Clark Barrett | New York University (original) (raw)

Papers by Clark Barrett

The annual Satisfiability Modulo Theories Competition (SMT-COMP) is held to spur advances in SMT ... more The annual Satisfiability Modulo Theories Competition (SMT-COMP) is held to spur advances in SMT solver implementations on benchmark formulas of practical interest. Public competitions are a well-known means of stimulating advancement in software tools. For example, in automated reasoning, the CASC and SAT competitions for first-order and propositional reasoning tools, respectively, have spurred significant innovation in their fields [7, 5]. More information on the history and motivation for SMT-COMP can be found at the ...

Lecture Notes in Computer Science, 2011

Satisfiability modulo theories (SMT) is a branch of automated reasoning that builds on advances i... more Satisfiability modulo theories (SMT) is a branch of automated reasoning that builds on advances in propositional satisfiability and on decision procedures for first-order reasoning. Its defining feature is the use of reasoning methods specific to logical theories of interest in target applications. Advances in SMT research and technology have led in the last few years to the development of very powerful satisfiability solvers and to an explosion of applications. SMT solvers are now used for processor verification, equivalence checking, bounded and ...

Formal Methods in System Design, 2007

Journal of Automated Reasoning, 2006

Lecture Notes in Computer Science, 2005

Workshop: July, Jul 7, 2008

This volume contains the proceedings of SMT 2008, the 6th International Workshop on Satisfiabilit... more This volume contains the proceedings of SMT 2008, the 6th International Workshop on Satisfiability Modulo Theories, held in Princeton, New Jersey on July 7-8, 2008. The workshop was affiliated with the 20th International Conference on Computer-Aided Verification (CAV 2008). The primary goal of the workshop was to bring together both researchers and users of SMT technology and provide them with a forum for presenting and discussing theoretical ideas, implementation and evaluation techniques, and applications. ...

Abstract Satisfiability Modulo Theories (SMT) solvers are large and complicated pieces of code. A... more Abstract Satisfiability Modulo Theories (SMT) solvers are large and complicated pieces of code. As a result, ensuring their correctness is challenging. In this paper, we discuss a technique for ensuring soundness by producing and checking proofs. We give details of our implementation using CVC3 and HOL Light and provide initial results from our effort to certify the SMT-LIB benchmarks.

Software that can produce independently checkable evidence for the correctness of its output has ... more Software that can produce independently checkable evidence for the correctness of its output has received recent attention for use in certifying compilers and proof-carrying code. CVC (Cooperating Validity Checker) is a proof-producing validity checker for a decidable fragment of first-order logic enriched with background theories. This paper describes how proofs of valid formulas are produced from the decision procedure for linear real arithmetic implemented in CVC.

Abstract Inductive data types are a valuable modeling tool for software verification. In the past... more Abstract Inductive data types are a valuable modeling tool for software verification. In the past, decision procedures have been proposed for various theories of inductive data types, some focused on the universal fragment, and some focused on handling arbitrary quantifiers. Because of the complexity of the full theory, previous work on the full theory has not focused on strategies for practical implementation. However, even for the universal fragment, previous work has been limited in several significant ways.

Proof Sketch: Let C0be the free constants shared by Γ1 and Γ2. Let A be a Σ1 (C)∪ Σ2 (C)-model of... more Proof Sketch: Let C0be the free constants shared by Γ1 and Γ2. Let A be a Σ1 (C)∪ Σ2 (C)-model of T1∪ T2∪ Γ1∪ Γ2. Let∆={c≈ d| c, d∈ C0, cA= dA}∪{c≈ d| c, d∈ C0, cA= dA}. The set∆ is a possible arrangement of C0. Moreover, AΣi (C)|= Ti∪ Γi∪∆ for i= 1, 2. So the procedure will return sat for∆'s choice.

