This document provides an overview of model checking using satisfiability modulo theories (SMT). It discusses modeling systems as states that can transition between each other, modeling properties as conditions on states, and using forward reachability analysis to check if any reachable state violates the property. The document uses the example of modeling and verifying properties of a washing machine to illustrate these concepts. It describes modeling the washing machine as states defined by variables, transitions that change the state variables, and modeling the property that the door is closed when the engine is on. It then explains how model checking uses forward reachability to systematically explore all reachable states to check if any violate the property.
The document summarizes a presentation on Turing machines. It introduces Turing machines as hypothetical machines conceived by Alan Turing that can simulate any computer algorithm. It then discusses variations of Turing machines and provides examples. Some key advantages are that Turing machines can determine if a problem is decidable or not and can help classify problems. Limitations mentioned are that Turing machines do not model computational complexity or concurrency well. Uses of Turing machines are also noted.
This presentation provides an overview of SMT, a global leader in seismic and geological interpretation software. SMT has double-digit yearly revenue growth, offices in 7 countries, and agents in 28 countries. The company's product line includes software for seismic inversion, attributes, synthetics and modeling, depth conversion, pre-stack analysis, 3D visualization, interpretation, well and log analysis. SMT prides itself on optimized workflows, advanced science, and real-time integration across its software suite.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise stimulates the production of endorphins in the brain which elevate mood and reduce stress levels.
IC Point is an Indian company established in 2005 that trades electronic components. It offers a wide range of electronic components including transistors, resistors, capacitors, oscillators, sockets, semiconductors, regulators, microcontrollers, and more. The products are sourced from reputable manufacturers using quality materials. IC Point aims to provide these products to customers at efficient prices with benefits like payment flexibility and timely deliveries. It is led by owner Mr. Sandeep who helps achieve business goals through his experience.
Cristo Jesús es el camino para la salvación, creer en él y arrepentirse de los pecados, confesar la fe y bautizarse para perseverar viviendo conforme a sus enseñanzas.
This document discusses the lazy approach to satisfiability modulo theories (SMT). It begins by introducing the lazy approach, which builds on SAT solvers and theory solvers. The lazy approach works by having the SAT solver enumerate Boolean models and checking them with a theory solver. If a Boolean model is deemed unsatisfiable by the theory solver, it is blocked from being enumerated again. This process terminates as there are a finite number of Boolean models. The document presents the lazy approach as an abstraction refinement method and notes how it fits within the conflict-driven clause learning (CDCL) framework. Implementation details of the lazy approach in the OpenSMT solver are also mentioned.
The document summarizes a presentation on Turing machines. It introduces Turing machines as hypothetical machines conceived by Alan Turing that can simulate any computer algorithm. It then discusses variations of Turing machines and provides examples. Some key advantages are that Turing machines can determine if a problem is decidable or not and can help classify problems. Limitations mentioned are that Turing machines do not model computational complexity or concurrency well. Uses of Turing machines are also noted.
This presentation provides an overview of SMT, a global leader in seismic and geological interpretation software. SMT has double-digit yearly revenue growth, offices in 7 countries, and agents in 28 countries. The company's product line includes software for seismic inversion, attributes, synthetics and modeling, depth conversion, pre-stack analysis, 3D visualization, interpretation, well and log analysis. SMT prides itself on optimized workflows, advanced science, and real-time integration across its software suite.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise stimulates the production of endorphins in the brain which elevate mood and reduce stress levels.
IC Point is an Indian company established in 2005 that trades electronic components. It offers a wide range of electronic components including transistors, resistors, capacitors, oscillators, sockets, semiconductors, regulators, microcontrollers, and more. The products are sourced from reputable manufacturers using quality materials. IC Point aims to provide these products to customers at efficient prices with benefits like payment flexibility and timely deliveries. It is led by owner Mr. Sandeep who helps achieve business goals through his experience.
Cristo Jesús es el camino para la salvación, creer en él y arrepentirse de los pecados, confesar la fe y bautizarse para perseverar viviendo conforme a sus enseñanzas.
This document discusses the lazy approach to satisfiability modulo theories (SMT). It begins by introducing the lazy approach, which builds on SAT solvers and theory solvers. The lazy approach works by having the SAT solver enumerate Boolean models and checking them with a theory solver. If a Boolean model is deemed unsatisfiable by the theory solver, it is blocked from being enumerated again. This process terminates as there are a finite number of Boolean models. The document presents the lazy approach as an abstraction refinement method and notes how it fits within the conflict-driven clause learning (CDCL) framework. Implementation details of the lazy approach in the OpenSMT solver are also mentioned.
The Chinese New Year, also known as the Lunar New Year, is a 15-day festival celebrated from the first day of the first month of the lunar year. It is a time for families to reunite and honor their ancestors. The celebration includes religious ceremonies for Heaven, Earth, and ancestors. Ancestors are respected as the foundations of family fortune. Their spirits are acknowledged at a family banquet on New Year's Eve. The new year is celebrated as one community of both living and departed relatives. Students will draw pictures of animals in the Chinese zodiac and write about the differences between American and Chinese New Year celebrations.
The Chinese New Year, also known as the Lunar New Year, is a 15-day festival celebrated from the first day of the first month of the lunar year. It is a time for families to reunite and honor their ancestors. The celebration includes religious ceremonies for Heaven, Earth, and ancestors. Ancestors are respected as the founders of the family's fortune. Families set out food for the ancestors during a communal feast on New Year's Eve to celebrate the new year together as one community, both living and dead. The festival aims to promote family unity and respect for past generations.
The Chinese New Year, also known as the Lunar New Year, is a 15-day festival celebrated from the first day of the first month of the lunar year. It is a time for families to reunite and honor their ancestors. The celebration includes religious ceremonies for Heaven, Earth, and ancestors. Ancestors are respected as the founders of the family's fortune. Families set out food for the ancestors during a communal feast on New Year's Eve to celebrate the new year together as one community, both living and dead. The festival aims to promote family unity and honor past and present generations.
La persona extraña a un amigo que se fue y siente que algo se muere en su alma con su partida. Le recuerda al amigo que lo quieren y que siempre será parte de su familia, esperando verlo nuevamente en México algún día.
This document describes an integer difference logic (IDL) theory solver that is tightly integrated with a SAT solver. It presents the lazy approach of having the SAT solver enumerate Boolean models and having the theory solver check their consistency in the theory. For IDL, it translates constraints into a graph and checks for negative cycles to determine satisfiability. It uses the Bellman-Ford algorithm to compute shortest paths and find a model if no negative cycles exist. The solver aims to reason incrementally, return minimal conflicts, and perform theory propagation for efficiency.
The document discusses Chinese New Year traditions and celebrations. It describes how Chinese New Year is celebrated over 15 days, beginning with the New Moon on the first day of the new year and ending on the Lantern Festival. It explains how Chinese New Year falls on a different date each year according to the Western calendar due to differences in the Chinese and Western calendars. It also provides details about how families traditionally celebrate New Year's Eve and New Year's Day as a time of reunion and giving respect to ancestors.
Dokumen tersebut membahas pentingnya belajar sepanjang hidup karena belajar dapat membuka banyak kesempatan dan meningkatkan jaringan sosial serta menjaga otak tetap aktif. Dianjurkan untuk belajar dari berbagai sumber, kapan saja, dan dengan berbagi pengetahuan melalui diskusi dan membaca. Belajar tidak pernah berhenti sepanjang hidup.
