- Basic terminology
- Expressive power
- Solver approaches
- SMT for undecidable theories
- Solvers
- Applications Verification Symbolic-execution based analysis and testing
- See also
- Notes
- References
In computer science and mathematical logic, the satisfiability modulo theories (SMT) problem is a decision problem for logical formulas with respect to combinations of background theories expressed in classical first-order logic with equality. Examples of theories typically used in computer science are the theory of real numbers, the theory of integers, and the theories of various data structures such as lists, arrays, bit vectors and so on. SMT can be thought of as a form of the constraint satisfaction problem and thus a certain formalized approach to constraint programming.
Basic terminology
Formally speaking, an SMT instance is a formula in first-order logic, where some function and predicate symbols have additional interpretations, and SMT is the problem of determining whether such a formula is satisfiable. In other words, imagine an instance of the boolean satisfiability problem (SAT) in which some of the binary variables are replaced by predicates over a suitable set of non-binary variables. A predicate is basically a binary-valued function of non-binary variables. Example predicates include linear inequalities (e.g., 
) or equalities involving uninterpreted terms and function symbols (e.g., 
where 
is some unspecified function of two arguments). These predicates are classified according to each respective theory assigned. For instance, linear inequalities over real variables are evaluated using the rules of the theory of linear real arithmetic, whereas predicates involving uninterpreted terms and function symbols are evaluated using the rules of the theory of uninterpreted functions with equality (sometimes referred to as the empty theory). Other theories include the theories of arrays and list structures (useful for modeling and verifying computer programs), and the theory of bit vectors (useful in modeling and verifying hardware designs). Subtheories are also possible: for example, difference logic is a sub-theory of linear arithmetic in which each inequality is restricted to have the form 
for variables 
and 
and constant 
.
Most SMT solvers support only quantifier-free fragments of their logics.
Expressive power
An SMT instance is a generalization of a Boolean SAT instance in which various sets of variables are replaced by predicates from a variety of underlying theories. SMT formulas provide a much richer modeling language than is possible with Boolean SAT formulas. For example, an SMT formula allows us to model the datapath operations of a microprocessor at the word rather than the bit level.
By comparison, answer set programming is also based on predicates (more precisely, on atomic sentences created from atomic formula). Unlike SMT, answer-set programs do not have quantifiers, and cannot easily express constraints such as linear arithmetic or difference logic—ASP is at best suitable for boolean problems that reduce to the free theory of uninterpreted functions. Implementing 32-bit integers as bitvectors in ASP suffers from most of the same problems that early SMT solvers faced: "obvious" identities such as x+y=y+x are difficult to deduce.
Constraint logic programming does provide support for linear arithmetic constraints, but within a completely different theoretical framework.
Solver approaches
Early attempts for solving SMT instances involved translating them to Boolean SAT instances (e.g., a 32-bit integer variable would be encoded by 32 bit variables with appropriate weights and word-level operations such as 'plus' would be replaced by lower-level logic operations on the bits) and passing this formula to a Boolean SAT solver. This approach, which is referred to as the eager approach, has its merits: by pre-processing the SMT formula into an equivalent Boolean SAT formula we can use existing Boolean SAT solvers "as-is" and leverage their performance and capacity improvements over time. On the other hand, the loss of the high-level semantics of the underlying theories means that the Boolean SAT solver has to work a lot harder than necessary to discover "obvious" facts (such as 
for integer addition.) This observation led to the development of a number of SMT solvers that tightly integrate the Boolean reasoning of a DPLL-style search with theory-specific solvers (T-solvers) that handle conjunctions (ANDs) of predicates from a given theory. This approach is referred to as the lazy approach.
Dubbed DPLL(T),[1] this architecture gives the responsibility of Boolean reasoning to the DPLL-based SAT solver which, in turn, interacts with a solver for theory T through a well-defined interface. The theory solver only needs to worry about checking the feasibility of conjunctions of theory predicates passed on to it from the SAT solver as it explores the Boolean search space of the formula. For this integration to work well, however, the theory solver must be able to participate in propagation and conflict analysis, i.e., it must be able to infer new facts from already established facts, as well as to supply succinct explanations of infeasibility when theory conflicts arise. In other words, the theory solver must be incremental and backtrackable.
