Results 1  10
of
15
Lazy Satisfiability Modulo Theories
 JOURNAL ON SATISFIABILITY, BOOLEAN MODELING AND COMPUTATION 3 (2007) 141Â224
, 2007
"... Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingl ..."
Abstract

Cited by 181 (47 self)
 Add to MetaCart
(Show Context)
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingly important due to its applications in many domains in different communities, in particular in formal verification. An amount of papers with novel and very efficient techniques for SMT has been published in the last years, and some very efficient SMT tools are now available. Typical SMT (T) problems require testing the satisfiability of formulas which are Boolean combinations of atomic propositions and atomic expressions in T, so that heavy Boolean reasoning must be efficiently combined with expressive theoryspecific reasoning. The dominating approach to SMT (T), called lazy approach, is based on the integration of a SAT solver and of a decision procedure able to handle sets of atomic constraints in T (Tsolver), handling respectively the Boolean and the theoryspecific components of reasoning. Unfortunately, neither the problem of building an efficient SMT solver, nor even that
Checking safety by inductive generalization of counterexamples to induction
 Proc. FMCAD’07
"... Abstract—Scaling verification to large circuits requires some form of abstraction relative to the asserted property. We describe a safety analysis of finitestate systems that generalizes from counterexamples to the inductiveness of the safety specification to inductive invariants. It thus abstracts ..."
Abstract

Cited by 28 (8 self)
 Add to MetaCart
(Show Context)
Abstract—Scaling verification to large circuits requires some form of abstraction relative to the asserted property. We describe a safety analysis of finitestate systems that generalizes from counterexamples to the inductiveness of the safety specification to inductive invariants. It thus abstracts the system’s state space relative to the property. The analysis either strengthens a safety specification to be inductive or discovers a counterexample to its correctness. The analysis is easily made parallel. We provide experimental data showing how the analysis time decreases with the number of processes on several hard problems. I.
Improved SATbased reachability analysis with observability don’t cares
 Journal on Satisfiability, Boolean Modeling and Computation
"... The dramatic performance improvements of SAT solvers over the past decade have increased their deployment in hardware verification applications. Many problems that were previously too large and complex for SAT techniques can now be handled in an efficient manner. One such problem is reachability ana ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
The dramatic performance improvements of SAT solvers over the past decade have increased their deployment in hardware verification applications. Many problems that were previously too large and complex for SAT techniques can now be handled in an efficient manner. One such problem is reachability analysis, whose instances are found throughout verification applications such as unbounded model checking and trace reduction. In circuitbased reachability analysis important circuit information is often lost during the circuittoSAT translation process. Observability Don’t Cares (ODCs) are an example of such information that can potentially help achieve better and faster results for the SAT solver. This work proposes to use the ODCs to improve the quality and performance of SATbased reachability analysis frameworks. Since ODCs represent variables whose values do not affect the outcome of a problem, it is possible to satisfy a problem with fewer assigned variables. This in turn leads to more compact solutions and thus fewer solutions to cover the entire solution space. Specifically, this work presents an efficient way to identify ODCs, proves the correctness of leaving ODC variables unassigned, and develops a reachability analysis platform that benefits greatly from the ODCs. The advantages of using ODCs in reachability analysis is demonstrated through extensive experiments on unbounded model checking and trace reduction applications. Keywords: SAT solver, reachability analysis, model checking, observability don’t cares
Solving Satisfiability Problems with Preferences
"... Propositional satisfiability (SAT) is a success story in Computer Science and Artificial Intelligence: SAT solvers are currently used to solve problems in many different application domains, including planning and formal verification. The main reason for this success is that modern SAT solvers can s ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Propositional satisfiability (SAT) is a success story in Computer Science and Artificial Intelligence: SAT solvers are currently used to solve problems in many different application domains, including planning and formal verification. The main reason for this success is that modern SAT solvers can successfully deal with problems having millions of variables. All these solvers are based on the DavisLogemannLoveland procedure (DLL). In its original version, DLL is a decision procedure, but it can be very easily modified in order to return one or all assignments satisfying the input set of clauses, assuming at least one exists. However, in many cases it is not enough to compute assignments satisfying all the input clauses: Indeed, the returned assignments have also to be “optimal” in some sense, e.g., they have to satisfy as many other constraints –expressed as preferences – as possible. In this paper we start with qualitative preferences on literals, defined as a partially ordered set (poset) of literals. Such a poset induces a poset on total assignments and leads to the definition of optimal model for a formula ψ as a minimal element of the poset on the models of ψ. We show (i) how DLL can be extended in order to return one or all optimal models of ψ (once converted in clauses and assuming ψ is satisfiable), and (ii) how the same procedures can be used to compute optimal models wrt a qualitative preference on formulas and/or wrt a quantitative preference on literals or formulas. We implemented our ideas and we tested the resulting system on a variety of very challenging structured benchmarks. The results indicate that our implementation has comparable performances with other stateoftheart systems, tailored for the specific problems we consider.
