leonardo de moura microsoft research · leonardo de moura microsoft research. software malfunction...
TRANSCRIPT
![Page 1: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/1.jpg)
Leonardo de MouraMicrosoft Research
![Page 2: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/2.jpg)
Software malfunction is a common problem.
Software complexity is increasing.
We need new methods and tools.
![Page 3: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/3.jpg)
I proved my program to be correct.
What does it mean?
![Page 4: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/4.jpg)
We need models and tools to reason about them?
Does my model/software has property X?
![Page 5: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/5.jpg)
Verification/Analysis tools need some form of
Symbolic Reasoning
![Page 6: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/6.jpg)
Logic is “The Calculus of Computer Science” (Z. Manna).
High computational complexity
![Page 7: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/7.jpg)
Test case generation
Verifying Compilers
Predicate Abstraction
Invariant Generation
Type Checking
Model Based Testing
![Page 8: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/8.jpg)
VCC
Hyper-VTerminator T-2
NModel
HAVOC
F7SAGE
Vigilante
SpecExplorer
![Page 9: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/9.jpg)
unsigned GCD(x, y) {requires(y > 0);while (true) {
unsigned m = x % y;if (m == 0) return y;x = y;y = m;
}} We want a trace where the loop is
executed twice.
(y0 > 0) and
(m0 = x0 % y0) and
not (m0 = 0) and
(x1 = y0) and
(y1 = m0) and
(m1 = x1 % y1) and
(m1 = 0)
Solver
x0 = 2
y0 = 4
m0 = 2
x1 = 4
y1 = 2
m1 = 0
SSA
![Page 10: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/10.jpg)
Signature:div : int, { x : int | x 0 } int
SubtypeCall site:if a 1 and a b then
return div(a, b)
Verification conditiona 1 and a b implies b 0
![Page 11: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/11.jpg)
Logic is the art and science of effective reasoning.
How can we draw general and reliable conclusions from a collection of facts?
Formal logic: Precise, syntactic characterizations of well-formed expressions and valid deductions.
Formal logic makes it possible to calculate consequences at the symbolic level.
Computers can be used to automate such symbolic calculations.
![Page 12: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/12.jpg)
Logic studies the relationship between language, meaning, and (proof) method.
A logic consists of a language in which (well-formed) sentences are expressed.
A semantic that distinguishes the valid sentences from the refutable ones.
A proof system for constructing arguments justifying valid sentences.
Examples of logics include propositional logic, equational logic, first-order logic, higher-order logic, and modal logics.
![Page 13: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/13.jpg)
A language consists of logical symbols whose interpretations are fixed, and non-logical ones whose interpretations vary.
These symbols are combined together to form well-formed formulas.
In propositional logic PL, the connectives , , and have a fixed interpretation, whereas the constants p, q, r may be interpreted at will.
![Page 14: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/14.jpg)
Formulas: := p | 1 2 | 1 2 | 1 | 1 2
Examples:
p q q p
p q (p q)
We say p and q are propositional variables.
Exercise: Using a programming language, define a representation for formulas and a checker for well-formed formulas.
![Page 15: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/15.jpg)
![Page 16: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/16.jpg)
A formula is satisfiable if it has an interpretation that makes it logically true.
In this case, we say the interpretation is a model.
A formula is unsatisfiable if it does not have any model.
A formula is valid if it is logically true in any interpretation.
A propositional formula is valid if and only if its negation is unsatisfiable.
![Page 17: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/17.jpg)
p q q p
p q q
p q (p q)
![Page 18: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/18.jpg)
p q q p VALID
p q q SATISFIABLE
p q (p q) UNSATISFIABLE
![Page 19: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/19.jpg)
![Page 20: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/20.jpg)
We say formulas A and B are equisatisfiable if and only if A is satisfiable if and only if B is.
During this course, we will describe transformations that preserve equivalence and equisatisfiability.
![Page 21: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/21.jpg)
![Page 22: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/22.jpg)
NNF?
