∨ ¬(b ≤ a+ x) ∨ ¬(x ' 0) ∨ f(a) ' f(b)
ϕ′′′ = ϕ′′ ∧ ¬(a ≤ b) ∨ ¬(b ≤ a+ x) ∨ ¬(x ' 0) ∨ ¬q(a) ∨ q(b+ x)
UNSAT!
PhD defense 2 / 33
Problem statement
ϕ = a ≤ b ∧ b ≤ a+ x ∧ x ' 0 ∧ [f(a) 6' f(b) ∨ (q(a) ∧ ¬q(b+ x))]
Clausified formula:
ϕ′ = a ≤ b∧ b ≤ a+x∧x ' 0∧ [f(a) 6' f(b)∨ q(a)]∧ [f(a) 6' f(b)∨¬q(b+x)]
ϕ′′ = ϕ′ ∧ ¬(a ≤ b) ∨ ¬(b ≤ a+ x) ∨ ¬(x ' 0) ∨ f(a) ' f(b)
ϕ′′′ = ϕ′′ ∧ ¬(a ≤ b) ∨ ¬(b ≤ a+ x) ∨ ¬(x ' 0) ∨ ¬q(a) ∨ q(b+ x)
UNSAT!
PhD defense 2 / 33
Problem statement
SMT formula
SMT solver
SAT solver
Boolean Model
Theoryreasoner
Formula processing
Conflict clause
Quantifier-free SMT solver
SAT (model) UNSAT (proof/core)
Quantifier-free solver enumerates models E
I E is a set of ground literals {a ≤ b, b ≤ a+ x, x ' 0, f(a) 6' f(b)}
I Q is a set of quantified clauses {∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)}
Instantiation module generates instances of Q f(a) 6' f(b) ∨ g(a) ' h(b)
PhD defense 3 / 33
Problem statement
SMT formula
SMT solver
SAT solver
Boolean Model
Theoryreasoner
Formula processing
Conflict clause
Quantifier-free SMT solver
Model
Instantiationmodule
Instance
SAT (model) UNSAT (proof/core)
Quantifier-free solver enumerates models E ∪QI E is a set of ground literals {a ≤ b, b ≤ a+ x, x ' 0, f(a) 6' f(b)}
I Q is a set of quantified clauses {∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)}
Instantiation module generates instances of Q f(a) 6' f(b) ∨ g(a) ' h(b)
PhD defense 3 / 33
Contributions
A unifying framework for instantiating quantified formulas with equalityand uninterpreted functions [B., Fontaine, Reynolds. TACAS’17]
(I1) Formalizing underlying problem for instantiation in SMT
(I2) Lifting congruence closure to accommodate free variables
(I3) Casting existing instantiation techniques in framework
(I4) Techniques for efficient implementation
PhD defense 4 / 33
Contributions
Scalable fine-grained proofs for formula processing[B., Blanchette, Fontaine. CADE’17]
(P1) Extensible inference system for formula processing
(P2) Proof producing generic contextual recursion algorithm
(P3) Proving desirable properties of rules and algorithms
(P4) Validation of framework through implementation and prototype checker
PhD defense 5 / 33
Contribution 1: A unifying framework for instantiating quantifiedformulas with equality and uninterpreted functions
SMT formula
SMT solver
SAT solver
Boolean Model
Theoryreasoner
Formula processing
Conflict clause
Quantifier-free SMT solver
Model
Instantiationmodule
Instance
SAT (model) UNSAT (proof/core)
Heuristic instantiation
Pattern-matching of terms from Q into terms of E
for ∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z) a pattern is {f(x), g(y), h(z)}
� Fast, but too many instancesE with 102 applications each for f, g, h leads to up to 106 instantiations
EEE Instantiation moduleEasily gets out of hand!
PhD defense 6 / 33
Heuristic instantiation
Pattern-matching of terms from Q into terms of E
for ∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z) a pattern is {f(x), g(y), h(z)}
� Fast, but too many instancesE with 102 applications each for f, g, h leads to up to 106 instantiations
EEE Instantiation moduleEasily gets out of hand!
PhD defense 6 / 33
Heuristic instantiation
Pattern-matching of terms from Q into terms of E
for ∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z) a pattern is {f(x), g(y), h(z)}
� Fast, but too many instancesE with 102 applications each for f, g, h leads to up to 106 instantiations
EEE Instantiation moduleEasily gets out of hand!
PhD defense 6 / 33
Heuristic instantiation
Pattern-matching of terms from Q into terms of E
for ∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z) a pattern is {f(x), g(y), h(z)}
� Fast, but too many instancesE with 102 applications each for f, g, h leads to up to 106 instantiations
EEE Instantiation moduleEasily gets out of hand!
PhD defense 6 / 33
Heuristic instantiation
Pattern-matching of terms from Q into terms of E
for ∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z) a pattern is {f(x), g(y), h(z)}
� Fast, but too many instancesE with 102 applications each for f, g, h leads to up to 106 instantiations
EEE Instantiation moduleEasily gets out of hand!
PhD defense 6 / 33
Heuristic instantiation
Pattern-matching of terms from Q into terms of E
for ∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z) a pattern is {f(x), g(y), h(z)}
� Fast, but too many instancesE with 102 applications each for f, g, h leads to up to 106 instantiations
EEE Instantiation moduleEasily gets out of hand!
PhD defense 6 / 33
Heuristic instantiation
Pattern-matching of terms from Q into terms of E
for ∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z) a pattern is {f(x), g(y), h(z)}
� Fast, but too many instancesE with 102 applications each for f, g, h leads to up to 106 instantiations
EEE Instantiation moduleEasily gets out of hand!