SMT for undecidable theories
Most of the common SMT approaches support decidable theories. However, many real-world systems can only be modelled by means of non-linear arithmetic over the real numbers involving transcendental functions, e.g. an aircraft and its behavior. This fact motivates an extension of the SMT problem to non-linear theories, e.g. determine whether
where
is satisfiable. Then, such problems become undecidable in general. (It is important to note, however, that the theory of real closed fields, and thus the full first order theory of the real numbers, are decidable using quantifier elimination. This is due to Alfred Tarski.) The first order theory of the natural numbers with addition (but not multiplication), called Presburger arithmetic, is also decidable. Since multiplication by constants can be implemented as nested additions, the arithmetic in many computer programs can be expressed using Presburger arithmetic, resulting in decidable formulas.
Examples of SMT solvers addressing Boolean combinations of theory atoms from undecidable arithmetic theories over the reals are ABsolver,[2] which employs a classical DPLL(T) architecture with a non-linear optimization packet as (necessarily incomplete) subordinate theory solver, and iSAT , building on a unification of DPLL SAT-solving and interval constraint propagation called the iSAT algorithm.[3]
Solvers
The table below summarizes some of the features of the many available SMT solvers. The column "SMT-LIB" indicates compatibility with the SMT-LIB language; many systems marked 'yes' may support only older versions of SMT-LIB, or offer only partial support for the language. The column "CVC" indicates support for the CVC language. The column "DIMACS" indicates support for the DIMACS format.
Projects differ not only in features and performance, but also in the viability of the surrounding community, its ongoing interest in a project, and its ability to contribute documentation, fixes, tests and enhancements.
| Platform | Features | Notes | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Name | OS | License | SMT-LIB | CVC | DIMACS | Built-in theories | API | SMT-COMP | |
| ABsolver | Linux | CPL | v1.2}} | {{no}} | {{yes}} | linear arithmetic, non-linear arithmetic | C++ | no | DPLL-based |
| Alt-Ergo | Linux, Mac OS, Windows | CeCILL-C (roughly equivalent to LGPL) | partial v1.2 and v2.0}} | {{no}} | {{no}} | empty theory, linear integer and rational arithmetic, non-linear arithmetic, polymorphic arrays, enumerated datatypes, AC symbols, bitvectors, record datatypes, quantifiers | OCaml | 2008 | Polymorphic first-order input language à la ML, SAT-solver based, combines Shostak-like and Nelson-Oppen like approaches for reasoning modulo theories |
| Barcelogic | Linux | Proprietary | v1.2}} | empty theory, difference logic | C++ | 2009 | DPLL-based, congruence closure | ||
| Beaver | Linux, Windows | BSD | v1.2}} | {{no}} | {{no}} | bitvectors | OCaml | 2009 | SAT-solver based |
| Boolector | Linux | MIT | v1.2}} | {{no}} | {{no}} | bitvectors, arrays | C | 2009 | SAT-solver based |
| CVC3 | Linux | BSD | v1.2}} | {{yes}} | empty theory, linear arithmetic, arrays, tuples, types, records, bitvectors, quantifiers | C/C++ | 2010 | proof output to HOL | |
| [https://cvc4.cs.stanford.edu/web/ CVC4] | Linux, Mac OS, Windows, FreeBSD | BSD | {{yes}} | {{yes}} | rational and integer linear arithmetic, arrays, tuples, records, inductive data types, bitvectors, strings, and equality over uninterpreted function symbols | C++ | 2010 | version 1.5 released July 2017 | |