(p q) (q (r p))
![Page 23: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/23.jpg)
NNF? NO
(p q) (q (r p))
![Page 24: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/24.jpg)
NNF? NO
(p q) (q (r p))
![Page 25: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/25.jpg)
NNF? NO
(p q) (q (r p))
(p q) (q (r p))
![Page 26: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/26.jpg)
NNF? NO
(p q) (q (r p))
(p q) (q (r p))
(p q) (q (r p))
![Page 27: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/27.jpg)
CNF?
((p s) (q r)) (q p s) (r s)
![Page 28: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/28.jpg)
CNF? NO
((p s) (q r)) (q p s) (r s)
![Page 29: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/29.jpg)
CNF? NO
((p s) (q r)) (q p s) (r s)
Distributivity1. A(BC) (AB)(AC)2. A(BC) (AB)(AC)
![Page 30: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/30.jpg)
CNF? NO
((p s) (q r)) (q p s) (r s)
((p s) q)) ((p s) r)) (q p s) (r s)
Distributivity1. A(BC) (AB)(AC)2. A(BC) (AB)(AC)
![Page 31: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/31.jpg)
CNF? NO
((p s) (q r)) (q p s) (r s)
((p s) q)) ((p s) r)) (q p s) (r s)
(p q) (s q) ((p s) r)) (q p s) (r s)
Distributivity1. A(BC) (AB)(AC)2. A(BC) (AB)(AC)
![Page 32: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/32.jpg)
CNF? NO
((p s) (q r)) (q p s) (r s)
((p s) q)) ((p s) r)) (q p s) (r s)
(p q) (s q) ((p s) r)) (q p s) (r s)
(p q) (s q) (p r) (s r) (q p s) (r s)
![Page 33: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/33.jpg)
DNF?
p (p q) (q r)
![Page 34: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/34.jpg)
DNF? NO, actually this formula is in CNF
p (p q) (q r)
![Page 35: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/35.jpg)
DNF? NO, actually this formula is in CNF
p (p q) (q r)
Distributivity1. A(BC) (AB)(AC)2. A(BC) (AB)(AC)
![Page 36: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/36.jpg)
DNF? NO, actually this formula is in CNF
p (p q) (q r)
((p p) (p q)) (q r)
Distributivity1. A(BC) (AB)(AC)2. A(BC) (AB)(AC)
![Page 37: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/37.jpg)
DNF? NO, actually this formula is in CNF
p (p q) (q r)
((p p) (p q)) (q r)
(p q) (q r)
Distributivity1. A(BC) (AB)(AC)2. A(BC) (AB)(AC)Other Rules1. AA
2. A A
![Page 38: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/38.jpg)
DNF? NO, actually this formula is in CNF
p (p q) (q r)
((p p) (p q)) (q r)
(p q) (q r)
((p q) q) ((p q) r)Distributivity1. A(BC) (AB)(AC)2. A(BC) (AB)(AC)Other Rules1. AA
2. A A
![Page 39: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/39.jpg)
DNF? NO, actually this formula is in CNF
p (p q) (q r)
((p p) (p q)) (q r)
(p q) (q r)
((p q) q) ((p q) r)
(p q) (q q) ((p q) r)
(p q) (p r) (q r)
![Page 40: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/40.jpg)
![Page 41: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/41.jpg)
Rules preserve satisfiability.
![Page 42: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/42.jpg)
![Page 43: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/43.jpg)
![Page 44: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/44.jpg)
![Page 45: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/45.jpg)
![Page 46: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/46.jpg)
![Page 47: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/47.jpg)
![Page 48: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/48.jpg)
![Page 49: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/49.jpg)
![Page 50: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/50.jpg)
![Page 51: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/51.jpg)
![Page 52: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/52.jpg)
![Page 53: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/53.jpg)
![Page 54: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/54.jpg)
![Page 55: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/55.jpg)
![Page 56: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/56.jpg)
![Page 57: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/57.jpg)
![Page 58: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/58.jpg)
![Page 59: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/59.jpg)
![Page 60: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/60.jpg)
![Page 61: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/61.jpg)
![Page 62: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/62.jpg)
![Page 63: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/63.jpg)
![Page 64: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/64.jpg)
DPLL
![Page 65: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/65.jpg)
A literal is pure if only occurs positively or negatively.