SGS Tekniks - Best Electronic Contract Manufacturing Company in IndiaSGS Tekniks
SGS Tekniks offers electronic contract manufacturing services in the Medical, Industrial, Automotive, Defence and Public Safety market segments. Our electronics design and electronic manufacturing services (EMS) core focus is vital in the creation of durable products that require high reliability. These products perform exceptionally well in even the most challenging environments.
SGS Tekniks Builds Success For Electronics Manufacturing Customers Around The Globe.
Visit our website to know more : http://www.sgst.com/
PCB Assemblies : http://www.sgst.com/services-offered/pcb-assemblies/
Box Products : http://www.sgst.com/services-offered/box-products/
Electronic Design Services : http://www.sgst.com/services-offered/electronic-design-services/
Tidal wave power harnesses the predictable energy of tides through various methods to generate electricity. It has been used since 787 A.D. and provides a clean, reliable source. Common techniques include barrages, where gates are opened to allow tidal flow through turbines when water levels differ, and tide turbines similar to wind turbines but placed underwater in fast-moving ocean currents. Other approaches are tidal reefs, which generate power while allowing fish migration, and push plates that connect tidal motion to generators through a chain reaction.
C’est devenu une habitude. Depuis désormais cinq ans, la prudence est de mise lorsque l’on évoque, à cette période de l’année, le numéro un mondial des salons de sous-traitance industrielle. L’industrie, et au premier chef la sous-traitance, n’est-elle pas pointée du doigt comme la principale victime et le symbole de la crise durable que traverse l’Europe en général et la France en particulier ?
Cette 43ème édition du MIDEST, qui se tiendra du 19 au 22 novembre au Parc des Expositions de Paris Nord Villepinte, ne fait pas exception à la règle. Mais, ses organisateurs sont à ce stade résolument optimistes, enregistrant de bons résultats en France comme à l’international et travaillant à faire en sorte que leur événement soit plus que jamais au service des sous-traitants, non seulement pour les aider à traverser cette période mais, bien plus, à renforcer leur activité et à la développer en attirant des visiteurs issus en particulier de secteurs nouveaux ou en développement pouvant offrir des débouchés concrets et rémunérateurs. Les exposants semblent d’ailleurs bien conscients des opportunités que leur offre cette manifestation puisqu’au 23 mai, le taux de réservation est supérieur de 7% à celui de 2012 à la même période avec 70% de la surface fermement réservée.
Afin de les accompagner au mieux, le salon lance, cette année encore, de nombreuses nouveautés. Il réalisera ainsi un focus sur un secteur d’avenir, l’énergie, et mettra pour la première fois à l’honneur une nation non-européenne, l’Afrique du Sud, ouvrant des perspectives de coopération nouvelles pour les
sous-traitants tournés vers l’export. Des actions accompagnées par le lancement, ces dernières semaines, d’un tout nouveau site Internet destiné à favoriser les recherches des internautes tout au long de l’année et valorisant mieux les différents secteurs de la sous-traitance industrielle et l’actualité des marchés.
Component & assembly issues in PCB designSubash John
The document discusses issues related to lead-free component assembly on printed circuit boards. Higher processing temperatures are required for lead-free assembly, which can damage base materials. This leads to an increase in defects like voids, delamination, and cracking. Proper material selection and finish choice are important to address challenges from the transition to lead-free assembly. Key considerations include moisture absorption, corrosion resistance, and material properties at higher temperatures.
Surface mount technology involves attaching electronic components directly to the surface of printed circuit boards, as opposed to through-hole technology where components are inserted into holes. There are three main types of surface mount assemblies depending on whether components are mounted on one or both sides of the board. The surface mount process involves designing the board, applying solder paste, placing components, soldering, cleaning, and potential repair. Infrared and hot gas soldering are two common soldering techniques used. Reworking involves removing faulty components and soldering new ones in their place.
Electronic manufacturing v3.0 - Fab Academy 2016seeedstudio
Open source and DIY electronics are filling Fab Labs and maker spaces with new tools for incredible creations. How can we design tools to change how people make things? How to scale DIY electronics to millions of users?
https://plus.google.com/u/0/events/ca5ss0rvia897dk3qgloqo1gjr0
This document contains slides about C programming operators from a presentation given by Pradeep Dwivedi. It discusses unary, binary, and ternary operators in C and provides examples of arithmetic, relational, logical, assignment, increment/decrement, conditional, and bitwise operators. It also covers conditional/decision statements like if-else, switch-case, and the ternary operator. Code examples are given to demonstrate the use of various operators and conditional statements.
The document summarizes the topics covered in Lecture 19 of CSE370 including the differences between Moore and Mealy machines, examples of designing FSMs as Moore and Mealy machines including a parity checker, and provides details about the upcoming Midterm 2 exam covering material through simple FSM design.
This document covers an introduction to logic and propositions. It discusses statements and propositions, truth values, and the difference between them. Various logical operators and connectives like negation, conjunction, disjunction and their truth tables are presented. The concepts of tautologies, contradictions and logical equivalence are introduced. Propositional functions, predicates, universal and existential quantification are also discussed through examples.
This document covers an introduction to logic and propositions. It discusses statements and propositions, truth values, and the difference between them. Various logical operators and connectives like negation, conjunction, disjunction and others are defined through truth tables. The document also discusses combining propositions using logical operators, and the concepts of tautologies, contradictions and logical equivalence. Finally, it introduces propositional functions, predicates, and quantification using universal and existential quantifiers.
Here are the summaries for the 3 questions:
1. An open-loop control system operates without feedback of the output, while a closed-loop control system uses feedback of the output to the input. An example of open-loop is a basic speed control system, while cruise control in cars is closed-loop as it senses and adjusts speed based on feedback.
2. The main design objectives of any control system are: achieving the desired transient response, minimizing steady-state error, ensuring stability, and making the system robust to parameter variations.
3. The total system response C is found using superposition as C = CR + CU1 + CU2, where CR, CU1, and CU2 are the individual
The Chinese New Year, also known as the Lunar New Year, is a 15-day festival celebrated from the first day of the first month of the lunar year. It is a time for families to reunite and honor their ancestors. The celebration includes religious ceremonies for Heaven, Earth, and ancestors. Ancestors are respected as the foundations of family fortune. Their spirits are acknowledged at a family banquet on New Year's Eve. The new year is celebrated as one community of both living and departed relatives. Students will draw pictures of animals in the Chinese zodiac and write about the differences between American and Chinese New Year celebrations.
The Chinese New Year, also known as the Lunar New Year, is a 15-day festival celebrated from the first day of the first month of the lunar year. It is a time for families to reunite and honor their ancestors. The celebration includes religious ceremonies for Heaven, Earth, and ancestors. Ancestors are respected as the founders of the family's fortune. Families set out food for the ancestors during a communal feast on New Year's Eve to celebrate the new year together as one community, both living and dead. The festival aims to promote family unity and respect for past generations.
The Chinese New Year, also known as the Lunar New Year, is a 15-day festival celebrated from the first day of the first month of the lunar year. It is a time for families to reunite and honor their ancestors. The celebration includes religious ceremonies for Heaven, Earth, and ancestors. Ancestors are respected as the founders of the family's fortune. Families set out food for the ancestors during a communal feast on New Year's Eve to celebrate the new year together as one community, both living and dead. The festival aims to promote family unity and honor past and present generations.
La persona extraña a un amigo que se fue y siente que algo se muere en su alma con su partida. Le recuerda al amigo que lo quieren y que siempre será parte de su familia, esperando verlo nuevamente en México algún día.
This document describes an integer difference logic (IDL) theory solver that is tightly integrated with a SAT solver. It presents the lazy approach of having the SAT solver enumerate Boolean models and having the theory solver check their consistency in the theory. For IDL, it translates constraints into a graph and checks for negative cycles to determine satisfiability. It uses the Bellman-Ford algorithm to compute shortest paths and find a model if no negative cycles exist. The solver aims to reason incrementally, return minimal conflicts, and perform theory propagation for efficiency.
