Problem Solving for the 21st Century Efficient Solvers for Satisfiability Modulo Theories A Knowledge Transfer Report from the London Mathematical Society and Smith Institute for Industrial Mathematics and System Engineering By Clark Barrett, Daniel Kroening and Tom Melham Copyright © 2014 by Clark Barrett, Daniel Kroening and Tom Melham Front cover image credits: Top left: Nataliya Hora / Shutterstock.com Top right: Mile Atanasov / Shutterstock.com Bottom left: G Tipene / Shutterstock.com Background: Serg64 / Shutterstock.com PROBLEM SOLVING FOR THE 21ST CENTURY Efficient Solvers for Satisfiability Modulo Theories By Clark Barrett, Daniel Kroening and Tom Melham Contents Page Executive Summary 3 Problem Solving with Satisfiability Modulo Theories 4 Success Stories 6 SMT in Depth 13 Current Challenges 17 Next Steps 18 Appendix 1: Business Solutions using SMT 19 Appendix 2: Active Researchers and Practitioner Groups 19 Appendix 3: SMT Solvers 22 References 23 June 2014 A Knowledge Transfer Report from the London Mathematical Society and the Smith Institute for Industrial Mathematics and System Engineering Edited by Robert Leese and Tom Melham London Mathematical Society, De Morgan House, 57–58 Russell Square, London WC1B 4HS Smith Institute, Surrey Technology Centre, Surrey Research Park, Guildford GU2 7YG 2 PROBLEM SOLVING FOR THE 21ST CENTURY Efficient Solvers for Satisfiability Modulo Theories AUTHORS Clark Barrett is Associate Professor of Computer Science at New York University. He received his PhD from Stanford University in 2003, advised by David Dill. His PhD thesis laid the groundwork for the architecture of modern Satisfiability Modulo Theories (SMT) solvers. He has written numerous articles on SMT and has built several SMT systems, the latest of which is CVC4. Professor Barrett was a founder of the SMT competition, and helps lead the SMT-LIB initiative, an effort to create standards and develop resources for the SMT community. He received the IBM Software Quality Innovation Award in 2008 for the CVC3 SMT solver, and he was a recipient of the Haifa Verification Conference award in 2010 for his pioneering work in SMT. cs.nyu.edu/˜barrett/ [email protected] Daniel Kroening is Professor of Computer Science at the University of Oxford and a Fellow of Magdalen College. He has received the M.E. and doctoral degrees in computer science from the University of Saarland in 1999 and 2001, respectively. He joined the Model Check- ing group in the Computer Science Department at Carnegie Mellon University in 2001 as a Postdoctoral Researcher, and was assistant professor at the Swiss Technical Institute in Zurich from 2004 to 2007. His research interests include automated formal verification of hardware and software systems, program analysis, automated testing, decision proce- dures, embedded systems, and hardware/software co-design. www.kroening.com [email protected] Tom Melham is Professor of Computer Science at the University of Oxford and a Fellow of Balliol College, where he is Tutor in Computation. He is also Associate Head (Research) of Oxford’s Mathematics, Physical and Life Sciences Division. Melham received his PhD from the University of Cambridge in 1990 for his foundational research in mechanised reason- ing. He was appointed to a Professorship of Computing Science at Glasgow in 1998, before moving to Oxford in 2002. Melham’s research expertise includes deductive theorem prov- ing, software architectures for formal reasoning tools, verification of software, firmware and hardware, formal modelling of systems, combined model checking and theorem proving, abstraction techniques, and integrating formal verification into hardware design methodolo- gies. He works closely with leading companies in microelectronics design on advanced tools and methods for chip design validation. www.cs.ox.ac.uk/tom.melham/ [email protected] A KNOWLEDGE TRANSFER REPORT FROM 3 THE LMS AND THE SMITH INSTITUTE Executive Summary What is the best way to allocate technique with wide applications in The core SMT algorithms are assets across an investment modern company management and generic and not special to a portfolio to minimise risk? How microeconomics. First used in particular problem. So, end-users should an airline, operating on earnest for planning in World War who can frame their practical razor-thin profit margins, assign II, linear programming has been a business and industrial problems in flight crew to flights to minimise mainstay of business and industry a mathematical way suitable for costs—at the same time meeting since the 1950s. SMT automatically benefit from regulations and ensuring the intense investment by the highly schedule is robust? What is the skilled technical specialists who most effective way to test a Enter SMT develop