| Decision Procedure Toolkit (DPT) | Linux | Apache | {{no}} | OCaml | no | DPLL-based | |||
| iSAT | Linux | Proprietary | {{no}} | non-linear arithmetic | no | DPLL-based | |||
| MathSAT | Linux, Mac OS, Windows | Proprietary | {{yes}} | {{yes}} | empty theory, linear arithmetic, nonlinear arithmetic, bitvectors, arrays | C/C++, Python, Java | 2010 | DPLL-based | |
| MiniSmt | Linux | LGPL | partial v2.0}} | non-linear arithmetic | 2010 | SAT-solver based, Yices-based | |||
| [https://link.springer.com/chapter/10.1007/978-3-319-21690-4_29 Norn] | SMT solver for string constraints | ||||||||
| OpenCog | Linux | AGPL | {{no}} | {{no}} | {{no}} | probabilistic logic, arithmetic. relational models | C++, Scheme, Python | no | subgraph isomorphism |
| OpenSMT | Linux, Mac OS, Windows | GPLv3 | partial v2.0}} | {{yes}} | empty theory, differences, linear arithmetic, bitvectors | C++ | 2011 | lazy SMT Solver | |
| raSAT | Linux | GPLv3 | v2.0 | real and integer nonlinear arithmetic | 2014, 2015 | extension of the Interval Constraint Propagation with Testing and the Intermediate Value Theorem | |||
| SatEEn | ? | Proprietary | v1.2}} | linear arithmetic, difference logic | none | 2009 | |||
| SMTInterpol | Linux, Mac OS, Windows | LGPLv3 | v2.0}} | uninterpreted functions, linear real arithmetic, and linear integer arithmetic | Java | 2012 | Focuses on generating high quality, compact interpolants. | ||
| SMCHR | Linux, Mac OS, Windows | GPLv3 | {{no}} | {{no}} | {{no}} | linear arithmetic, nonlinear arithmetic, heaps | C | no | Can implement new theories using Constraint Handling Rules. |
| [https://github.com/smtrat/smtrat/wiki SMT-RAT] | Linux, Mac OS | MIT | v2.0}} | {{no}} | {{no}} | linear arithmetic, nonlinear arithmetic | C++ | 2015 | Toolbox for strategic and parallel SMT solving consisting of a collection of SMT compliant implementations. |
| SONOLAR | Linux, Windows | Proprietary | partial v2.0}} | bitvectors | C | 2010 | SAT-solver based | ||
| Spear | Linux, Mac OS, Windows | Proprietary | v1.2}} | bitvectors | 2008 | ||||
| [https://stp.github.io/ STP] | Linux, OpenBSD, Windows, Mac OS | MIT | partial v2.0}} | {{yes}} | {{no}} | bitvectors, arrays | C, C++, Python, OCaml, Java | 2011 | SAT-solver based |
| SWORD | Linux | Proprietary | v1.2}} | bitvectors | 2009 | ||||
| UCLID | Linux | BSD | {{no}} | {{no}} | {{no}} | empty theory, linear arithmetic, bitvectors, and constrained lambda (arrays, memories, cache, etc.) | no | SAT-solver based, written in Moscow ML. Input language is SMV model checker. Well-documented! | |
| veriT | Linux, OS X | BSD | partial v2.0}} | empty theory, rational and integer linear arithmetics, quantifiers, and equality over uninterpreted function symbols | C/C++ | 2010 | SAT-solver based | ||
| Yices | Linux, Mac OS, Windows, FreeBSD | GPLv3 | v2.0}} | {{no}} | {{yes}} | rational and integer linear arithmetic, bitvectors, arrays, and equality over uninterpreted function symbols | C | 2014 | Source code is available online |
| [https://github.com/Z3Prover/z3 Z3] | Linux, Mac OS, Windows, FreeBSD | MIT | v2.0}} | {{yes}} | empty theory, linear arithmetic, nonlinear arithmetic, bitvectors, arrays, datatypes, quantifiers, strings | C/C++, .NET, OCaml, Python, Java, Haskell | 2011 | Source code is available online | |
Applications
SMT solvers are useful both for verification, proving the correctness of programs, software testing based on symbolic execution, and for synthesis, generating program fragments by searching over the space of possible programs.