The document discusses Chinese New Year traditions and celebrations. It describes how Chinese New Year is celebrated over 15 days, beginning with the New Moon on the first day of the new year and ending on the Lantern Festival. It explains how Chinese New Year falls on a different date each year according to the Western calendar due to differences in the Chinese and Western calendars. It also provides details about how families traditionally celebrate New Year's Eve and New Year's Day as a time of reunion and giving respect to ancestors.
Dokumen tersebut membahas pentingnya belajar sepanjang hidup karena belajar dapat membuka banyak kesempatan dan meningkatkan jaringan sosial serta menjaga otak tetap aktif. Dianjurkan untuk belajar dari berbagai sumber, kapan saja, dan dengan berbagi pengetahuan melalui diskusi dan membaca. Belajar tidak pernah berhenti sepanjang hidup.
SGS Tekniks - Best Electronic Contract Manufacturing Company in IndiaSGS Tekniks
SGS Tekniks offers electronic contract manufacturing services in the Medical, Industrial, Automotive, Defence and Public Safety market segments. Our electronics design and electronic manufacturing services (EMS) core focus is vital in the creation of durable products that require high reliability. These products perform exceptionally well in even the most challenging environments.
SGS Tekniks Builds Success For Electronics Manufacturing Customers Around The Globe.
Visit our website to know more : http://www.sgst.com/
PCB Assemblies : http://www.sgst.com/services-offered/pcb-assemblies/
Box Products : http://www.sgst.com/services-offered/box-products/
Electronic Design Services : http://www.sgst.com/services-offered/electronic-design-services/
Tidal wave power harnesses the predictable energy of tides through various methods to generate electricity. It has been used since 787 A.D. and provides a clean, reliable source. Common techniques include barrages, where gates are opened to allow tidal flow through turbines when water levels differ, and tide turbines similar to wind turbines but placed underwater in fast-moving ocean currents. Other approaches are tidal reefs, which generate power while allowing fish migration, and push plates that connect tidal motion to generators through a chain reaction.
C’est devenu une habitude. Depuis désormais cinq ans, la prudence est de mise lorsque l’on évoque, à cette période de l’année, le numéro un mondial des salons de sous-traitance industrielle. L’industrie, et au premier chef la sous-traitance, n’est-elle pas pointée du doigt comme la principale victime et le symbole de la crise durable que traverse l’Europe en général et la France en particulier ?
Cette 43ème édition du MIDEST, qui se tiendra du 19 au 22 novembre au Parc des Expositions de Paris Nord Villepinte, ne fait pas exception à la règle. Mais, ses organisateurs sont à ce stade résolument optimistes, enregistrant de bons résultats en France comme à l’international et travaillant à faire en sorte que leur événement soit plus que jamais au service des sous-traitants, non seulement pour les aider à traverser cette période mais, bien plus, à renforcer leur activité et à la développer en attirant des visiteurs issus en particulier de secteurs nouveaux ou en développement pouvant offrir des débouchés concrets et rémunérateurs. Les exposants semblent d’ailleurs bien conscients des opportunités que leur offre cette manifestation puisqu’au 23 mai, le taux de réservation est supérieur de 7% à celui de 2012 à la même période avec 70% de la surface fermement réservée.
Afin de les accompagner au mieux, le salon lance, cette année encore, de nombreuses nouveautés. Il réalisera ainsi un focus sur un secteur d’avenir, l’énergie, et mettra pour la première fois à l’honneur une nation non-européenne, l’Afrique du Sud, ouvrant des perspectives de coopération nouvelles pour les
sous-traitants tournés vers l’export. Des actions accompagnées par le lancement, ces dernières semaines, d’un tout nouveau site Internet destiné à favoriser les recherches des internautes tout au long de l’année et valorisant mieux les différents secteurs de la sous-traitance industrielle et l’actualité des marchés.
Component & assembly issues in PCB designSubash John
The document discusses issues related to lead-free component assembly on printed circuit boards. Higher processing temperatures are required for lead-free assembly, which can damage base materials. This leads to an increase in defects like voids, delamination, and cracking. Proper material selection and finish choice are important to address challenges from the transition to lead-free assembly. Key considerations include moisture absorption, corrosion resistance, and material properties at higher temperatures.
Surface mount technology involves attaching electronic components directly to the surface of printed circuit boards, as opposed to through-hole technology where components are inserted into holes. There are three main types of surface mount assemblies depending on whether components are mounted on one or both sides of the board. The surface mount process involves designing the board, applying solder paste, placing components, soldering, cleaning, and potential repair. Infrared and hot gas soldering are two common soldering techniques used. Reworking involves removing faulty components and soldering new ones in their place.
Electronic manufacturing v3.0 - Fab Academy 2016seeedstudio
Open source and DIY electronics are filling Fab Labs and maker spaces with new tools for incredible creations. How can we design tools to change how people make things? How to scale DIY electronics to millions of users?
https://plus.google.com/u/0/events/ca5ss0rvia897dk3qgloqo1gjr0
This document contains slides about C programming operators from a presentation given by Pradeep Dwivedi. It discusses unary, binary, and ternary operators in C and provides examples of arithmetic, relational, logical, assignment, increment/decrement, conditional, and bitwise operators. It also covers conditional/decision statements like if-else, switch-case, and the ternary operator. Code examples are given to demonstrate the use of various operators and conditional statements.
The document summarizes the topics covered in Lecture 19 of CSE370 including the differences between Moore and Mealy machines, examples of designing FSMs as Moore and Mealy machines including a parity checker, and provides details about the upcoming Midterm 2 exam covering material through simple FSM design.
This document covers an introduction to logic and propositions. It discusses statements and propositions, truth values, and the difference between them. Various logical operators and connectives like negation, conjunction, disjunction and their truth tables are presented. The concepts of tautologies, contradictions and logical equivalence are introduced. Propositional functions, predicates, universal and existential quantification are also discussed through examples.
This document covers an introduction to logic and propositions. It discusses statements and propositions, truth values, and the difference between them. Various logical operators and connectives like negation, conjunction, disjunction and others are defined through truth tables. The document also discusses combining propositions using logical operators, and the concepts of tautologies, contradictions and logical equivalence. Finally, it introduces propositional functions, predicates, and quantification using universal and existential quantifiers.
Here are the summaries for the 3 questions:
1. An open-loop control system operates without feedback of the output, while a closed-loop control system uses feedback of the output to the input. An example of open-loop is a basic speed control system, while cruise control in cars is closed-loop as it senses and adjusts speed based on feedback.
2. The main design objectives of any control system are: achieving the desired transient response, minimizing steady-state error, ensuring stability, and making the system robust to parameter variations.
3. The total system response C is found using superposition as C = CR + CU1 + CU2, where CR, CU1, and CU2 are the individual
The document summarizes Lecture 19 of the CSE370 course. It discusses Moore and Mealy finite state machines, providing examples to illustrate the differences between them. It also reviews the material covered since Midterm 1, including sequential logic components, counters, shift registers, state diagrams, and finite state machine design. Finally, it provides logistics for Midterm 2, which will cover Lectures 9 to 18 excluding some advanced topics.
The document discusses efficient SAT solvers and the DPLL/CDCL approaches. It begins with an introduction to SAT solvers and discusses reducing SMT formulas to SAT. It then outlines the topics to be covered, including the DPLL procedure, CDCL SAT solvers, clause learning, conflict analysis and non-chronological backtracking.