PhD defense 6 / 33
Goal-oriented instantiation
Check consistency of E ∪Q⊕ Only instances refuting the current model are generated
If {f(a) ' f(c), g(b) 6' h(c)} ⊆ E, then E is refuted with the instantiation
∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)→ f(a) 6' f(c) ∨ g(b) ' h(c)
E Goal-oriented instantiation module
∀x. ψ → ψσ
E ∧ ψσ |= ⊥
UNSAT!
PhD defense 7 / 33
Goal-oriented instantiation
Check consistency of E ∪Q⊕ Only instances refuting the current model are generated
If {f(a) ' f(c), g(b) 6' h(c)} ⊆ E, then E is refuted with the instantiation
∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)→ f(a) 6' f(c) ∨ g(b) ' h(c)
E Goal-oriented instantiation module
∀x. ψ → ψσ
E ∧ ψσ |= ⊥
UNSAT!
PhD defense 7 / 33
Goal-oriented instantiation
Check consistency of E ∪Q⊕ Only instances refuting the current model are generated
If {f(a) ' f(c), g(b) 6' h(c)} ⊆ E, then E is refuted with the instantiation
∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)→ f(a) 6' f(c) ∨ g(b) ' h(c)
E Goal-oriented instantiation module
∀x. ψ → ψσ
E ∧ ψσ |= ⊥
UNSAT!
PhD defense 7 / 33
Goal-oriented instantiation
Check consistency of E ∪Q⊕ Only instances refuting the current model are generated
If {f(a) ' f(c), g(b) 6' h(c)} ⊆ E, then E is refuted with the instantiation
∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)→ f(a) 6' f(c) ∨ g(b) ' h(c)
E Goal-oriented instantiation module
∀x. ψ → ψσ
E ∧ ψσ |= ⊥
UNSAT!
PhD defense 7 / 33
Goal-oriented instantiation
Check consistency of E ∪Q⊕ Only instances refuting the current model are generated
If {f(a) ' f(c), g(b) 6' h(c)} ⊆ E, then E is refuted with the instantiation
∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)→ f(a) 6' f(c) ∨ g(b) ' h(c)
E Goal-oriented instantiation module
∀x. ψ → ψσ
E ∧ ψσ |= ⊥
UNSAT!
PhD defense 7 / 33
Goal-oriented instantiation
Check consistency of E ∪Q⊕ Only instances refuting the current model are generated
If {f(a) ' f(c), g(b) 6' h(c)} ⊆ E, then E is refuted with the instantiation
∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)→ f(a) 6' f(c) ∨ g(b) ' h(c)
E Goal-oriented instantiation module
∀x. ψ → ψσ
E ∧ ψσ |= ⊥
UNSAT!
PhD defense 7 / 33
Previous work
Conflict-based instantiation [RTM14]
B Given a model E ∪Q, for some ∀x. ψ ∈ Q find σ s.t. E ∧ ψσ |= ⊥B Add instance ∀x. ψ → ψσ to quantifier-free solver
Finding conflicting instances requires deriving σ s.t.
E |= ¬ψσ
⊕ Goal-oriented
⊕ Efficient
� Ad-hoc
� Incomplete
PhD defense 8 / 33
Let’s look deeper into the problemContributions [TACAS’17]
(I1) Formalizing underlying problemfor instantiation in SMT
E |= ¬ψσ, for some ∀x. ψ ∈ Q
f(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
B Each literal in the right hand side delimits possible σ
I f(x) ' f(z): either x ' z or x ' a ∧ z ' c or x ' c ∧ z ' a
I g(y) 6' h(z): y ' b ∧ z ' c
σ = {x 7→ c, y 7→ b, z 7→ c}
orσ = {x 7→ a, y 7→ b, z 7→ c}
PhD defense 9 / 33
Let’s look deeper into the problemContributions [TACAS’17]
(I1) Formalizing underlying problemfor instantiation in SMT
E |= ¬ψσ, for some ∀x. ψ ∈ Q
E = {f(a) ' f(c), g(b) 6' h(c)}, Q = {∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)}
f(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
B Each literal in the right hand side delimits possible σ
I f(x) ' f(z): either x ' z or x ' a ∧ z ' c or x ' c ∧ z ' a
I g(y) 6' h(z): y ' b ∧ z ' c
σ = {x 7→ c, y 7→ b, z 7→ c}
orσ = {x 7→ a, y 7→ b, z 7→ c}
PhD defense 9 / 33
Let’s look deeper into the problemContributions [TACAS’17]
(I1) Formalizing underlying problemfor instantiation in SMT
E |= ¬ψσ, for some ∀x. ψ ∈ Q
E = {f(a) ' f(c), g(b) 6' h(c)}, Q = {∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)}f(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
B Each literal in the right hand side delimits possible σ
I f(x) ' f(z): either x ' z or x ' a ∧ z ' c or x ' c ∧ z ' a
I g(y) 6' h(z): y ' b ∧ z ' c
σ = {x 7→ c, y 7→ b, z 7→ c}
orσ = {x 7→ a, y 7→ b, z 7→ c}
PhD defense 9 / 33
Let’s look deeper into the problemContributions [TACAS’17]
(I1) Formalizing underlying problemfor instantiation in SMT
E |= ¬ψσ, for some ∀x. ψ ∈ Q
E = {f(a) ' f(c), g(b) 6' h(c)}, Q = {∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)}f(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
