Download PDFOpen PDF in browserApplications and Challenges in Satisfiability Modulo Theories11 pages•Published: June 22, 2012AbstractThe area of software analysis, testing and verification is now undergoing a revolution thanks to the use of automated and scalable support for logical methods. A well-recognized premise is that at the core of software analysis engines is invariably a component using logical formulas for describing states and transformations between system states. One can thus say that symbolic logic is the calculus of computation. The process of using this information for discovering and checking program properties (including such important properties as safety and security) amounts to automatic theorem proving. In particular, theorem provers that directly support common software constructs offer a compelling basis. Such provers are commonly called satisfiability modulo theories (SMT) solvers.Z3 is the leading SMT solver. It is developed by the authors at Microsoft Research. It can be used to check the satisfiability of logical formulas over one or more theories such as arithmetic, bit-vectors, lists, records and arrays. This paper examines three applications of Z3 in the context of invariant generation. The first lets Z3 infer invariants as a constraint satisfaction problem, the second application illustrates the use of Z3 for bit-precise analysis and our third application exemplifies using Z3 for calculations. In: Andrei Voronkov, Laura Kovacs and Nikolaj Bjorner (editors). WING 2010. Workshop on Invariant Generation 2010, vol 1, pages 1-11.
|