This document discusses constraint satisfaction problems (CSPs) and techniques for solving them. It begins by defining CSPs as problems with variables, domains of possible values, and constraints limiting assignments. Backtracking search and heuristics like minimum remaining values are described as standard approaches. Constraint propagation techniques like forward checking and arc consistency are explained, which aim to detect inconsistencies earlier. The 4-queens problem is provided as an example CSP.
State machines are models that can represent systems whose outputs depend on their input history rather than just the most recent input. They have a set of possible internal states, inputs, outputs, and functions that determine the next state and current output based on the current state and input. There are different types of state machines, including finite state machines with a finite number of states, Mealy machines where the output depends on the current state and input, and Moore machines where the output depends only on the current state. State machines can be used to model systems in many domains like user interfaces, DNA sequences, and spacecraft operations.
The document provides information about an upcoming lab, homework assignments, and midterm for a class. It discusses Moore and Mealy finite state machines and gives examples to illustrate the differences between them. Details are also given about the topics and format for the upcoming Midterm 2 exam.
This document discusses applying fuzzy logic to anti-lock braking systems (ABS). It begins with an introduction to ABS and fuzzy logic. It then reviews literature on ABS control methods. The components of ABS are described, including wheel speed sensors, brake calipers, and a computer. Fuzzy logic is proposed to model the nonlinear relationships in ABS. Reasons for using fuzzy logic include its conceptual ease of understanding and flexibility. The document provides an example of a fuzzy rule and membership functions. Finally, it discusses building an ABS fuzzy logic system in MATLAB and some companies involved in ABS technologies.
This slide show contains a detailed explanation of the following topics from Control System:
1. Open loop & Closed loop
2. Mathematical modeling
3. f-v and f-i analogy
4. Block diagram reduction technique
5. Signal flow graph
This document provides a summary of a course on Satisfiability Modulo Theories (SMT). It discusses several key approaches to solving SMT formulas, including reducing SMT to SAT by encoding theory atoms as Boolean variables and adding clauses representing theory inconsistencies. It also describes the "lazy approach" of iteratively querying a SAT solver to find Boolean models and a theory solver to check their satisfiability in the theory, adding blocking clauses to prune unsatisfiable models. Several exercises are provided, such as proving the correctness of the encoding to SAT and analyzing conflicts during SAT solving. The document outlines the course topics and provides examples to illustrate SMT solving techniques.
This document discusses extending the OpenSMT satisfiability modulo theories (SMT) solver to implement a new theory called "simple order" (SO). It outlines the steps to: 1) Set up files and directories for the new SO solver, 2) Connect the SO solver to OpenSMT, 3) Implement the SO solver by representing constraints as a graph and checking for cycles to determine satisfiability. Key aspects covered include using enodes to represent terms and formulas, implementing adjacency lists and depth-first search to check for cycles in the constraint graph, and computing conflicts by tracking parent edges.
This document discusses a theory solver for the theory of uninterpreted functions (UF) in satisfiability modulo theories (SMT). It presents the key components of a UF solver, including union-find algorithms to handle equalities, congruence closure to handle functions, and computing theory conflicts. The solver decides satisfiability of UF formulas in incremental, backtrackable, and theory-propagating manner. It can also be used as a base layer for other theory solvers like LRA.
This document discusses a theory solver for linear rational arithmetic (LRA). It begins with an overview of the basic solving process, including preprocessing to separate formulas into equations and bounds, and storing equations in a tableau data structure. It then describes how bounds are asserted on variables, which may tighten bounds or require updating the model if a bound conflicts with the current value assigned to a variable. Asserting a bound on a non-basic variable in particular may cause the values of basic variables to be adjusted. The document provides examples to illustrate these concepts.
The document discusses bit-vectors, which represent hardware and software constructs using a finite number of bits. It describes bit-vector syntax including selection, concatenation, and arithmetic/bitwise operations. The semantics assign each bit-vector sort a domain and interpret variables and terms based on assignments to variables. Solving bit-vector formulas uses a technique called bit-blasting that reduces the problems to Boolean satisfiability.
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...NelTorrente
In this research, it concludes that while the readiness of teachers in Caloocan City to implement the MATATAG Curriculum is generally positive, targeted efforts in professional development, resource distribution, support networks, and comprehensive preparation can address the existing gaps and ensure successful curriculum implementation.
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
How to Fix the Import Error in the Odoo 17Celine George
An import error occurs when a program fails to import a module or library, disrupting its execution. In languages like Python, this issue arises when the specified module cannot be found or accessed, hindering the program's functionality. Resolving import errors is crucial for maintaining smooth software operation and uninterrupted development processes.
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
How to Manage Your Lost Opportunities in Odoo 17 CRMCeline George
Odoo 17 CRM allows us to track why we lose sales opportunities with "Lost Reasons." This helps analyze our sales process and identify areas for improvement. Here's how to configure lost reasons in Odoo 17 CRM
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
3. Introduction
Model-Checking is a set of techniques to approach the verification of a
system (e.g., a hardware circuit, a program, a protocol)
It was proposed by Clarke-Emerson and Sifakis-Quine as a way of
automatically prove properties of a system
The authors received the Turing Award in 2007
The idea of model-checking was in contrast with the established
“philosophy” at that time (∼ 1980) which was suggesting
semi-automatic human-driven approaches: MC is loved by industry
because of this “push-button” characteristic
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 3 / 44
4. Model-Checking - Modeling
In MC we model the behavior of a system with the notion of state. A
state is a configuration of the system at a particular time instant
The system can change state by means of a transition
We are interested in a property of the system
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 4 / 44
5. Model-Checking - Modeling
In MC we model the behavior of a system with the notion of state. A
state is a configuration of the system at a particular time instant
The system can change state by means of a transition
We are interested in a property of the system
Example:
System: a washing machine
A state: “the door is open and the engine is off”
A transition: “if the door is open then close the door”
A property: “When the engine is on, the door is closed”
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 4 / 44
7. Modeling - States
State variables can be used to describe a particular state
State variable Values
door open, closed
tray empty, filled
engine off, on
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 6 / 44
8. Modeling - States
State variables can be used to describe a particular state
State variable Values
door open, closed
tray empty, filled
engine off, on
E.g.:
door=open
engine=on
tray=empty
which stands for “the door is open, the engine is on, and the tray is
empty”.
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 6 / 44
9. Modeling - States
State variables can be used to describe a particular state
State variable Values
door open, closed
tray empty, filled
engine off, on
E.g.:
door=open
engine=on
tray=empty
which stands for “the door is open, the engine is on, and the tray is
empty”.How many different states can we describe with our state
variables ?