Verification
Computer-aided verification of computer programs often uses SMT solvers. A common technique is to translate preconditions, postconditions, loop conditions, and assertions into SMT formulas in order to determine if all properties can hold.
There are many verifiers built on top of the [https://github.com/Z3Prover/z3 Z3] SMT solver. Boogie is an intermediate verification language that uses Z3 to automatically check simple imperative programs. The VCC verifier for concurrent C uses Boogie, as well as Dafny for imperative object-based programs, Chalice for concurrent programs, and Spec# for C#. F* is a dependently typed language that uses Z3 to find proofs; the compiler carries these proofs through to produce proof-carrying bytecode. The Viper verification infrastructure encodes verification conditions to Z3. The [https://hackage.haskell.org/package/sbv sbv] library provides SMT-based verification of Haskell programs, and lets the user choose among a number of solvers such as Z3, ABC, Boolector, CVC4, MathSAT and Yices.
There are also many verifiers built on top of the Alt-Ergo SMT solver. Here is a list of mature applications:
- Why3, a platform for deductive program verification, uses Alt-Ergo as its main prover;
- CAVEAT, a C-verifier developed by CEA and used by Airbus; Alt-Ergo was included in the qualification DO-178C of one of its recent aircraft;
- Frama-C, a framework to analyse C-code, uses Alt-Ergo in the Jessie and WP plugins (dedicated to "deductive program verification");
- SPARK, uses CVC4 and Alt-Ergo (behind GNATprove) to automate the verification of some assertions in SPARK 2014;
- Atelier-B can use Alt-Ergo instead of its main prover (increasing success from 84% to 98% on the ANR Bware project benchmarks);
- Rodin, a B-method framework developed by Systerel, can use Alt-Ergo as a back-end;
- Cubicle, an open source model checker for verifying safety properties of array-based transition systems.
- [https://www.easycrypt.info/ EasyCrypt], a toolset for reasoning about relational properties of probabilistic computations with adversarial code.
Many SMT solvers implement a common interface format called SMTLIB2 (such files usually have the extension ".smt2"). The [https://ucsd-progsys.github.io/liquidhaskell-blog/ LiquidHaskell]
tool implements a refinement type based verifier for Haskell that can use any SMTLIB2 compliant solver, e.g. CVC4, MathSat, or Z3.
Symbolic-execution based analysis and testing
An important application of SMT solvers is symbolic execution for analysis and testing of programs (e.g., concolic testing), aimed particularly at finding security vulnerabilities. Important actively-maintained tools in this category include SAGE from Microsoft Research, [https://klee.github.io/ KLEE], S2E, and [https://triton.quarkslab.com Triton]. SMT solvers that are particularly useful for symbolic-execution applications include [https://github.com/Z3Prover/z3 Z3], [https://sites.google.com/site/stpfastprover/ STP], [https://sites.google.com/site/z3strsolver/ Z3str2], and Boolector.
See also
- Answer set programming
Notes
2. ^{{Citation | first = A. | last = Bauer | authorlink = | first2 = M. | last2 = Pister | first3 = M. | last3 = Tautschnig | contribution = Tool-support for the analysis of hybrid systems and models | title = Proceedings of the 2007 Conference on Design, Automation and Test in Europe (DATE'07) | publisher = IEEE Computer Society | year = 2007 | doi = 10.1109/DATE.2007.364411 | page = 1 | isbn = 978-3-9810801-2-4 | citeseerx = 10.1.1.323.6807 }}
3. ^{{Citation | first = M. | last = Fränzle | first2 = C. | last2 = Herde | first3 = S. | last3 = Ratschan | first4 = T. | last4 = Schubert | first5 = T. | last5 = Teige | url = http://jsat.ewi.tudelft.nl/content/volume1/JSAT1_11_Fraenzle.pdf | contribution = Efficient Solving of Large Non-linear Arithmetic Constraint Systems with Complex Boolean Structure | title = JSAT Special Issue on SAT/CP Integration | volume =1 | pages = 209–236 | year = 2007 }}
References
- C Barrett, R Sebastiani, S Seshia, and C Tinelli, "Satisfiability Modulo Theories." In Handbook of Satisfiability, vol. 185 of Frontiers in Artificial Intelligence and Applications, (A Biere, M J H Heule, H van Maaren, and T Walsh, eds.), IOS Press, Feb. 2009, pp. 825–885.
