Satisfiability Modulo Theories

Preconditions

Files: [Slides] [Code skeletons]

We will mostly work with Z3 during this lecture, so please make sure that you can run Z3 on your machine; installation instructions are found here.

Furthermore, if you have not already done so, you may want to refresh your background on first-order predicate logic, preliminaries.

Postconditions

Files: [Slides after class on Sep. 8] [Code after class on Sep. 8]

Files: [Full Slides with solutions] [Full code examples with solutions]

Update: The final slides do not treat equality (=) as a relational symbol. Instead, as in the reading assignment, we treat equality as a fixed interpreted symbol that is always available and has the canonical meaning. Equality is thus not part of the signature anymore; you can always use it. We removed it from signatures in the final slides and on the course page.

Of course you will not be punished if your homework uses the old treatment of equality.

What you should have learned after completing chapter 2:

Basics of propositional and (many sorted) first-order logic (FOL)
What Satisfiability Modulo Theories means
How to use read and write specifications using FOL over built-in or custom theories
How to write simple axiom systems
How to encode problems and theorems to instances of the SAT/SMT problem and solve them with existing solvers

Homework

Reading assignment

The book by Ebbinghaus, Flum, and Thomas pdf gives a detailed introduction to first-order predicate logic. It uses almost the same notation as in the lecture. The main exceptions are:

For substitution, we write $I [x := a]$ instead of $I \frac{a}{x}$ .
For equality, we write $=$ instead of $\equiv$ .
We denote signatures by Σ instead of S (which we use for program statements).
Formulas F are denoted by $φ$ and axiomatic systems AX are denoted by $Φ$ .
Satisfiability modulo theory is denotes as $Φ ⊨ φ$ in the book, where $Φ$ represents the axiomatic system, i.e. it is a set of Σ-sentences.

We list parts of the book that cover the concepts discussed during the lecture below. We recommend reading some of those parts unless you are already closely familiar with first-order logic.

Chapter II introduces the syntax of FOL in more detail
- Chapter II.3: Σ-terms, Σ-formulas
- Chapter II.5: Free variables, Σ-sentences
Chapter III discusses the semantics of FOL
- Chapter III.1: Σ-structures, signatures, and interpretations
- Chapter III.3 discusses the satisfaction relation $⊨$ in more detail
- The book presents satisfiability and validity without taking a theory into account. The notion that a formula F is valid modulo a theory Th given by an axiomatic system AX corresponds to the notation AX |= F in the book. You can read the beginning of Chapter III.4 (p. 32-33) to take another view on these concepts. Our notion of validity modulo theories is found in Lemma 4.4: $Φ ⊨ φ$ iff not $Sat Φ \cup {φ}$ . In words, $φ$ is valid modulo the theory given by axiomatic system $Φ$ if and only if $\neg φ$ is satisfiable modulo the theory given by axiomatic system $Φ$ .
- Chapter III.6 gives examples of axiomatic systems that characterize structures corresponding to various mathematical concepts.

Furthermore, the literature page gives optional references with more information about SAT/SMT solving. In particular, the Z3 tutorials might be useful to you when working on the homework tasks.

The next lecture will be concerned with building practical verifiers. There is no additional material for you to prepare, but make sure that you can work with the concepts and tools we have used lecture 1 and lecture 2.

Tasks

Submission deadline: Thursday, September 22, 12:59 (right before the lecture).

Notice that you have two weeks for completing the homework. The material needed for solving tasks 3 and 4 will be covered in the class on September 15.

Please submit your solutions by pushing all relevant files to the GitLab repository assigned to your group. If you have not been assigned a repository yet, contact the teacher.

Task 1 (2 points): First-order logic

Consider the signature Σ = (Int, +, *, 0, 1), where +, *: Int x Int -> Int are binary function symbols and 0, 1: Int are constant function symbols.

Give a Σ-formula F expressing that $x < y$ holds modulo the theory of Peano arithmetic (without using the symbol <!). That is, for every interpretation $I$ in which all symbols have the canonical meaning, $I ⊨ F$ should hold if and only if the integer $I (x)$ is strictly less than $I (y)$ .