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 6 / 44
11. Modeling - Transitions
Transitions describe the evolution of the system. They transform the
“current” state into a “next” state
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 8 / 44
12. Modeling - Transitions
Transitions describe the evolution of the system. They transform the
“current” state into a “next” state
Transition Name
if door=open then door’=closed [close door]
if tray=empty then tray’=full [fill tray]
if
engine=off
then
engine’=on
[start wash]
door=closed tray’=empty
if door=closed then
door’=open
[open door]
engine’=off
var’ indicates the value of var in the next state
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 8 / 44
13. Modeling - Transitions
if door=open then door’=closed [close door]
door=open
engine=off
tray=empty
door=closed
engine=off
tray=empty
close door
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 9 / 44
14. Modeling - Transitions
if door=open then door’=closed [close door]
door=open
engine=off
tray=empty
door=closed
engine=off
tray=empty
close door
if tray=empty then tray’=full [fill tray]
door=open
engine=off
tray=empty
door=open
engine=off
tray=full
fill tray
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 9 / 44
15. Modeling - Transitions
if door=open then door’=closed [close door]
door=open
engine=off
tray=empty
door=closed
engine=off
tray=empty
close door
if tray=empty then tray’=full [fill tray]
door=open
engine=off
tray=empty
door=open
engine=off
tray=full
fill tray
if door=closed then
door’=open
[open door]
engine’=off
door=closed
engine=on
tray=full
door=open
engine=off
tray=full
open door
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 9 / 44
16. Modeling - Transitions
if door=open then door’=closed [close door]
door=open
engine=off
tray=empty
door=closed
engine=off
tray=empty
close door
if tray=empty then tray’=full [fill tray]
door=open
engine=off
tray=empty
door=open
engine=off
tray=full
fill tray
if door=closed then
door’=open
[open door]
engine’=off
door=closed
engine=on
tray=full
door=open
engine=off
tray=full
open door
if
door=closed
then
tray’=empty
[start washing]
engine=off engine’=on
door=closed
engine=off
tray=full
door=closed
engine=on
tray=empty
start washing
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 9 / 44
17. Modeling - (Safety) Property
Last step, we need to model the property
“when the engine is on the door is closed”
It is a safety property: they are easy to define as they are properties
of the states
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 10 / 44
18. Modeling - (Safety) Property
Last step, we need to model the property
“when the engine is on the door is closed”
It is a safety property: they are easy to define as they are properties
of the states
We call bad state (or unsafe state) a state that does not satisfy the
property
door=open
engine=on
tray=full
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 10 / 44
19. Checking (= Reachability)
To establish if a model satisfies a safety property amounts to check if
some bad state is reachable from the set of initial states
This can be done automatically by visiting the set of states that are
reachable from the initial state with the application of a transition
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 11 / 44
20. Checking (= Reachability)
To establish if a model satisfies a safety property amounts to check if
some bad state is reachable from the set of initial states
This can be done automatically by visiting the set of states that are
reachable from the initial state with the application of a transition
Let S(0) be the set of initial states. Algorithmically, it amounts to
implement the following loop (iteration i)
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
T(S(i)) = states that can be reached from S(i) with a transition
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 11 / 44
21. Checking - Forward Reachability - Property Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(0)
BAD
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 12 / 44
22. Checking - Forward Reachability - Property Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(0)
BAD
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 12 / 44
23. Checking - Forward Reachability - Property Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(1)
S(0)
BAD
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 12 / 44
24. Checking - Forward Reachability - Property Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(1)
S(0)
BAD
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 12 / 44
25. Checking - Forward Reachability - Property Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(1)
S(0)
BAD
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 12 / 44
26. Checking - Forward Reachability - Property Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(2)
S(1)
S(0)
BAD
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 12 / 44
27. Checking - Forward Reachability - Property Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(2)
S(1)
S(0)
BAD
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 12 / 44
28. Checking - Forward Reachability - Property Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(2)
S(1)
S(0)
BAD
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 12 / 44
29. Checking - Forward Reachability - Property Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(3)
S(2)
S(1)
S(0)
BAD
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 12 / 44
30. Checking - Forward Reachability - Property Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(3)
S(2)
S(1)
S(0)
BAD
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 12 / 44
31. Checking - Forward Reachability - Property Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(3)
S(2)
S(1)
S(0)
BAD
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 12 / 44
32. Checking - Forward Reachability - Property Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(2)
S(1)
S(0)
BAD
S(4)
≡ S(3)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 12 / 44
33. Checking - Forward Reachability - Property Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(2)
S(1)
S(0)
BAD
S(4)
≡ S(3)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 12 / 44
34. Checking - Forward Reachability - Property Not Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(4)S(3)
S(2)
S(1)
S(0)
BAD
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 13 / 44
35. Checking - Forward Reachability - Property Not Verified
Forward-Reachability
Safety Check If S(i) contains a bad state, return unsafe
Next States Compute S(i+1) := S(i) ∪ T(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(4)S(3)
S(2)
S(1)
S(0)
BAD
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 13 / 44
36. Back to the washing machine
Iteration: 0
door=open
engine=off
tray=empty
door=open
engine=on
tray=full
door=open
engine=on
tray=empty
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 14 / 44
37. Back to the washing machine
Iteration: 1
door=open
engine=off
tray=empty
door=closed
engine=off
tray=empty
door=open
engine=off
tray=full
door=open
engine=on
tray=full
door=open
engine=on
tray=empty
close door
fill tray
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 14 / 44
38. Back to the washing machine
Iteration: 2
door=open
engine=off
tray=empty
door=closed
engine=off
tray=empty
door=open
engine=off
tray=full
door=closed
engine=off
tray=full
door=closed
engine=on
tray=empty
door=open
engine=on
tray=full
door=open
engine=on
tray=empty
close door
fill tray
open door
start washing
fill tray
close door
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 14 / 44
39. Back to the washing machine
Iteration: 3
door=open
engine=off
tray=empty
door=closed
engine=off
tray=empty
door=open
engine=off
tray=full
door=closed
engine=off
tray=full
door=closed
engine=on
tray=empty
door=open
engine=on
tray=full
door=closed
engine=on
tray=full
door=open
engine=on
tray=empty
close door
fill tray
open door
start washing
fill tray
close door
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 14 / 44
40. Back to the washing machine
Iteration: 4 - Fix Point Reached - System is SAFE
door=open
engine=off
tray=empty
door=closed
engine=off
tray=empty
door=open
engine=off
tray=full
door=closed
engine=off
tray=full
door=closed
engine=on
tray=empty
door=open
engine=on
tray=full
door=closed
engine=on
tray=full
door=open
engine=on
tray=empty
close door
fill tray
open door
start washing
fill tray
close door
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 14 / 44
41. Checking - Backward Reachability
Backward-Reachability (S(0) ≡ “bad states”)
Safety Check If S(i) contains an initial, return unsafe
Next States Compute S(i+1) := S(i) ∪ T−1(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(2)
S(1)
S(0)
BAD
S(4)
≡ S(3)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 15 / 44
42. Checking - Backward Reachability
Backward-Reachability (S(0) ≡ “bad states”)
Safety Check If S(i) contains an initial, return unsafe
Next States Compute S(i+1) := S(i) ∪ T−1(S(i))
Fix-Point Check If S(i+1) ≡ S(i), return safe
S(4)
S(3)
S(2)
S(1)
S(0)
BAD
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 15 / 44
43. Implementing a Model-Checker
In order to implement model-checker we need:
1 representing large sets of states
2 computing T(S(i))
3 check if bad states are in S(i)
4 check if S(i) ≡ S(i+1)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 16 / 44
44. Implementing a Model-Checker
In order to implement model-checker we need:
1 representing large sets of states
2 computing T(S(i))
3 check if bad states are in S(i)
4 check if S(i) ≡ S(i+1)
The naive way would be to represent states explicitly (e.g., with a C
struct containing values for state variables)
Very few model-checkers adopt this method (e.g., SPIN)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 16 / 44