Abstract. One of the main shortcomings of the traditional methods for combining theories is the c... more Abstract. One of the main shortcomings of the traditional methods for combining theories is the complexity of guessing the arrangement of the variables shared by the individual theories. This paper presents a reformulation of the Nelson-Oppen method that takes into account explicit equality propagation and can ignore pairs of shared variables that the theories do not care about. We show the correctness of the new approach and present care functions for the theory of uninterpreted functions and the theory of arrays.

The classic method of Nelson and Oppen for combining decision procedures requires the theories to... more The classic method of Nelson and Oppen for combining decision procedures requires the theories to be stably-infinite. Unfortunately, some important theories do not fall into this category (eg the theory of bit-vectors). To remedy this problem, previous work introduced the notion of polite theories. Polite theories can be combined with any other theory using an extension of the Nelson-Oppen approach. In this paper we revisit the notion of polite theories, fixing a subtle flaw in the original definition.

It is well known that the use of points-to information can substantially improve the accuracy of ... more It is well known that the use of points-to information can substantially improve the accuracy of a static program analysis. Commonly used algorithms for computing points-to information are known to be sound only for memory-safe programs. Thus, it appears problematic to utilize points-to information to verify the memory safety property without giving up soundness. We show that a sound combination is possible, even if the points-to information is computed separately and only conditionally sound.

A decision procedure for arbitrary first-order formulas can be viewed as combining a propositiona... more A decision procedure for arbitrary first-order formulas can be viewed as combining a propositional search with a decision procedure for conjunctions of first-order literals, so Boolean SAT methods can be used for the propositional search in order to improve the performance of the overall decision procedure. We show how to combine some Boolean SAT methods with non-clausal heuristics developed for first-order decision procedures. The combination of methods leads to a smaller number of decisions than either method alone.

The original version promises three main things: 1. For theories T which meet the criteria (we wi... more The original version promises three main things: 1. For theories T which meet the criteria (we will call these Shostak theories), the method gives a decision procedure for quantifier-free T-satisfiability. 2. The method has the theory TE “built-in”, so for any Shostak theory T, the method gives a decision procedure for quantifier-free T∪ TE-satisfiability. 3. Any two Shostak theories T1 and T2 can be combined to form a new Shostak theory T1∪ T2.

The annual Satisfiability Modulo Theories Competition (SMT-COMP) is held to spur advances in SMT ... more The annual Satisfiability Modulo Theories Competition (SMT-COMP) is held to spur advances in SMT solver implementations on benchmark formulas of practical interest. Public competitions are a well-known means of stimulating advancement in software tools. For example, in automated reasoning, the CASC and SAT competitions for first-order and propositional reasoning tools, respectively, have spurred significant innovation in their fields [7, 5]. More information on the history and motivation for SMT-COMP can be found at the ...

Lecture Notes in Computer Science, 2011

Satisfiability modulo theories (SMT) is a branch of automated reasoning that builds on advances i... more Satisfiability modulo theories (SMT) is a branch of automated reasoning that builds on advances in propositional satisfiability and on decision procedures for first-order reasoning. Its defining feature is the use of reasoning methods specific to logical theories of interest in target applications. Advances in SMT research and technology have led in the last few years to the development of very powerful satisfiability solvers and to an explosion of applications. SMT solvers are now used for processor verification, equivalence checking, bounded and ...

Formal Methods in System Design, 2007

Journal of Automated Reasoning, 2006

Lecture Notes in Computer Science, 2005

Workshop: July, Jul 7, 2008

This volume contains the proceedings of SMT 2008, the 6th International Workshop on Satisfiabilit... more This volume contains the proceedings of SMT 2008, the 6th International Workshop on Satisfiability Modulo Theories, held in Princeton, New Jersey on July 7-8, 2008. The workshop was affiliated with the 20th International Conference on Computer-Aided Verification (CAV 2008). The primary goal of the workshop was to bring together both researchers and users of SMT technology and provide them with a forum for presenting and discussing theoretical ideas, implementation and evaluation techniques, and applications. ...