B Each literal in the right hand side delimits possible σ
I f(x) ' f(z): either x ' z or x ' a ∧ z ' c or x ' c ∧ z ' a
I g(y) 6' h(z): y ' b ∧ z ' c
σ = {x 7→ c, y 7→ b, z 7→ c}
orσ = {x 7→ a, y 7→ b, z 7→ c}
PhD defense 9 / 33
Let’s look deeper into the problemContributions [TACAS’17]
(I1) Formalizing underlying problemfor instantiation in SMT
E |= ¬ψσ, for some ∀x. ψ ∈ Q
E = {f(a) ' f(c), g(b) 6' h(c)}, Q = {∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)}f(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
B Each literal in the right hand side delimits possible σ
I f(x) ' f(z): either x ' z or x ' a ∧ z ' c or x ' c ∧ z ' a
I g(y) 6' h(z): y ' b ∧ z ' c
σ = {x 7→ c, y 7→ b, z 7→ c}
orσ = {x 7→ a, y 7→ b, z 7→ c}
PhD defense 9 / 33
Let’s look deeper into the problemContributions [TACAS’17]
(I1) Formalizing underlying problemfor instantiation in SMT
E |= ¬ψσ, for some ∀x. ψ ∈ Q
E = {f(a) ' f(c), g(b) 6' h(c)}, Q = {∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)}f(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
B Each literal in the right hand side delimits possible σ
I f(x) ' f(z): either x ' z or x ' a ∧ z ' c or x ' c ∧ z ' a
I g(y) 6' h(z): y ' b ∧ z ' c
σ = {x 7→ c, y 7→ b, z 7→ c}
orσ = {x 7→ a, y 7→ b, z 7→ c}
PhD defense 9 / 33
Let’s look deeper into the problemContributions [TACAS’17]
(I1) Formalizing underlying problemfor instantiation in SMT
E |= ¬ψσ, for some ∀x. ψ ∈ Q
E = {f(a) ' f(c), g(b) 6' h(c)}, Q = {∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)}f(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
B Each literal in the right hand side delimits possible σ
I f(x) ' f(z): either x ' z or x ' a ∧ z ' c or x ' c ∧ z ' a
I g(y) 6' h(z): y ' b ∧ z ' c
σ = {x 7→ c, y 7→ b, z 7→ c}
orσ = {x 7→ a, y 7→ b, z 7→ c}
PhD defense 9 / 33
Let’s look deeper into the problemContributions [TACAS’17]
(I1) Formalizing underlying problemfor instantiation in SMT
E |= ¬ψσ, for some ∀x. ψ ∈ Q
E = {f(a) ' f(c), g(b) 6' h(c)}, Q = {∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)}f(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
B Each literal in the right hand side delimits possible σ
I f(x) ' f(z): either x ' z or x ' a ∧ z ' c or x ' c ∧ z ' a
I g(y) 6' h(z): y ' b ∧ z ' c
σ = {x 7→ c, y 7→ b, z 7→ c}
orσ = {x 7→ a, y 7→ b, z 7→ c}
PhD defense 9 / 33
Let’s look deeper into the problemContributions [TACAS’17]
(I1) Formalizing underlying problemfor instantiation in SMT
E |= ¬ψσ, for some ∀x. ψ ∈ Q
E = {f(a) ' f(c), g(b) 6' h(c)}, Q = {∀xyz. f(x) 6' f(z) ∨ g(y) ' h(z)}f(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
B Each literal in the right hand side delimits possible σ
I f(x) ' f(z): either x ' z or x ' a ∧ z ' c or x ' c ∧ z ' a
I g(y) 6' h(z): y ' b ∧ z ' c
σ = {x 7→ c, y 7→ b, z 7→ c}
orσ = {x 7→ a, y 7→ b, z 7→ c}
PhD defense 9 / 33
E-ground (dis)unificationContributions [TACAS’17]
(I1) Formalizing underlying problemfor instantiation in SMT
Given conjunctive sets of equality literals E and L, with E ground, findinga substitution σ s.t. E |= Lσ
B Solution space can be restricted into ground terms from E ∪ L
B NP-complete
NP: solutions can checked in polynomial timeNP-hard: reduction of 3-SAT into the entailment
B Variant of classic (non-simultaneous) rigid E-unification
s1σ ' t1σ, . . . , snσ ' tnσ |= uσ ' vσ
PhD defense 10 / 33
E-ground (dis)unificationContributions [TACAS’17]
(I1) Formalizing underlying problemfor instantiation in SMT
Given conjunctive sets of equality literals E and L, with E ground, findinga substitution σ s.t. E |= Lσ
B Solution space can be restricted into ground terms from E ∪ L
B NP-complete
NP: solutions can checked in polynomial timeNP-hard: reduction of 3-SAT into the entailment
B Variant of classic (non-simultaneous) rigid E-unification
s1σ ' t1σ, . . . , snσ ' tnσ |= uσ ' vσ
PhD defense 10 / 33
E-ground (dis)unificationContributions [TACAS’17]
(I1) Formalizing underlying problemfor instantiation in SMT
Given conjunctive sets of equality literals E and L, with E ground, findinga substitution σ s.t. E |= Lσ
B Solution space can be restricted into ground terms from E ∪ L