45. Implementing a Model-Checker
In order to implement model-checker we need:
1 representing large sets of states
2 computing T(S(i))
3 check if bad states are in S(i)
4 check if S(i) ≡ S(i+1)
The naive way would be to represent states explicitly (e.g., with a C
struct containing values for state variables)
Very few model-checkers adopt this method (e.g., SPIN)
A more powerful approach represents states symbolically, by means
of SAT/SMT-formulæ: each set of states S is represented by a formula
φ such that S corresponds to the models of φ
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 16 / 44
46. Symbolic Model-Checking - Representing States
Examples:
door=open
engine=on
tray=empty
door open ∧ engine on ∧ ¬ tray full
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 17 / 44
47. Symbolic Model-Checking - Representing States
Examples:
door=open
engine=on
tray=empty
door open ∧ engine on ∧ ¬ tray full
door=closed
engine=on
tray=empty
¬ door open ∧ engine on ∧ ¬ tray full
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 17 / 44
48. Symbolic Model-Checking - Representing States
Examples:
door=open
engine=on
tray=empty
door open ∧ engine on ∧ ¬ tray full
door=closed
engine=on
tray=empty
¬ door open ∧ engine on ∧ ¬ tray full
door=open
engine=on
tray=empty
door=closed
engine=on
tray=empty
engine on ∧ ¬ tray full
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 17 / 44
49. Symbolic Model-Checking - Representing States
Examples:
door=open
engine=on
tray=empty
door open ∧ engine on ∧ ¬ tray full
door=closed
engine=on
tray=empty
¬ door open ∧ engine on ∧ ¬ tray full
door=open
engine=on
tray=empty
door=closed
engine=on
tray=empty
engine on ∧ ¬ tray full
Also, it is easy to see that:
S1 ∪ S2 φ1 ∨ φ2
S1 ∩ S2 φ1 ∧ φ2
S1 ⊆ S2 φ1 → φ2
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 17 / 44
50. Symbolic Model-Checking - Representing Transitions
Transitions are also represented as formulæ between state variables and their primed
versions
if
door=closed
then
tray’=empty
[start washing]
engine=off engine’=on
¬door open ∧ ¬engine on ∧ ¬door open’ ∧ engine on’ ∧ ¬tray full’
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 18 / 44
51. Symbolic Model-Checking - Representing Transitions
Transitions are also represented as formulæ between state variables and their primed
versions
if
door=closed
then
tray’=empty
[start washing]
engine=off engine’=on
¬door open ∧ ¬engine on ∧ ¬door open’ ∧ engine on’ ∧ ¬tray full’
This formula says that the following pair of states are related
¬door open ∧ ¬engine on ∧ ¬tray full ¬door open’ ∧ engine on’ ∧ ¬tray full’
¬door open ∧ ¬engine on ∧ tray full ¬door open’ ∧ engine on’ ∧ ¬tray full’
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 18 / 44
52. Symbolic Model-Checking - Computing Next State
From a set of states S(i), represented symbolically by a formula φ(s), and a transition tj,
represented symbolically by a formula ψ(s, s ), the next states tj(S(i)) can be expressed as
∃s. φ(s) ∧ ψ(s, s )
By means of an operation called quantifier elimination, we can remove s. If then we
rename s as s we obtain the symbolic representation of tj(S(i))
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 19 / 44
53. Symbolic Model-Checking - Computing Next State
From a set of states S(i), represented symbolically by a formula φ(s), and a transition tj,
represented symbolically by a formula ψ(s, s ), the next states tj(S(i)) can be expressed as
∃s. φ(s) ∧ ψ(s, s )
By means of an operation called quantifier elimination, we can remove s. If then we
rename s as s we obtain the symbolic representation of tj(S(i))
Example:
φ ≡ ¬door open ∧ ¬engine on
ψ ≡ ¬door open ∧ ¬engine on ∧ ¬door open’ ∧ engine on’ ∧ ¬tray full’
Quantifier elimination of ∃ door open, engine on. φ ∧ ψ is
¬door open’ ∧ engine on’ ∧ ¬tray full’
and therefore
¬door open ∧ engine on ∧ ¬tray full
is tj(S(i)). The whole set of next states T(S(i)) is j tj(S(i))
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 19 / 44
54. Symbolic Model-Checking - Bad states in S(i)
Suppose that φ is the symbolic representation of S(i), and that β is the
symbolic representation of the bad states
checking if some bad state is in S(i) can be simply done with
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 20 / 44
55. Symbolic Model-Checking - Bad states in S(i)
Suppose that φ is the symbolic representation of S(i), and that β is the
symbolic representation of the bad states
checking if some bad state is in S(i) can be simply done with
φ ∧ β is satisfiable ?
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 20 / 44
56. Symbolic Model-Checking - Fix point test
Suppose that φi is the symbolic representation of S(i) and that φi+1 is
the symbolic representation of S(i+1) how do I that S(i) ≡ S(i+1) ?
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 21 / 44
57. Symbolic Model-Checking - Fix point test
Suppose that φi is the symbolic representation of S(i) and that φi+1 is
the symbolic representation of S(i+1) how do I that S(i) ≡ S(i+1) ?
First of all, notice that S(i) ≡ S(i+1) if and only if
S(i)
⊆ S(i+1)
and S(i+1)
⊆ S(i)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 21 / 44
58. Symbolic Model-Checking - Fix point test
Suppose that φi is the symbolic representation of S(i) and that φi+1 is
the symbolic representation of S(i+1) how do I that S(i) ≡ S(i+1) ?
First of all, notice that S(i) ≡ S(i+1) if and only if
S(i)
⊆ S(i+1)
and S(i+1)
⊆ S(i)
S(i) ⊆ S(i+1) always holds (explored states grow monotonically)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 21 / 44
59. Symbolic Model-Checking - Fix point test
Suppose that φi is the symbolic representation of S(i) and that φi+1 is
the symbolic representation of S(i+1) how do I that S(i) ≡ S(i+1) ?
First of all, notice that S(i) ≡ S(i+1) if and only if
S(i)
⊆ S(i+1)
and S(i+1)
⊆ S(i)
S(i) ⊆ S(i+1) always holds (explored states grow monotonically)
S(i+1) ⊆ S(i) can be perfomed with the following check
φi+1 → φi is a tautology ? or equivalently
φi+1 ∧ ¬φi is unsafisfiable ?
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 21 / 44
60. Symbolic Model-Checking - Summary
Model-Checking can be implemented by representing states and
transitions symbolically with SAT/SMT-formulæ
Next states T(S(i)) can be computed using quantifier elimination
Presence of bad states can be computed with a satisfiability call of the
form φ ∧ β
Fix-point check can be computed with a satisfiability call of the form
φi+1 ∧ ¬φi
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 22 / 44
61. Symbolic Model-Checking - Termination
Forward-Reachability
Safety Check If φi ∧ β is satisfiable, return unsafe
Next States Compute φi+1 with quantifier elimination
Fix-Point Check If φi+1 ∧ ¬φi is unsatisfiable, return safe
Model-Checking always terminates if the satisfiability tests above
terminates
If the system under inspection is a finite state machine,
everything can be encoded into Booleans, and so they always
terminate (SAT-solver is enough)
If the system has infinite states (e.g., 0 ≤ x ∧ y ≥ 2), it
terminates if everyting can be encoded into a decidable SMT
theory (e.g., LIA) (SMT-Solver necessary)
If quantifiers are needed to express states, then
Forward-Reachability might not terminate (SMT-Solver plus
clever way of handling quantifiers)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 23 / 44
63. mcmt: Model-Checking Modulo Theories
mcmt is a Model-Checker invented and developed by S. Ghilardi and
S. Ranise et al. (see http://www.dsi.unimi.it/ ghilardi/mcmt/ for
complete and precise acknowledgements)
It implements a Symbolic Backward-Reachability algorithm (it relies
on yices)
It was invented to handle safety properties for distributed algorithms
(protocols), which are infinite-state systems
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 25 / 44
64. mcmt demo
The following example is taken from the tutorial
Model Checking Modulo Theories: Theory and Practice
available at http://st.fbk.eu/MCMTtutorial
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 26 / 44
65. A simple protocol
Description
l = 1start
l = 2
l = 3
l = 4
No data, only locations
All processes start from the 1st location
A process in location 3 is inside the critical
section
We want to check if the protocol ensures the
mutual exclusion, i.e., at most one process is
inside the critical section
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 27 / 44
66. A simple protocol
Variable
l = 1start
l = 2
l = 3
l = 4
One local variable l
:smt (define-type locations (subrange 1 4))
:local l locations
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 28 / 44
67. A simple protocol
Initial configuration
l = 1start
l = 2
l = 3
l = 4
All processes start in location 1
∀x.(l[x] = 1)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 29 / 44
68. A simple protocol
Initial configuration
l = 1start
l = 2
l = 3
l = 4
All processes start in location 1
∀x.(l[x] = 1)
:initial
:var x
:cnj (= l[x] 1)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 29 / 44
69. A simple protocol
Unsafe configuration
l = 1start
l = 2
l = 3
l = 4
Mutual exclusion: At most one process is in
location 3
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 30 / 44
70. A simple protocol
Unsafe configuration
l = 1start
l = 2
l = 3
l = 4
Mutual exclusion: At most one process is in
location 3
U := ∃z1, z2. (l[z1] = 3 ∧ l[z2] = 3 ∧ z1 = z2)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 30 / 44
71. A simple protocol
Unsafe configuration
l = 1start
l = 2
l = 3
l = 4
Mutual exclusion: At most one process is in
location 3
U := ∃z1, z2. (l[z1] = 3 ∧ l[z2] = 3 ∧ z1 = z2)
:unsafe
:var z1
:var z2
:cnj (= l[z1] 3) (= l[z2] 3)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 30 / 44
72. A simple protocol
Transitions
l = 1start
l = 2
l = 3
l = 4
A process in location 1 moves to location 2
τ1 := ∃x.