- Vijay Ganesh (PhD. Thesis 2007), [https://ece.uwaterloo.ca/~vganesh/Publications_files/vg2007-PhD-STANFORD.pdf Decision Procedures for Bit-Vectors, Arrays and Integers], Computer Science Department, Stanford University, Stanford, CA, U.S., Sept 2007
- Susmit Jha, Rhishikesh Limaye, and Sanjit A. Seshia. [https://dx.doi.org/10.1007/978-3-642-02658-4_53 Beaver: Engineering an efficient SMT solver for bit-vector arithmetic.] In Proceedings of 21st International Conference on Computer-Aided Verification, pp. 668–674, 2009.
- R. E. Bryant, S. M. German, and M. N. Velev, "Microprocessor Verification Using Efficient Decision Procedures for a Logic of Equality with Uninterpreted Functions," in Analytic Tableaux and Related Methods, pp. 1–13, 1999.
- M. Davis and H. Putnam, {{doi-inline|10.1145/321033.321034|A Computing Procedure for Quantification Theory}}, Journal of the Association for Computing Machinery, vol. 7, no., pp. 201–215, 1960.
- M. Davis, G. Logemann, and D. Loveland, {{doi-inline|10.1145/368273.368557|A Machine Program for Theorem-Proving}}, Communications of the ACM, vol. 5, no. 7, pp. 394–397, 1962.
- D. Kroening and O. Strichman, Decision Procedures – an algorithmic point of view (2008), Springer (Theoretical Computer Science series) {{ISBN|978-3-540-74104-6}}.
- G.-J. Nam, K. A. Sakallah, and R. Rutenbar, {{doi-inline|10.1109/TCAD.2002.1004311|A New FPGA Detailed Routing Approach via Search-Based Boolean Satisfiability}}, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 21, no. 6, pp. 674–684, 2002.
- SMT-LIB: The Satisfiability Modulo Theories Library
- SMT-COMP: The Satisfiability Modulo Theories Competition
- Decision procedures - an algorithmic point of view
- R. Sebastiani, [https://pdfs.semanticscholar.org/a460/f0434c8a3c05b17633ad52269fee768fc9ae.pdf Lazy Satisfiability Modulo Theories], Dipartimento di Ingegneria e Scienza dell'Informazione, Universita di Trento, Italy, Dec 2007
- D.Yurichev, [https://yurichev.com/writings/SAT_SMT_draft-EN.pdf Quick introduction into SAT/SMT solvers and symbolic execution]
This article is adapted from a column in the ACM SIGDA [https://web.archive.org/web/20070208034716/http://www.sigda.org/newsletter/index.html e-newsletter] by Prof. Karem Sakallah. Original text is available here
- Consulting firms
- Consulting Firms
- Consulting lecture
- Consulting lecturer
- Consulting the Oracle
- Consume
- Consume, be silent, die
- Consume be silent die
- Consumed (album)
- Consumed (God album)
- Consumed (GOD album)
- Consumed scrubfowl
- Consumed Scrubfowl
- Consumed (The Walking Dead)
- Consumed (TV series)
- Consumed (TV Series)
- Consumentenbond
- Consumer Action Law Centre
- Consumer Affairs Agency
- ConsumerAffairs.com
- Consumer and family advisory committee
- Consumer and Family Advisory Committee (North Carolina)
- Consumer Appreciation
- Consumer arbitration
- Consumer Assessment of Healthcare Providers and Systems