B NP-complete
NP: solutions can checked in polynomial timeNP-hard: reduction of 3-SAT into the entailment
B Variant of classic (non-simultaneous) rigid E-unification
s1σ ' t1σ, . . . , snσ ' tnσ |= uσ ' vσ
PhD defense 10 / 33
E-ground (dis)unificationContributions [TACAS’17]
(I1) Formalizing underlying problemfor instantiation in SMT
Given conjunctive sets of equality literals E and L, with E ground, findinga substitution σ s.t. E |= Lσ
B Solution space can be restricted into ground terms from E ∪ L
B NP-complete
NP: solutions can checked in polynomial timeNP-hard: reduction of 3-SAT into the entailment
B Variant of classic (non-simultaneous) rigid E-unification
s1σ ' t1σ, . . . , snσ ' tnσ |= uσ ' vσ
PhD defense 10 / 33
Congruence Closure with Free VariablesContributions [TACAS’17]
(I2) Lifting congruence closure toaccommodate free variables
Congruence Closure with Free Variables (CCFV) is a sound, complete andterminating calculus for solving E-ground (dis)unification
⊕ Goal-oriented
⊕ Efficient
� Ad-hoc Versatile framework, recasting many instantiationtechniques as a CCFV problem
� Incomplete Finds all conflicting instances of a quantified formula
PhD defense 11 / 33
Congruence Closure with Free VariablesContributions [TACAS’17]
(I2) Lifting congruence closure toaccommodate free variables
Congruence Closure with Free Variables (CCFV) is a sound, complete andterminating calculus for solving E-ground (dis)unification
⊕ Goal-oriented
⊕ Efficient
� Ad-hoc Versatile framework, recasting many instantiationtechniques as a CCFV problem
� Incomplete Finds all conflicting instances of a quantified formula
PhD defense 11 / 33
Congruence Closure with Free VariablesContributions [TACAS’17]
(I2) Lifting congruence closure toaccommodate free variables
Congruence Closure with Free Variables (CCFV) is a sound, complete andterminating calculus for solving E-ground (dis)unification
⊕ Goal-oriented
⊕ Efficient
� Ad-hoc Versatile framework, recasting many instantiationtechniques as a CCFV problem
� Incomplete Finds all conflicting instances of a quantified formula
PhD defense 11 / 33
Existing techniques as special casesContributions [TACAS’17]
(I3) Casting existing instantiationtechniques in framework
B Conflict-based instantiation [RTM14]
⊕ CCFV provides formal guarantees and more clear extensions
B E-matching based heuristic instantiation [DNS05; MB07]
⊕ CCFV allows to easily discard instances already entailed by E
B Model-based instantiation [GM09; RTG+13]
⊕ No need for a secondary ground SMT solver⊕ No need to guess solutions
PhD defense 12 / 33
Finding solutions σ for E |= LσContributions [TACAS’17]
(I2) Lifting congruence closure toaccommodate free variables
E |= Lσf(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
f(x) ' f(z) ∧ g(y) 6' h(z)
f(x) ' f(z) ∧ z ' c ∧ y ' b
f(x) ' f(z) ∧ z ' c
f(x) ' f(c)
x ' a
>x ' a, y ' b, z ' c
x ' c
>x ' c, y ' b, z ' c
y ' b, z ' c
y ' b
∅
PhD defense 13 / 33
Finding solutions σ for E |= LσContributions [TACAS’17]
(I2) Lifting congruence closure toaccommodate free variables
E |= Lσf(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
f(x) ' f(z) ∧ g(y) 6' h(z)
f(x) ' f(z) ∧ z ' c ∧ y ' b
f(x) ' f(z) ∧ z ' c
f(x) ' f(c)
x ' a
>x ' a, y ' b, z ' c
x ' c
>x ' c, y ' b, z ' c
y ' b, z ' c
y ' b
∅
PhD defense 13 / 33
Finding solutions σ for E |= LσContributions [TACAS’17]
(I2) Lifting congruence closure toaccommodate free variables
E |= Lσf(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
f(x) ' f(z) ∧ g(y) 6' h(z)
f(x) ' f(z) ∧ z ' c ∧ y ' b
f(x) ' f(z) ∧ z ' c
f(x) ' f(c)
x ' a
>x ' a, y ' b, z ' c
x ' c
>x ' c, y ' b, z ' c
y ' b, z ' c
y ' b
∅
PhD defense 13 / 33
Finding solutions σ for E |= LσContributions [TACAS’17]
(I2) Lifting congruence closure toaccommodate free variables
E |= Lσf(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
f(x) ' f(z) ∧ g(y) 6' h(z)
f(x) ' f(z) ∧ z ' c ∧ y ' b
f(x) ' f(z) ∧ z ' c
f(x) ' f(c)
x ' a
>x ' a, y ' b, z ' c
x ' c
>x ' c, y ' b, z ' c
y ' b, z ' c
y ' b
∅
PhD defense 13 / 33
Finding solutions σ for E |= LσContributions [TACAS’17]
(I2) Lifting congruence closure toaccommodate free variables