![Page 66: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/66.jpg)
A literal is pure if only occurs positively or negatively.
![Page 67: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/67.jpg)
![Page 68: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/68.jpg)
![Page 69: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/69.jpg)
![Page 70: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/70.jpg)
![Page 71: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/71.jpg)
![Page 72: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/72.jpg)
![Page 73: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/73.jpg)
![Page 74: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/74.jpg)
![Page 75: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/75.jpg)
![Page 76: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/76.jpg)
![Page 77: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/77.jpg)
Let x, y and z be 8-bit (unsigned) integers.
Is x > 0 y > 0 z = x + y z > 0 valid?
Is x > 0 y > 0 z = x + y (z > 0) satisfiable?
![Page 78: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/78.jpg)
We can encode bit-vector satisfiability problems in propositional logic.
Idea 1:
Use n propositional variables to encode n-bit integers.
x (x1, …, xn)
Idea 2:
Encode arithmetic operations using hardware circuits.
![Page 79: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/79.jpg)
p q is equivalent to (p q) (q p)
The bit-vector equation x = y is encoded as:
(x1 y1) … (xn yn)
![Page 80: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/80.jpg)
We use (r1, …, rn) to store the result of x + y
p xor q is defined as (p q)
xor is the 1-bit adder
p q p xor q p q
0 0 0 0
1 0 1 0
0 1 1 0
1 1 0 1
carry
![Page 81: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/81.jpg)
1-bit full adder
Three inputs: x, y, cin
Two outputs: r, cout
x y cin r = x xor y xor cin cout = (x y)(x cin)(y cin)
0 0 0 0 0
1 0 0 1 0
0 1 0 1 0
1 1 0 0 1
0 0 1 1 0
1 0 1 0 1
0 1 1 0 1
1 1 1 1 1
![Page 82: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/82.jpg)
We use (r1, …, rn) to store the result of x + y,
and (c1, …, cn)
r1 (x1 xor y1)
c1 (x1 y1)
r2 (x2 xor y2 xor c1)
c2 (x2 y2) (x2 c1) (y2 c1)
…
rn (xn xor yn xor cn-1)
cn (xn yn) (xn cn-1) (yn cn-1)
![Page 83: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/83.jpg)
1) Encode x * y
2) Encode x > y (signed and unsigned versions)
![Page 84: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/84.jpg)
unsigned GCD(x, y) {requires(y > 0);while (true) {
unsigned m = x % y;if (m == 0) return y;x = y;y = m;
}} We want a trace where the loop is
executed twice.
(y0 > 0) and
(m0 = x0 % y0) and
not (m0 = 0) and
(x1 = y0) and
(y1 = m0) and
(m1 = x1 % y1) and
(m1 = 0)
Solver
x0 = 2
y0 = 4
m0 = 2
x1 = 4
y1 = 2
m1 = 0
SSA
![Page 85: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/85.jpg)
![Page 86: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/86.jpg)
![Page 87: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/87.jpg)
![Page 88: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/88.jpg)
![Page 89: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/89.jpg)
![Page 90: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/90.jpg)
![Page 91: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/91.jpg)
![Page 92: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/92.jpg)
![Page 93: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/93.jpg)
![Page 94: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/94.jpg)
![Page 95: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/95.jpg)
![Page 96: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/96.jpg)
![Page 97: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/97.jpg)
![Page 98: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/98.jpg)
![Page 99: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/99.jpg)
Satisfiability library: http://www.satlib.org
The SAT competion: http://www.satcompetition.org
Search the WEB: “SAT benchmarks”
![Page 100: Leonardo de Moura Microsoft Research · Leonardo de Moura Microsoft Research. Software malfunction is a common problem. Software complexity is increasing. We need new methods and](https://reader033.vdocuments.us/reader033/viewer/2022050315/5f77acf7ff537076d370469d/html5/thumbnails/100.jpg)