SMT algorithms, a smart software system in a limited time? way to tap into a sophisticated Are there any unforseen security Over the past decade, a new and technology that is improving by holes in a new business-critical revolutionary problem-solving leaps and bounds every year. computer system? technology has emerged: Satisfiability Modulo Theories, or To exploit SMT effectively, you have All these practical problems involve ‘SMT’ for short. Like linear to express the problem to be solved finding solutions to complex programming, it is a computerised in the right mathematical way. systems of constraining method for finding solutions to Some types of problems have requirements that can be business and industrial problems well-understood translations into formulated mathematically. The expressed mathematically by SMT, so the technology is ready for task resembles problem-solving in systems of constraints. But SMT early adoption by at least some school maths: formulate some can handle a richer language of enterprises seeking competitive equations that relate quantities in constraints than linear advantage. SMT solutions to other the problem to be solved, and then programming, and the method kinds of problems are the subject of find the right values for the encompasses a more varied range active academic and industrial variables that make the equations of mathematical concepts—so it research—and many more lie true. In business and industry, has the flexibility to tackle many awaiting creative discovery. however, the problems are vastly different kinds of problems. larger and the mathematics much This report explains the more complex and varied. With established success in the background to SMT technology and engineering design of computer presents several success stories. These important problems cannot chips, software that implements Our aim is to give a sense of the be solved by hand, but must be SMT does have limits to the size of potential of SMT as an effective tackled by computer software problem it can handle—but it has solution to some of today’s algorithms. A prominent example is also seen truly astonishing problems—and a unique emerging linear programming, a increases in speed and capacity technology to watch in the future. mathematical optimisation over the past decade. 4 PROBLEM SOLVING FOR THE 21ST CENTURY Efficient Solvers for Satisfiability Modulo Theories Problem Solving with Satisfiability Modulo Theories Computerised problem solving is usually numerical and requirements than conventional optimisation the practical science of using are expressed by linear constraints. methods. The technology has computer algorithms to identify, Linear programming and other already established its practical from among a class of potential mainstream optimisation credentials in the extremely alternatives, a solution that meets a techniques are in daily use in challenging world of digital circuit complex set of requirements. It business, industry, engineering, engineering, where it is used to begins with a real-world problem economics and management. mitigate the risk of expensive that can be formulated There are dozens of commercial design errors. And, although mathematically as a collection of and open-source software commercial SMT solutions are rare, conditions, or ‘constraints’. packages for optimisation, including there are a number of A computer program then carries specialised mathematical modelling high-performance academic out mathematical calculations or tools, as well as the ‘solvers’ software packages available for reasoning to produce a solution themselves. research and commercial use. that meets these requirements, if one exists. This report introduces a potentially The distinctive strength of SMT revolutionary, but still emerging, partly lies in the way it can handle Mathematical optimisation methods problem-solving technology, complex combinations of individual are an important class of Satisfiability Modulo Theories, constraints. Requirements don’t problem-solving methods that seek normally just called ‘SMT’ for short. have to just impose some individual a ‘best’ solution. The most With its roots in computer science conditions simultaneously: ‘C1 prominent is linear programming, in and mathematical logic, SMT takes must hold and C2 must hold and which the solutions sought are a completely different approach C3 must hold’. In SMT, any logical Box 1: The SAT Problem and its History Modern symbolic logic began in the 19th century with Boolean algebra, introduced in 1847 by the English mathematician George Boole [9]. Boolean algebra intro- duced the idea of expressing logical relationships by algebraic formulas. The opera- tions of the algebra include conjunction ‘AND’ and disjunction ‘OR’, together with negation