E |= Lσf(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
f(x) ' f(z) ∧ g(y) 6' h(z)
f(x) ' f(z) ∧ z ' c ∧ y ' b
f(x) ' f(z) ∧ z ' c
f(x) ' f(c)
x ' a
>x ' a, y ' b, z ' c
x ' c
>x ' c, y ' b, z ' c
y ' b, z ' c
y ' b
∅
PhD defense 13 / 33
Finding solutions σ for E |= LσContributions [TACAS’17]
(I2) Lifting congruence closure toaccommodate free variables
E |= Lσf(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
f(x) ' f(z) ∧ g(y) 6' h(z)
f(x) ' f(z) ∧ z ' c ∧ y ' b
f(x) ' f(z) ∧ z ' c
f(x) ' f(c)
x ' a
>x ' a, y ' b, z ' c
x ' c
>x ' c, y ' b, z ' c
y ' b, z ' c
y ' b
∅
PhD defense 13 / 33
Finding solutions σ for E |= LσContributions [TACAS’17]
(I2) Lifting congruence closure toaccommodate free variables
E |= Lσf(a) ' f(c) ∧ g(b) 6' h(c) |= (f(x) ' f(z) ∧ g(y) 6' h(z))σ
f(x) ' f(z) ∧ g(y) 6' h(z)
f(x) ' f(z) ∧ z ' c ∧ y ' b
f(x) ' f(z) ∧ z ' c
f(x) ' f(c)
x ' a
>x ' a, y ' b, z ' c
x ' c
>x ' c, y ' b, z ' c
y ' b, z ' c
y ' b
∅
PhD defense 13 / 33
Implementation Contributions [TACAS’17]
(I4) Techniques for efficient implementation
B Model minimisation
SMT solver
SAT solver
Boolean Model
Theoryreasoner
Conflict clause
Quantifier-free SMT solver
Model
Model'
Instantiationmodule
Instance
B Top symbol indexing of E-graph from ground congruence closure
E |= f(x)σ ' t only if [t] contains some f(t′)
f →
f([t1], . . . , [tn])
. . .f([t′1], . . . , [t
′n])
I Bitsets for fast checking if a symbol has applications in acongruence class
PhD defense 14 / 33
Implementation Contributions [TACAS’17]
(I4) Techniques for efficient implementation
B Model minimisation
SMT solver
SAT solver
Boolean Model
Theoryreasoner
Conflict clause
Quantifier-free SMT solver
Model
Model'
Instantiationmodule
Instance
B Top symbol indexing of E-graph from ground congruence closure
E |= f(x)σ ' t only if [t] contains some f(t′)
f →
f([t1], . . . , [tn])
. . .f([t′1], . . . , [t
′n])
I Bitsets for fast checking if a symbol has applications in acongruence class
PhD defense 14 / 33
Implementation Contributions [TACAS’17]
(I4) Techniques for efficient implementation
B Selection strategies
E |= f(x, y) ' h(z) ∧ x ' t ∧ . . .
B Eagerly checking whether constraints can be discarded
I After assigning x to t, the remaining problem is normalized
E |= f(t, y) ' h(z) ∧ . . .
I E |= f(t, y)σ ' h(z)σ only if there is some f(t′, t′′) s.t.
E |= t ' t′
PhD defense 15 / 33
Implementation Contributions [TACAS’17]
(I4) Techniques for efficient implementation
B Selection strategies
E |= f(x, y) ' h(z) ∧ x ' t ∧ . . .
B Eagerly checking whether constraints can be discarded
I After assigning x to t, the remaining problem is normalized
E |= f(t, y) ' h(z) ∧ . . .
I E |= f(t, y)σ ' h(z)σ only if there is some f(t′, t′′) s.t.
E |= t ' t′
PhD defense 15 / 33
Implementation Contributions [TACAS’17]
(I4) Techniques for efficient implementation
A breadth-first implementation of CCFV:
B Explores sets of solutions at a time
E |= `1 ∧ . . . ∧ `n↓ ↓S1 u . . . u Sn individual solutions for each literal︸ ︷︷ ︸
S combination of compatible solutions
⊕ Heavy use of memoization
� Bottleneck in merging solution sets
PhD defense 16 / 33
0.1
1
10
0.1 1 10
verit
_tc
verit
Efficiency scatter plot
0.1
1
10
0.1 1 10
verit
_tc
verit
Efficiency scatter plot
0.1
1
10
0.1 1 10
verit
_tc
verit
Efficiency scatter plot
0.1
1
10
0.1 1 10
verit
_tc
verit
Efficiency scatter plot
0.1
1
10
0.1 1 10
cvc_
d
cvc
0.1
1
10
0.1 1 10
cvc_
d
cvc
0.1
1
10
0.1 1 10
cvc_
d
cvc
0.1
1
10
0.1 1 10
cvc_
d
cvc
veriT: + 800 out of 1 785 unsolved problems
CVC4:+ 200 out of 745 unsolved problems* experiments in the “UF”, “UFLIA”, “UFLRA” and “UFIDL” categories of SMT-LIB, which have 10 495 benchmarksannotated as unsatisfiable, with 30s timeout.
PhD defense 17 / 33
0.1
1
10
100
0.1 1 10 100
veri
t+tc
verit+tcb
0.1
1
10
100
0.1 1 10 100
veri
t+tc
verit+tcb
0.1
1
10
100
0.1 1 10 100
veri
t+tc
verit+tcb
0.1
1
10
100
0.1 1 10 100
veri
t+tc
verit+tcb
The depth-first CCFV outperforms its breadth-first counterpart by asmall margin.
Both perform well and are viable approaches
* experiments in the “UF”, “UFLIA”, “UFLRA” and “UFIDL” categories of SMT-LIB, which have 10 495 benchmarksannotated as unsatisfiable, with 100s timeout.