Efficient TermITE Conversion for Satisfiability Modulo Theories
 Proceedings of SAT’09, volume 5584 of LNCS
, 2009
"... Abstract. This paper describes how termifthenelse (termITE) is handled in Satisfiability Modulo Theories (SMT) and to decide Linear Arithmetic Logic (LA) in particular. TermITEs allow one to conveniently express verification conditions; hence, they are very common in practice. However, the the ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Abstract. This paper describes how termifthenelse (termITE) is handled in Satisfiability Modulo Theories (SMT) and to decide Linear Arithmetic Logic (LA) in particular. TermITEs allow one to conveniently express verification conditions; hence, they are very common in practice. However, the theory provers of SMT solvers are usually designed to work on conjunctions of literals; therefore, the input formulae are rewritten so as to eliminate termITEs. The challenge in rewriting is to avoid introducing too many new variables, while avoiding as often as possible the exponential explosion that is frequent when a naive approach is applied. We propose a solution that is based on cofactoring and theory propagation, which often produces ordersofmagnitude speedups in several SMT solvers for LA problems. 1
Synthesizing Complementary Circuits Automatically
 ICCAD'09
, 2009
"... One of the most difficult jobs in designing communication and multimedia chips, is to design and verify complex complementary circuit pair (E, E −1), in which circuit E transforms information into a format that is suitable for transmission and storage, while E’s complementary circuit E −1 recovers t ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
One of the most difficult jobs in designing communication and multimedia chips, is to design and verify complex complementary circuit pair (E, E −1), in which circuit E transforms information into a format that is suitable for transmission and storage, while E’s complementary circuit E −1 recovers this information. In order to ease this job, we propose a novel twostep approach to synthesize complementary circuit E −1 from E fully automatically. First, we assume that the circuit E satisfies parameterized complementary assumption, which means its input can be recovered from its output under some parameter setting. We check this assumption with SAT solver and find out proper values of these parameters. Second, with parameter values and the SAT instance obtained in the first step, we build the complementary circuit E −1 with an efficient satisfying assignments enumeration technique that is specially designed for circuits with lots of XOR gates. To illustrate its usefulness and efficiency, we run our algorithm on several complex encoders from industrial projects, including PCIE and 10G ethernet, and successfully generate correct complementary circuits for them.
On Automated Trigger Event Generation in PostSilicon Validation
 In Proceedings of the IEEE/ACM Design, Automation and Test in Europe
, 2008
"... When searching for functional bugs in silicon, debug data is acquired after a trigger event occurs. A trigger event can be configured at runtime using a set of control registers that uniquely identify the event that initiates data acquisition. Nonetheless the values loaded in these programmable re ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
(Show Context)
When searching for functional bugs in silicon, debug data is acquired after a trigger event occurs. A trigger event can be configured at runtime using a set of control registers that uniquely identify the event that initiates data acquisition. Nonetheless the values loaded in these programmable registers interact only with a set of predefined trigger signals that are selected at designtime. If the state conditions required for triggering cannot be expressed directly in terms of the predefined trigger signals, the common practice is that the designer manually searches for an equivalent trigger event that can be programmed onchip. In this paper we investigate if trigger events can be automatically generated from a set of state conditions. 1.
Linking anonymous transactions: The consistent view attack
 In Proceedings of Privacy Enhancing Technologies, 6th International Workshop, PET 2006, number 4258 in Lecture Notes in Computer Science
, 2006
"... Abstract. In this paper we study a particular attack that may be launched by cooperating organisations in order to link the transactions and the pseudonyms of the users of an anonymous credential system. The results of our analysis are both positive and negative. The good (resp. bad) news, from a pr ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we study a particular attack that may be launched by cooperating organisations in order to link the transactions and the pseudonyms of the users of an anonymous credential system. The results of our analysis are both positive and negative. The good (resp. bad) news, from a privacy protection (resp. evidence gathering) viewpoint, is that the attack may be computationally intensive. In particular, it requires solving a problem that is polynomial time equivalent to ALLSAT. The bad (resp. good) news is that a typical instance of this problem may be efficiently solvable. 1
Quantifier Elimination by Dependency Sequents
, 1201
"... Abstract. We consider the problem of existential quantifier elimination for Boolean formulas in Conjunctive Normal Form (CNF). We present a new method for solving this problem called Derivation of DependencySequents (DDS). A Dependencysequent (Dsequent) is used to record that a set of quantified ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We consider the problem of existential quantifier elimination for Boolean formulas in Conjunctive Normal Form (CNF). We present a new method for solving this problem called Derivation of DependencySequents (DDS). A Dependencysequent (Dsequent) is used to record that a set of quantified variables is redundant under a partial assignment. We introduce a resolutionlike operation called join that produces a new Dsequent from two existing Dsequents. We also show that DDS is compositional, e.g., if our input formula is a conjunction of independent formulas, DDS automatically recognizes and exploits this information. We introduce an algorithm based on DDS and present experimental results demonstrating its potential. 1
Disequality Management in Integer Difference Logic via Finite Instantiations ∗
, 2006
"... The last few years have seen the advent of a new breed of decision procedures for various fragments of firstorder logic based on propositional abstraction. A lazy satisfiability checker for a given fragment of firstorder logic invokes a theoryspecific decision procedure (a theory solver) on a (pa ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
The last few years have seen the advent of a new breed of decision procedures for various fragments of firstorder logic based on propositional abstraction. A lazy satisfiability checker for a given fragment of firstorder logic invokes a theoryspecific decision procedure (a theory solver) on a (partial) model for the abstraction. If the model is found to be consistent in the given theory, then a model for the original formula has been found. Otherwise, a refinement of the propositional abstraction is extracted from the proof of inconsistency and the search is resumed. We describe a theory solver for integer difference logic that is effective when the formula to be decided contains equality and disequality (negated equality) constraints so that the decision problem partakes of the nature of the pigeonhole problem. We propose a reduction of the problem to propositional satisfiability by computing bounds on a sufficient subset of solutions, and present experimental evidence for the efficiency of this approach.