Deciding Local Theory Extensions via E-matching

Bansal, Kshitij; Reynolds, Andrew; King, Tim L.; Barrett, Clark; Wies, Thomas

doi:10.1007/978-3-319-21668-3_6

Cited by 16 publications

(15 citation statements)

References 36 publications

(47 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We distinguish the following cases: ϕ ≡ φ * ψ and I, h | = SL φ * ψ iff there exist heaps g 1 , g 2 such that h = g 1 ⊎ g 2 and I, g 1 | = SL φ, I, g 2 | = SL ψ. "⇒" Let h and h ′ be tuples of heaps satisfying conditions (1) and (2). By the induction hypothesis we obtain:…”

Section: A Proofsmentioning

confidence: 99%

A Decision Procedure for Separation Logic in SMT

Reynolds

Iosif

Şerban

et al. 2016

Automated Technology for Verification and Analysis

Self Cite

View full text Add to dashboard Cite

Abstract. This paper presents a complete decision procedure for the entire quantifierfree fragment of Separation Logic (SL) interpreted over heaplets with data elements ranging over a parametric multi-sorted (possibly infinite) domain. The algorithm uses a combination of theories and is used as a specialized solver inside a DPLL(T ) architecture. A prototype was implemented within the CVC4 SMT solver. Preliminary evaluation suggests the possibility of using this procedure as a building block of a more elaborate theorem prover for SL with inductive predicates, or as back-end of a bounded model checker for programs with low-level pointer and data manipulations.

show abstract

Section: A Proofsmentioning

confidence: 99%

A Decision Procedure for Separation Logic in SMT

Reynolds

Iosif

Şerban

et al. 2016

Automated Technology for Verification and Analysis

Self Cite

View full text Add to dashboard Cite

show abstract

“…Since its origin in the Simplify prover [7], E-matching has been adapted and improved in implementations for a variety of SMT solvers [1,2,4,11,17]. Since E-matching-based instantiation gives weak guarantees for satisfiable problems (typically returning unknown as an outcome), for problem domains where satisfiability (and a corresponding model) is the desired outcome, alternative instantiation techniques have been proposed [12,20,21].…”

Section: Related Workmentioning

confidence: 99%

“…Our tool takes a log file generated by an SMT solver (in our case, Z3 [6]), interprets it, and provides a wide array of features and algorithms for displaying, navigating and analysing the data. Specifically, we present the following key contributions: 1 In some tools, patterns are themselves alternatively called triggers. 2 Such problems are common in e.g.…”

Section: Introductionmentioning

confidence: 99%

The Axiom Profiler: Understanding and Debugging SMT Quantifier Instantiations

Becker

Müller

Summers

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

SMT solvers typically reason about universal quantifiers via E-matching: syntactic matching patterns for each quantifier prescribe shapes of ground terms whose presence in the SMT run will trigger quantifier instantiations. The effectiveness and performance of the SMT solver depend crucially on well-chosen patterns. Overly restrictive patterns cause relevant quantifier instantiations to be missed, while overly permissive patterns can cause performance degradation including nontermination if the solver gets stuck in a matching loop. Understanding and debugging such instantiation problems is an overwhelming task, due to the typically large number of quantifier instantiations and their non-trivial interactions with each other and other solver aspects. In this paper, we present the Axiom Profiler, a tool that enables users to analyse instantiation problems effectively, by filtering and visualising rich logging information from SMT runs. Our tool implements novel techniques for automatically detecting matching loops and explaining why they repeat indefinitely. We evaluated the tool on the full test suites of five existing program verifiers, where it discovered and explained multiple previouslyunknown matching loops.

show abstract

“…Local theory extensions [20,2] provide means to extend some decidable theories with free symbols and quantifications, retaining decidability. The approach identifies specific forms of formulas and quantifications (bounded), such that these theory extensions can be solved using finite instantiation of quantifiers together with a decision procedure for the original theory.…”

Section: Related Workmentioning

confidence: 99%

Model Generation for Quantified Formulas: A Taint-Based Approach

Farinier

Bardin

Bonichon

et al. 2018

Computer Aided Verification

View full text Add to dashboard Cite

We focus in this paper on generating models of quantified first-order formulas over built-in theories, which is paramount in software verification and bug finding. While standard methods are either geared toward proving the absence of solution or targeted to specific theories, we propose a generic approach based on a reduction to the quantifierfree case. Our technique allows thus to reuse all the efficient machinery developed for that context. Experiments show a substantial improvement over state-of-the-art methods. IntroductionContext. Software verification methods have come to rely increasingly on reasoning over logical formulas modulo theory. In particular, the ability to generate models (i.e., find solutions) of a formula is of utmost importance, typically in the context of bug finding or intensive testing -symbolic execution [19] or bounded model checking [7]. Since quantifier-free first-order formulas on well-suited theories are sufficient to represent many reachability properties of interest, the Satisfiability Modulo Theory (SMT) [6,22] community has primarily dedicated itself to designing solvers able to efficiently handle such problems.Yet, universal quantifiers are sometimes needed, typically when considering preconditions or code abstraction. Unfortunately, most theories handled by SMTsolvers are undecidable in the presence of universal quantifiers. There exist dedicated methods for a few decidable quantified theories, such as Presburger arithmetic [9] or the array property fragment [8], but there is no general and effective enough approach for the model generation problem over universally quantified formulas. Indeed, generic solutions for quantified formulas involving heuristic instantiation and refutation are geared at proving the unsatisfiability of a formula (i.e., absence of solution) [12,18], while recent proposals such as local theory extensions [2], finite instantiation [27,28] or model-based instantiation [25,18] either are too narrow in scope, or handle quantifiers on free sorts only, or restrict themselves to finite models, or may get stuck in infinite refinement loops.Goal and challenge. Our goal is to propose a generic and efficient approach to the model generation problem over arbitrary quantified formulas with support for theories commonly found in software verification. Due to the huge effort made by the community to produce state-of-the-art solvers for quantifier-free theories (QF-solvers), it is highly desirable for this solution to be compatible with current leading decision procedures, namely SMT approaches.Proposal. Our approach turns a quantified formula into a quantifier-free formula with the guarantee that any model of the later contains a model of the former. The benefits are threefold: the transformed formula is easier to solve, it can be sent to standard QF-solvers, and a model for the initial formula is deducible from a model of the transformed one. The idea is to ignore quantifiers but strengthen the quantifier-free part of the formula with an independence condition constr...

show abstract

Deciding Local Theory Extensions via E-matching

Cited by 16 publications

References 36 publications

A Decision Procedure for Separation Logic in SMT

A Decision Procedure for Separation Logic in SMT

The Axiom Profiler: Understanding and Debugging SMT Quantifier Instantiations

Model Generation for Quantified Formulas: A Taint-Based Approach

Contact Info

Product

Resources

About