PhD defense 18 / 33
SummaryContributions [TACAS’17]
A unifying framework for quantified formulaswith equality and uninterpreted functions
B Formalizing underlying problem for instantiation in SMT
B Lifting congruence closure to accommodate free variables
B Casting existing instantiation techniques in framework
B Efficient implementations in the SMT solvers veriT and CVC4
Extensions
B Incrementality
B Learning-based search for solutions
B Finding conflicting instances across multiple quantified formulas
E |= ¬ψ1σ ∨ · · · ∨ ¬ψnσ, ∀x. ψ ∈ Q
B Beyond theory of equality
B Handle variables in E
PhD defense 19 / 33
SummaryContributions [TACAS’17]
A unifying framework for quantified formulaswith equality and uninterpreted functions
B Formalizing underlying problem for instantiation in SMT
B Lifting congruence closure to accommodate free variables
B Casting existing instantiation techniques in framework
B Efficient implementations in the SMT solvers veriT and CVC4
Extensions
B Incrementality
B Learning-based search for solutions
B Finding conflicting instances across multiple quantified formulas
E |= ¬ψ1σ ∨ · · · ∨ ¬ψnσ, ∀x. ψ ∈ Q
B Beyond theory of equality
B Handle variables in E
PhD defense 19 / 33
Contribution 2: Scalable fine-grained proofs for formula processing
SMT formula
SMT solver
SAT solver
Boolean Model
Theoryreasoner
Formula processing
Conflict clause
Quantifier-free SMT solver
Model
Instantiationmodule
Instance
SAT (model) UNSAT (proof/core)
Proofs
Why proofs?
B to check the result for unsatisfiable/valid formulas
B for solver/prover cooperation
B as a debugging facility
B for evaluation purposes (how good is the algorithm?)
B as a part of the reasoning framework (e.g. conflict clauses)
B to extract cores
B to compute interpolants
PhD defense 20 / 33
Challenges for proofs in FOL
B Collecting and storing proof information efficiently
no convergence, but quite active
[KBT+16; HBR+15; MB08; BODF09; SZS04; Sch13; KV13; WDF+09]
B Producing proofs for sophisticated processing techniques
scalable fine-grained proofs
B Producing proofs for modules that use external tools
depends on tool
B Standardizing a proof format
open
PhD defense 21 / 33
Challenges for proofs in FOL
B Collecting and storing proof information efficientlyno convergence, but quite active
[KBT+16; HBR+15; MB08; BODF09; SZS04; Sch13; KV13; WDF+09]
B Producing proofs for sophisticated processing techniquesproofs with holes or too coarse
scalable fine-grained proofs
B Producing proofs for modules that use external toolsdepends on tool
B Standardizing a proof formatopen
PhD defense 21 / 33
Challenges for proofs in FOL
B Collecting and storing proof information efficientlyno convergence, but quite active
[KBT+16; HBR+15; MB08; BODF09; SZS04; Sch13; KV13; WDF+09]
B Producing proofs for sophisticated processing techniquesproofs with holes or too coarse scalable fine-grained proofs
B Producing proofs for modules that use external toolsdepends on tool
B Standardizing a proof formatopen
PhD defense 21 / 33
Proofs in veriT
Resolution chains, input formulas, tautologies for theory and quantifierreasoning
B SAT solver: resolution
A ∨ ` B ∨ `A ∨B
Antecedents: A ∨ `, B ∨ `Pivot: ` or `Resolvent: A ∨B = (A ∨ `) � (B ∨ `)
B theory solvers: theory lemmas
¬(a ' c) ∨ ¬(c ' b) ∨ a ' b ¬(a ' b) ∨ f(a) ' f(b)
¬(y > 1) ∨ ¬(x < 1) ∨ y > x
B instantiation module: instantiation lemmas
¬(∀x. ψ[x]) ∨ ψ[t]
PhD defense 22 / 33
Proofs in veriT
Resolution chains, input formulas, tautologies for theory and quantifierreasoning
B SAT solver: resolution
A ∨ ` B ∨ `A ∨B
Antecedents: A ∨ `, B ∨ `Pivot: ` or `Resolvent: A ∨B = (A ∨ `) � (B ∨ `)
B theory solvers: theory lemmas
¬(a ' c) ∨ ¬(c ' b) ∨ a ' b ¬(a ' b) ∨ f(a) ' f(b)
¬(y > 1) ∨ ¬(x < 1) ∨ y > x
B instantiation module: instantiation lemmas
¬(∀x. ψ[x]) ∨ ψ[t]
PhD defense 22 / 33
Proofs in veriT
Resolution chains, input formulas, tautologies for theory and quantifierreasoning
B SAT solver: resolution
A ∨ ` B ∨ `A ∨B
Antecedents: A ∨ `, B ∨ `Pivot: ` or `Resolvent: A ∨B = (A ∨ `) � (B ∨ `)
B theory solvers: theory lemmas
¬(a ' c) ∨ ¬(c ' b) ∨ a ' b ¬(a ' b) ∨ f(a) ' f(b)
¬(y > 1) ∨ ¬(x < 1) ∨ y > x
B instantiation module: instantiation lemmas
¬(∀x. ψ[x]) ∨ ψ[t]
PhD defense 22 / 33
Proofs in veriT
Resolution chains, input formulas, tautologies for theory and quantifierreasoning
B SAT solver: resolution
A ∨ ` B ∨ `A ∨B
Antecedents: A ∨ `, B ∨ `Pivot: ` or `Resolvent: A ∨B = (A ∨ `) � (B ∨ `)
B theory solvers: theory lemmas
¬(a ' c) ∨ ¬(c ' b) ∨ a ' b ¬(a ' b) ∨ f(a) ' f(b)
¬(y > 1) ∨ ¬(x < 1) ∨ y > x
B instantiation module: instantiation lemmas
¬(∀x. ψ[x]) ∨ ψ[t]
PhD defense 22 / 33
Proving formula processing
� Resolution does not capture all transformations
� Some transformations do not preserve logical equivalence
� Code is lengthy and deals with many cases
� Difficult to manipulate binders soundly and efficiently
Extensible framework to produce proofs for processing techniques involvinglocally replacing equals by equals in the presence of binders
Some instances:
Skolemization: (¬∀x. p(x)) ' ¬ p(εx. ¬ p(x))
let elimination: (let x ' a in p(x, x)) ' p(a, a)
theory simplifications: (k + 1×0 < k) ' (k < k)
PhD defense 23 / 33
Proving formula processing Contributions [CADE’17]
Scalable fine-grained proofs for formula processing
� Resolution does not capture all transformations
� Some transformations do not preserve logical equivalence
� Code is lengthy and deals with many cases
� Difficult to manipulate binders soundly and efficiently