l[x] = 1 ∧
l = λj. (if (x = j) then 2 else l[j])
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 31 / 44
73. A simple protocol
Transitions
l = 1start
l = 2
l = 3
l = 4
A process in location 1 moves to location 2
τ1 := ∃x.
l[x] = 1 ∧
l = λj. (if (x = j) then 2 else l[j])
:transition
:var x
:var j
:guard (= l[x] 1)
:numcases 2
:case (= x j)
:val 2
:case (not (= x j))
:val l[j]
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 31 / 44
74. A simple protocol
Transitions
l = 1start
l = 2
l = 3
l = 4
:transition
:var x
:var j
:guard (= l[x] 1)
:numcases 2
:case (= x j)
:val 2
:case (not (= x j))
:val l[j]
:transition
:var x
:var j
:guard (= l[x] 3)
:numcases 2
:case (= x j)
:val 4
:case (not (= x j))
:val l[j]
:transition
:var x
:var j
:guard (= l[x] 2)
:numcases 2
:case (= x j)
:val 3
:case (not (= x j))
:val l[j]
:transition
:var x
:var j
:guard (= l[x] 4)
:numcases 2
:case (= x j)
:val 1
:case (not (= x j))
:val l[j]
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 32 / 44
75. A simple protocol
Execution
l = 1start
l = 2
l = 3
l = 4
$ ./mcmt simple unsafe.in
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 33 / 44
76. A simple protocol
Execution - Get informations from counterexample
[...]
Doing state space exploration...
node 1= [t2_1][0]
node 2= [t1_1][t2_1][0]
node 3= [t2_2][t2_1][0]
node 4= [t2_2][t1_1][t2_1][0]
node 5= [t4_1][t1_1][t2_1][0]
node 6= [t1_2][t2_2][t1_1][t2_1][0]
=============================================================================
System is UNSAFE!
[...]
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 34 / 44
77. A simple protocol
Counterexample analysis from trace
Initial state: ∀i. ( l[i] = 1 )
Unsafe state: ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
Counter-example: node 6 = [t1_2][t2_2][t1_1][t2_1][0]
τ2 := ∃x.
l[x] = 2 ∧
l = λj. (if (x = j) then 3 else l[j])
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 35 / 44
78. A simple protocol
Counterexample analysis from trace
Initial state: ∀i. ( l[i] = 1 )
Unsafe state: ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
Counter-example: node 6 = [t1_2][t2_2][t1_1][t2_1][0]
τ2 := ∃x.
l[x] = 2 ∧
l = λj. (if (x = j) then 3 else l[j])
z1 z2
l = 3 l = 3
[0] ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 35 / 44
79. A simple protocol
Counterexample analysis from trace
Initial state: ∀i. ( l[i] = 1 )
Unsafe state: ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
Counter-example: node 6 = [t1_2][t2_2][t1_1][t2_1][0]
τ2 := ∃x.
l[x] = 2 ∧
l = λj. (if (x = j) then 3 else l[j])
z1 z2
l = 3 l = 3
[0] ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 35 / 44
80. A simple protocol
Counterexample analysis from trace
Initial state: ∀i. ( l[i] = 1 )
Unsafe state: ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
Counter-example: node 6 = [t1_2][t2_2][t1_1][t2_1][0]
τ2 := ∃x.
l[x] = 2 ∧
l = λj. (if (x = j) then 3 else l[j])
z1 z2
l = 2 l = 3
[0] ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
[t2_1] ∃z1, z2. ( l[z1] = 2 ∧ l[z2] = 3 )
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 35 / 44
81. A simple protocol
Counterexample analysis from trace
Initial state: ∀i. ( l[i] = 1 )
Unsafe state: ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
Counter-example: node 6 = [t1_2][t2_2][t1_1][t2_1][0]
τ1 := ∃x.
l[x] = 1 ∧
l = λj. (if (x = j) then 2 else l[j])
z1 z2
l = 2 l = 3
[0] ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
[t2_1] ∃z1, z2. ( l[z1] = 2 ∧ l[z2] = 3 )
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 35 / 44
87. Another simple protocol
Description
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
Like before, but with a global flag c that
takes care of mutual exclusion
All processes start from the 1st location
A process in location 3 is inside the critical
section
We want to check if the protocol ensures the
mutual exclusion, i.e., at most one process is
inside the critical section
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 36 / 44
88. Another simple protocol
Variable(s)
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
One local variable l
:smt (define-type locations (subrange 1 4))
:smt (define-type counter (subrange 1 2))
:local l location
:global c counter
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 37 / 44
89. Another simple protocol
Initial configuration
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
All processes start in location 1, with counter
set to 1
∀x. ( l[x] = 1 ∧ c[x] = 1 )
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 38 / 44
90. Another simple protocol
Initial configuration
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
All processes start in location 1, with counter
set to 1
∀x. ( l[x] = 1 ∧ c[x] = 1 )
:initial
:var x
:cnj (= l[x] 1) (= c[x] 1)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 38 / 44
91. Another simple protocol
Unsafe configuration
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
Mutual exclusion: At most one process is in
location 3
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 39 / 44
92. Another simple protocol
Unsafe configuration
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
Mutual exclusion: At most one process is in
location 3
U := ∃z1, z2. (l[z1] = 3 ∧ l[z2] = 3 ∧ z1 = z2)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 39 / 44
93. Another simple protocol
Unsafe configuration
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
Mutual exclusion: At most one process is in
location 3
U := ∃z1, z2. (l[z1] = 3 ∧ l[z2] = 3 ∧ z1 = z2)
:unsafe
:var z1
:var z2
:cnj (= l[z1] 3) (= l[z2] 3)
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 39 / 44
94. Another simple protocol
Transitions
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
τ2 := ∃x.
l[x] = 2 ∧ c[x] = 1 ∧
l = λj. (if (x = j) then 3 else l[j])
c = λj.2
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 40 / 44
95. Another simple protocol
Transitions
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
τ2 := ∃x.