Abstract Satisfiability Modulo Theories (SMT) solvers are large and complicated pieces of code. A... more Abstract Satisfiability Modulo Theories (SMT) solvers are large and complicated pieces of code. As a result, ensuring their correctness is challenging. In this paper, we discuss a technique for ensuring soundness by producing and checking proofs. We give details of our implementation using CVC3 and HOL Light and provide initial results from our effort to certify the SMT-LIB benchmarks.

Software that can produce independently checkable evidence for the correctness of its output has ... more Software that can produce independently checkable evidence for the correctness of its output has received recent attention for use in certifying compilers and proof-carrying code. CVC (Cooperating Validity Checker) is a proof-producing validity checker for a decidable fragment of first-order logic enriched with background theories. This paper describes how proofs of valid formulas are produced from the decision procedure for linear real arithmetic implemented in CVC.

Abstract Inductive data types are a valuable modeling tool for software verification. In the past... more Abstract Inductive data types are a valuable modeling tool for software verification. In the past, decision procedures have been proposed for various theories of inductive data types, some focused on the universal fragment, and some focused on handling arbitrary quantifiers. Because of the complexity of the full theory, previous work on the full theory has not focused on strategies for practical implementation. However, even for the universal fragment, previous work has been limited in several significant ways.

Proof Sketch: Let C0be the free constants shared by Γ1 and Γ2. Let A be a Σ1 (C)∪ Σ2 (C)-model of... more Proof Sketch: Let C0be the free constants shared by Γ1 and Γ2. Let A be a Σ1 (C)∪ Σ2 (C)-model of T1∪ T2∪ Γ1∪ Γ2. Let∆={c≈ d| c, d∈ C0, cA= dA}∪{c≈ d| c, d∈ C0, cA= dA}. The set∆ is a possible arrangement of C0. Moreover, AΣi (C)|= Ti∪ Γi∪∆ for i= 1, 2. So the procedure will return sat for∆'s choice.

Abstract. One of the main shortcomings of the traditional methods for combining theories is the c... more Abstract. One of the main shortcomings of the traditional methods for combining theories is the complexity of guessing the arrangement of the variables shared by the individual theories. This paper presents a reformulation of the Nelson-Oppen method that takes into account explicit equality propagation and can ignore pairs of shared variables that the theories do not care about. We show the correctness of the new approach and present care functions for the theory of uninterpreted functions and the theory of arrays.

The classic method of Nelson and Oppen for combining decision procedures requires the theories to... more The classic method of Nelson and Oppen for combining decision procedures requires the theories to be stably-infinite. Unfortunately, some important theories do not fall into this category (eg the theory of bit-vectors). To remedy this problem, previous work introduced the notion of polite theories. Polite theories can be combined with any other theory using an extension of the Nelson-Oppen approach. In this paper we revisit the notion of polite theories, fixing a subtle flaw in the original definition.

It is well known that the use of points-to information can substantially improve the accuracy of ... more It is well known that the use of points-to information can substantially improve the accuracy of a static program analysis. Commonly used algorithms for computing points-to information are known to be sound only for memory-safe programs. Thus, it appears problematic to utilize points-to information to verify the memory safety property without giving up soundness. We show that a sound combination is possible, even if the points-to information is computed separately and only conditionally sound.

A decision procedure for arbitrary first-order formulas can be viewed as combining a propositiona... more A decision procedure for arbitrary first-order formulas can be viewed as combining a propositional search with a decision procedure for conjunctions of first-order literals, so Boolean SAT methods can be used for the propositional search in order to improve the performance of the overall decision procedure. We show how to combine some Boolean SAT methods with non-clausal heuristics developed for first-order decision procedures. The combination of methods leads to a smaller number of decisions than either method alone.

The original version promises three main things: 1. For theories T which meet the criteria (we wi... more The original version promises three main things: 1. For theories T which meet the criteria (we will call these Shostak theories), the method gives a decision procedure for quantifier-free T-satisfiability. 2. The method has the theory TE “built-in”, so for any Shostak theory T, the method gives a decision procedure for quantifier-free T∪ TE-satisfiability. 3. Any two Shostak theories T1 and T2 can be combined to form a new Shostak theory T1∪ T2.