Extensible framework to produce proofs for processing techniques involvinglocally replacing equals by equals in the presence of binders
Some instances:
Skolemization: (¬∀x. p(x)) ' ¬ p(εx. ¬ p(x))
let elimination: (let x ' a in p(x, x)) ' p(a, a)
theory simplifications: (k + 1×0 < k) ' (k < k)
PhD defense 24 / 33
Inference systemContributions [CADE’17]
(P1) Extensible inference systemfor formula processing
A context Γ fixes a set of variables and specifies a substitution
substitution
bound variable
Rules have the form
transformation assumptions
derivations of premises
B Semantically, the judgement expresses the equality of the terms Γ(t)and u for all variables fixed by Γ
PhD defense 25 / 33
Inference systemContributions [CADE’17]
(P1) Extensible inference systemfor formula processing
A context Γ fixes a set of variables and specifies a substitution
substitution
bound variable
Rules have the form
transformation assumptions
derivations of premises
B Semantically, the judgement expresses the equality of the terms Γ(t)and u for all variables fixed by Γ
PhD defense 25 / 33
Example of ‘let’ expansionContributions [CADE’17]
(P1) Extensible inference systemfor formula processing
CongB a ' a
Reflx 7→ a B x ' a
Reflx 7→ a B x ' a
Congx 7→ a B p(x, x) ' p(a, a)
LetB (let x ' a in p(x, x)) ' p(a, a)
PhD defense 26 / 33
Example of theory simplificationContributions [CADE’17]
(P1) Extensible inference systemfor formula processing
CongB k ' k
Taut×B 1×0 ' 0
CongB k + 1×0 ' k + 0
Taut+B k + 0 ' k
TransB k + 1×0 ' k
CongB k ' k
CongB (k + 1×0 < k) ' (k < k)
PhD defense 27 / 33
Example of skolemizationContributions [CADE’17]
(P1) Extensible inference systemfor formula processing
The skolemization proof of the formula ¬∀x. p(x):
Reflx 7→ εx. ¬ p(x) B x ' εx. ¬ p(x)
Congx 7→ εx. ¬ p(x) B p(x) ' p(εx. ¬ p(x))
Sko ∀B (∀x. p(x)) ' p(εx. ¬ p(x))
CongB (¬∀x. p(x)) ' ¬ p(εx. ¬ p(x))
veriT syntax:
(.c0 (Sko All :conclusion ((∀x. p(x)) ' p(εx. ¬ p(x))):args (x 7→ (εx. ¬ p(x))):subproof ((.c1 (Refl :conclusion (x ' (εx. ¬ p(x)))))
(.c2 (Cong :clauses (.c1):conclusion (p(x) ' p(εx. ¬ p(x))))))))
(.c3 (Cong :clauses (.c0) :conclusion ((¬∀x. p(x)) ' ¬ p(εx. ¬ p(x)))))
PhD defense 28 / 33
Proof-producing contextual recursionContributions [CADE’17]
(P2) Proof producing genericcontextual recursion algorithm
function process(∆, t)match t
case x:return build var(∆, x)
case f(tn):∆′n ← (ctx app(∆, f, tn, i))
ni=1
return build app(∆, ∆′n, f, tn, (process(∆′i, ti))
ni=1
)case Qx. ϕ:
∆′ ← ctx quant(∆, Q, x, ϕ)return build quant(∆, ∆′, Q, x, ϕ, process(∆′, ϕ))
case let xn ' rn in t′:∆′ ← ctx let(∆, xn, rn, t
′)return build let(∆, ∆′, xn, rn, t
′, process(∆′, t′))
B Parameterized by a notion of context and plugin functions
PhD defense 29 / 33
Theoretical propertiesContributions [CADE’17]
(P3) Proving desirable properties ofrules and algorithms
B Soundness of inference rules proven through an encoding into simplytyped λ-calculus
M ::= t | λx. M | (λxn. M) tn
D1 · · · DnR
M ' N
B Correctness of proof-producing contextual recursion algorithm
B Cost of proof production is linear and of proof checking is (almost)linear∗∗ assuming suitable data structures
PhD defense 30 / 33
Theoretical propertiesContributions [CADE’17]
(P3) Proving desirable properties ofrules and algorithms
B Soundness of inference rules proven through an encoding into simplytyped λ-calculus
M ::= t | λx. M | (λxn. M) tn
D1 · · · DnR
M ' N
B Correctness of proof-producing contextual recursion algorithm
B Cost of proof production is linear and of proof checking is (almost)linear∗∗ assuming suitable data structures
PhD defense 30 / 33
ImplementationContributions [CADE’17]
(P4) Validation of framework through implementationand prototype checker
Proof output for veriT
Framework implemented with a proof-producing contextual recursionalgorithm
⊕ fine-grained proofs for most processing transformations
⊕ No negative impact on performance
⊕ More transformations in proof producing mode
⊕ Dramatic simplification of the code base
Prototype checker in Isabelle/HOL
Maps proofs into Isabelle theorems
⊕ Judgements encoded in λ-calculus
PhD defense 31 / 33
Summary Contributions [CADE’17]
Scalable fine-grained proofs for formula processing
B Centralizes manipulation of bound variables and substitutions
B Accommodates many transformations (e.g. Skolemization)
B Proof checking is (almost) linear
B Implementation and integration within veriT
Future work
B Support global rewritings within the framework
B Support richer logics (e.g. HOL)
B Implement proof reconstruction in Isabelle/HOL
PhD defense 32 / 33
Summary Contributions [CADE’17]
Scalable fine-grained proofs for formula processing
B Centralizes manipulation of bound variables and substitutions
B Accommodates many transformations (e.g. Skolemization)
B Proof checking is (almost) linear
B Implementation and integration within veriT
Future work
B Support global rewritings within the framework
B Support richer logics (e.g. HOL)
B Implement proof reconstruction in Isabelle/HOL
PhD defense 32 / 33
Conclusion
B Extensible framework for handling instantiation in SMT solving
B Extensible framework for proving formula processing in SMT solving
B Successful implementations
B Publications at TACAS’17 and CADE’17, pending submission to JAR
PhD defense 33 / 33
References
Thomas Bouton, Diego Caminha B. de Oliveira, David Deharbe, andPascal Fontaine. “veriT: An Open, Trustable and Efficient SMT-Solver”. In:Proc. Conference on Automated Deduction (CADE). Ed. by Renate A. Schmidt.Vol. 5663. Lecture Notes in Computer Science. Springer, 2009, pp. 151–156.