l[x] = 2 ∧ c[x] = 1 ∧
l = λj. (if (x = j) then 3 else l[j])
c = λj.2
:transition
:var x
:var j
:guard (= l[x] 2) (= c[x] 1)
:numcases 2
:case (= x j)
:val 3
:val 2
:case (not (= x j))
:val l[j]
:val 2
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 40 / 44
96. Another simple protocol
Transitions
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
:transition
:var x
:var j
:guard (= l[x] 1)
:numcases 2
:case (= x j)
:val 2
:val c[x]
:case (not (= x j))
:val l[j]
:val c[x]
:transition
:var x
:var j
:guard (= l[x] 3) (= c[x] 2)
:numcases 2
:case (= x j)
:val 4
:val 1
:case (not (= x j))
:val l[j]
:val 1
:transition
:var x
:var j
:guard (= l[x] 2) (= c[x] 1)
:numcases 2
:case (= x j)
:val 3
:val 2
:case (not (= x j))
:val l[j]
:val 2
:transition
:var x
:var j
:guard (= l[x] 4)
:numcases 2
:case (= x j)
:val 1
:val c[j]
:case (not (= x j))
:val l[j]
:val c[j]
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 41 / 44
97. Another simple protocol
Execution
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
$ ./mcmt simple safe.in
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 42 / 44
98. Another simple protocol
Execution
[...]
Doing state space exploration...
node 1 = [t2_1][0]
node 2 = [t1_1][t2_1][0]
node 3 = [t4_1][t1_1][t2_1][0]
=============================================================================
Global fixpoint reached!
System is SAFE!
[...]
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 43 / 44
99. A simple protocol
Set of (un)reachable states
Initial state: ∀i. ( l[i] = 1 ∧ c[i] = 1 )
Unsafe state: ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
t1
t2
t3
t4
l = 3 l = 3
τ1 := ∃x.
l[x] = 1 ∧
l = λj. (if (x = j) then 2 else l[j])
c = λj.c[j]
τ2 := ∃x.
l[x] = 2 ∧ c[x] = 1 ∧
l = λj. (if (x = j) then 3 else l[j])
c = λj.2
τ3 := ∃x.
l[x] = 3 ∧ c[x] = 2 ∧
l = λj. (if (x = j) then 4 else l[j])
c = λj.1
τ4 := ∃x.
l[x] = 4 ∧
l = λj. (if (x = j) then 1 else l[j])
c = λj.c[j]
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 44 / 44
100. A simple protocol
Set of (un)reachable states
Initial state: ∀i. ( l[i] = 1 ∧ c[i] = 1 )
Unsafe state: ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
t1
t2
t3
t4
l = 2
c = 1
l = 3
c = 1
l = 3 l = 3
t2 z1
τ1 := ∃x.
l[x] = 1 ∧
l = λj. (if (x = j) then 2 else l[j])
c = λj.c[j]
τ2 := ∃x.
l[x] = 2 ∧ c[x] = 1 ∧
l = λj. (if (x = j) then 3 else l[j])
c = λj.2
τ3 := ∃x.
l[x] = 3 ∧ c[x] = 2 ∧
l = λj. (if (x = j) then 4 else l[j])
c = λj.1
τ4 := ∃x.
l[x] = 4 ∧
l = λj. (if (x = j) then 1 else l[j])
c = λj.c[j]
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 44 / 44
101. A simple protocol
Set of (un)reachable states
Initial state: ∀i. ( l[i] = 1 ∧ c[i] = 1 )
Unsafe state: ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
t1
t2
t3
t4
l = 1
c = 1
l = 3
c = 1
l = 2
c = 1
l = 3
c = 1
l = 3 l = 3
t1 z1
t2 z1
τ1 := ∃x.
l[x] = 1 ∧
l = λj. (if (x = j) then 2 else l[j])
c = λj.c[j]
τ2 := ∃x.
l[x] = 2 ∧ c[x] = 1 ∧
l = λj. (if (x = j) then 3 else l[j])
c = λj.2
τ3 := ∃x.
l[x] = 3 ∧ c[x] = 2 ∧
l = λj. (if (x = j) then 4 else l[j])
c = λj.1
τ4 := ∃x.
l[x] = 4 ∧
l = λj. (if (x = j) then 1 else l[j])
c = λj.c[j]
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 44 / 44
102. A simple protocol
Set of (un)reachable states
Initial state: ∀i. ( l[i] = 1 ∧ c[i] = 1 )
Unsafe state: ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
t1
t2
t3
t4
l = 4
c = 1
l = 3
c = 1
l = 1
c = 1
l = 3
c = 1
l = 2
c = 1
l = 3
c = 1
l = 3 l = 3
t4 z1
t1 z1
t2 z1
τ1 := ∃x.
l[x] = 1 ∧
l = λj. (if (x = j) then 2 else l[j])
c = λj.c[j]
τ2 := ∃x.
l[x] = 2 ∧ c[x] = 1 ∧
l = λj. (if (x = j) then 3 else l[j])
c = λj.2
τ3 := ∃x.
l[x] = 3 ∧ c[x] = 2 ∧
l = λj. (if (x = j) then 4 else l[j])
c = λj.1
τ4 := ∃x.
l[x] = 4 ∧
l = λj. (if (x = j) then 1 else l[j])
c = λj.c[j]
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 44 / 44
103. A simple protocol
Set of (un)reachable states
Initial state: ∀i. ( l[i] = 1 ∧ c[i] = 1 )
Unsafe state: ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
t1
t2
t3
t4
l = 3
c = 2
l = 3
c = 2
l = 4
c = 1
l = 3
c = 1
l = 1
c = 1
l = 3
c = 1
l = 2
c = 1
l = 3
c = 1
l = 3 l = 3
t3 z1
t4 z1
t1 z1
t2 z1
τ1 := ∃x.
l[x] = 1 ∧
l = λj. (if (x = j) then 2 else l[j])
c = λj.c[j]
τ2 := ∃x.
l[x] = 2 ∧ c[x] = 1 ∧
l = λj. (if (x = j) then 3 else l[j])
c = λj.2
τ3 := ∃x.
l[x] = 3 ∧ c[x] = 2 ∧
l = λj. (if (x = j) then 4 else l[j])
c = λj.1
τ4 := ∃x.
l[x] = 4 ∧
l = λj. (if (x = j) then 1 else l[j])
c = λj.c[j]
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 44 / 44
104. A simple protocol
Set of (un)reachable states
Initial state: ∀i. ( l[i] = 1 ∧ c[i] = 1 )
Unsafe state: ∃z1, z2. ( l[z1] = 3 ∧ l[z2] = 3 )
l = 1
c = 1start
l = 2
c = 1
l = 3
c = 2
l = 4
c = 1
t1
t2
t3
t4
l = 4
c = 1
l = 3
c = 1
l = 1
c = 1
l = 3
c = 1
l = 2
c = 1
l = 3
c = 1
l = 3 l = 3
t4 z1
t1 z1
t2 z1
τ1 := ∃x.
l[x] = 1 ∧
l = λj. (if (x = j) then 2 else l[j])
c = λj.c[j]
τ2 := ∃x.
l[x] = 2 ∧ c[x] = 1 ∧
l = λj. (if (x = j) then 3 else l[j])
c = λj.2
τ3 := ∃x.
l[x] = 3 ∧ c[x] = 2 ∧
l = λj. (if (x = j) then 4 else l[j])
c = λj.1
τ4 := ∃x.
l[x] = 4 ∧
l = λj. (if (x = j) then 1 else l[j])
c = λj.c[j]
R. Bruttomesso (SMT) Intro to MC 15 Dicembre 2011 44 / 44