Your formula should not have any free variables other than $x$ and $y$ .

Task 2 (5 points): Axiomatic Systems

In the lecture, we introduced axiomatic systems to specify only those Σ-structures that we are interested in. The goal of this task is to find suitable axiomatic systems for a few interesting classes of Σ-structures.

First, consider the signature Σ = (V, E), where V is some sort. Moreover, E: V x V is a binary relational symbol.

(a) Give an axiomatic system AX describing all undirected graphs without self-loops.

(b) Give an axiomatic system AX describing all structures Σ = (V, E) in which E represents a total order of the elements of V.

(c) Give an axiomatic system AX describing all structures with more than two elements, that is, those structures Σ = (V, E) such that |V| > 2.

Now, consider the signature Σ = (Array, Int, get, put), where Array and Int are sorts. Moreover, get: Array x Int -> Int and put: Array x Int x Int -> Array are function symbols.

(d) Give an axiomatic system AX describing (unbounded) arrays (elements of sort Array) of integers (elements of sort Int) using the above signature. Here, get(A, i) represents the i-th value of array A and put(A, i, v) represents the array which is the same as array A but with the i-th value set to v. Your axiomatic system should ensure that two arrays are considered equal if they contain the same elements.

Hint: Read the task carefully.

Task 3 (3 points): Using an SMT solver

A large Danish company currently produces three kinds of products, let's call them product A, B, and C. The company wishes to reduce overhead by producing only two kinds of products in the future.

Your task is to use Z3 to evaluate whether this is possible given the companies production constraints listed below.

The company needs to produce at least 100 products (of any kind) within 3 hours.
The company needs to produce at least 5 products of kind A or kind B.
The company needs to produce at least 10 products of kind C.
To produce a product of kind A, B, and C, the company needs 1, 2, and 5 minutes, respectively.
To produce a product of kind A, B, and C, the company needs to invest 3000, 2000, and 1000 DKK, respectively.
The company wants to invest at most 300000 DKK.

Submit your encoding of the above problem in Z3 (using SMTLIB or one of the APIs, e.g. pySMT); briefly explain your constraints using inline comments.

Task 4 (20 points): Akari

For this task, we consider a puzzle game with simple rules and challenging solutions called "Akari" or "Light Up". The rules are as follows:

The game is played on a rectangular grid of walls (black tiles) and empty (white) tiles.
Initially the whole grid is dark.
The goal is to place lightbulbs on some of the empty tiles until all non-wall tiles are lit.
Every lightbulb shines light in the 4 cardinal directions (up, down, left, right) until the light is stopped by a wall.
Two lightbulbs are not allowed to shine light on each other.
Some wall tiles may have a number (typically between 0 and 4) assigned to it, which indicates how many lightbulbs must be placed in the adjacent empty tiles.

If you want to get a feeling for the game, you can also play it online. Furthermore, here is a collection of example puzzles, together with solutions for the first few puzzles:

Akari puzzles with solutions

Akari board D

Akari board E

Akari board F

Akari board G

Your task is to implement a program that utilizes Z3 to solve arbitrary Akari puzzles, such as the ones illustrated above.

The above examples each have a unique solution but, in general, your implementation should find some solution. If there is no solution, it should report that as well.

Make sure that your code is well-documented. In particular, explain what each constraint that you give to the SMT solver means.

You can choose any language that you want to use. We provide you with two code skeletons, one using the python Z3 bindings and one using the rust Z3 bindings, respectively. Both code skeletons contain:

An explanation of how puzzles are represented.
An explanation of how solutions are represented.
The function validate_solution which takes a puzzle and a solution and checks whether the solution is correct. You can use this function, together with the seven puzzles from above, which are also provided in the file, to test your implementation.
An unimplemented function solve that you should implement.

Files: Skeletons for Akari

02245 - Program Verification - Fall 2022