David Detlefs, Greg Nelson, and James B. Saxe. “Simplify: A Theorem Prover forProgram Checking”. In: J. ACM 52.3 (2005), pp. 365–473.
Yeting Ge and Leonardo de Moura. “Complete Instantiation for QuantifiedFormulas in Satisfiabiliby Modulo Theories”. In:Computer Aided Verification (CAV). Ed. by Ahmed Bouajjani and Oded Maler.Vol. 5643. Lecture Notes in Computer Science. Springer, 2009, pp. 306–320.
Liana Hadarean, Clark W. Barrett, Andrew Reynolds, Cesare Tinelli, andMorgan Deters. “Fine Grained SMT Proofs for the Theory of Fixed-WidthBit-Vectors”. In:Logic for Programming, Artificial Intelligence, and Reasoning (LPAR). Ed. byMartin Davis, Ansgar Fehnker, Annabelle McIver, and Andrei Voronkov.Vol. 9450. Lecture Notes in Computer Science. Springer, 2015, pp. 340–355.
References
Guy Katz, Clark W. Barrett, Cesare Tinelli, Andrew Reynolds, andLiana Hadarean. “Lazy proofs for DPLL(T)-based SMT solvers”. In:Formal Methods In Computer-Aided Design (FMCAD). Ed. by Ruzica Piskac andMuralidhar Talupur. IEEE, 2016, pp. 93–100.
Laura Kovacs and Andrei Voronkov. “First-Order Theorem Proving and Vampire”.English. In: Computer Aided Verification (CAV). Ed. by Natasha Sharygina and
Helmut Veith. Vol. 8044. Lecture Notes in Computer Science. Springer BerlinHeidelberg, 2013, pp. 1–35.
Leonardo de Moura and Nikolaj Bjørner. “Efficient E-Matching for SMT Solvers”.In: Proc. Conference on Automated Deduction (CADE). Ed. by Frank Pfenning.
Vol. 4603. Lecture Notes in Computer Science. Springer, 2007, pp. 183–198.
Leonardo Mendonca de Moura and Nikolaj Bjørner. “Proofs and Refutations, andZ3”. In:Logic for Programming, Artificial Intelligence, and Reasoning (LPAR) Workshops.Ed. by Piotr Rudnicki, Geoff Sutcliffe, Boris Konev, Renate A. Schmidt, andStephan Schulz. Vol. 418. CEUR Workshop Proceedings. CEUR-WS.org, 2008.
References
Andrew Reynolds, Cesare Tinelli, Amit Goel, Sava Krsti, Morgan Deters, andClark Barrett. “Quantifier Instantiation Techniques for Finite Model Finding inSMT”. In: Proc. Conference on Automated Deduction (CADE). Ed. byMaria Paola Bonacina. Vol. 7898. Lecture Notes in Computer Science. Springer,2013, pp. 377–391.
Andrew Reynolds, Cesare Tinelli, and Leonardo Mendonca de Moura. “Findingconflicting instances of quantified formulas in SMT”. In:Formal Methods In Computer-Aided Design (FMCAD). IEEE, 2014, pp. 195–202.
Stephan Schulz. “System Description: E 1.8”. English. In:Logic for Programming, Artificial Intelligence, and Reasoning (LPAR). Ed. byKen McMillan, Aart Middeldorp, and Andrei Voronkov. Vol. 8312. Lecture Notesin Computer Science. Springer Berlin Heidelberg, 2013, pp. 735–743.
Geoff Sutcliffe, Jurgen Zimmer, and Stephan Schulz. “TSTP Data-ExchangeFormats for Automated Theorem Proving Tools”. In:Distributed Constraint Problem Solving and Reasoning in Multi-Agent Systems.Ed. by Weixiong Zhang and Volker Sorge. Vol. 112. Frontiers in ArtificialIntelligence and Applications. IOS Press, 2004, pp. 201–215.
References
Christoph Weidenbach, Dilyana Dimova, Arnaud Fietzke, Rohit Kumar,Martin Suda, and Patrick Wischnewski. “SPASS Version 3.5”. English. In:Proc. Conference on Automated Deduction (CADE). Ed. by RenateA. Schmidt.Vol. 5663. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2009,pp. 140–145.