ABSTRACT. The desire to solve mathematical problems without inherent talent has been a longstanding aspiration of humanity since ancient times. In this lecture, we delve into the complexity theory of proofs, examining the relationship between talent and the cost of proof. Additionally, we discuss the possibilities and limitations of using a fusion of computational methods, including computer algebra and natural language processing, to solve mathematical problems with machines. Join us as we explore the frontier of machine-enabled mathematical problem-solving, reflecting on its potential and boundaries in fulfilling this age-old human ambition.

What should be observed for optimal reward in POMDPs?

ABSTRACT. Partially observable Markov Decision Processes (POMDPs) are a standard model for agents making decisions in uncertain environments. Most work on POMDPs focuses on synthesizing strategies based on the available capabilities. However, system designers can often control an agent's observation capabilities, e.g., by placing or selecting sensors. This raises the question of how one should select an agent's sensors cost-effectively such that it achieves the desired goals.
In this paper, we study the novel \emph{optimal observability problem} (OOP): Given a POMDP M, how should one change M's observation capabilities within a fixed budget such that its (minimal) expected reward remains below a given threshold? We show that the problem is undecidable in general and decidable when considering positional strategies only. We present two algorithms for a decidable fragment of the OOP: one based on optimal strategies of M's underlying Markov decision process and one based on parameter synthesis with SMT. We report promising results for variants of typical examples from the POMDP literature.

Stochastic Omega-Regular Verification and Control with Supermartingales

ABSTRACT. We introduce for the first time a supermartingale certificate for full ω-regular specifications, enabling an effective ω-regular verification and control for stochastic dynamical models with infinite and possibly continuous state space. We leverage the Robbins & Siegmund convergence theorem to characterize supermartingale certificates for the almost-sure acceptance of Streett conditions on stochastic processes, which we call Streett supermartingales. Our result generalises supermartingales certificates for almost-sure reachability, safety, reach-avoid, persistence and recurrence verification, and subsumes linear temporal logic and deterministic models. We provide an algorithm to compute control policies together with Streett supermartingales as proof certificates for ω-regular objectives, which is complete for supermartingales and control policies with polynomial templates and stochastic dynamical models with polynomial post-expectation. We additionally provide an optimisation that reduces the problem to satisfiability modulo theory, under the assumption that templates and post-expectation are piecewise linear. We have built a prototype with which we demonstrate the efficacy of our approach on a number of exemplar ω-regular verification and control problems.

Lexicographic Ranking Supermartingales with Lazy Lower Bounds

ABSTRACT. Lexicographic Ranking SuperMartingale (LexRSM) is a probabilistic extension of Lexicographic Ranking Function (LexRF), which is a widely accepted technique for verifying program termination. In this paper, we are the first to propose sound probabilistic extensions of LexRF with a weaker non-negativity condition, called single-component non-negativity. It is known that such an extension, if it exists, will be nontrivial due to the intricacies of the probabilistic circumstances.

Toward the goal, we first devise the notion of rescalability, which offers a systematic approach for analyzing the soundness of possibly negative LexRSM. This notion yields a desired extension of LexRF that is sound for general stochastic processes. We next propose another extension, called Lazy LexRSM, toward the application to automated verification; it is sound over probabilistic programs with linear arithmetics, while its subclass is amenable to automated synthesis via linear programming. We finally propose a LexRSM synthesis algorithm for this subclass, and perform experiments.

(Distinguished Paper) (Recorded) Playing Games with your PET: Extending the Partial Exploration Tool to Stochastic Games

ABSTRACT. We present version 2.0 of the Partial Exploration Tool (PET), a tool for verification of probabilistic systems.
We extend the previous version by adding support for stochastic games, based on a recent unified framework for sound value iteration algorithms.
Thereby, PET2 is the first tool implementing a sound and efficient approach for solving stochastic games with objectives of the type reachability/safety and mean payoff.
We complement this approach by developing and implementing a partial-exploration based variant for all three objectives.
Our experimental evaluation shows that PET2 offers the most efficient partial-exploration based algorithm and is the most viable tool on SGs, even outperforming unsound tools.

Split Gröbner Bases for Satisfiability Modulo Finite Fields

ABSTRACT. Satisfiability modulo finite fields enables automated verification for cryptosystems. Unfortunately, previous solvers scale poorly for even some simple systems of field equations, in part because they build a full Gröbner basis (GB) for the system. We propose a new solver that uses multiple, simpler GBs instead of one full GB. Our solver, implemented within the cvc5 SMT solver, admits specialized propagation algorithms, e.g., for understanding bitsums. Experiments show that it solves important bitsum-heavy determinism benchmarks far faster than prior solvers, without introducing much overhead for other benchmarks.

Quantified Linear Arithmetic Satisfiability Via Fine-grained Strategy Improvement

ABSTRACT. Checking satisfiability of formulae in the theory of linear
arithmetic has far reaching applications, including program verification
and synthesis. Many satisfiability solvers excel at proving and disproving satisfiability of quantifier-free linear arithmetic formulas and have
recently begun to support quantified formulas. Many of which take a
game theoretic view of quantified satisfiability to formulate the basis of
their algorithm [3,6]. Quantified Satisfiability games are played between
two players—SAT and UNSAT—who take turns instantiating quantifiers and choosing branches of Boolean connectives to evaluate the given
formula. A winning strategy for SAT (resp. UNSAT) determines the
choices of SAT (resp. UNSAT) as a function of UNSAT’s (resp. SAT’s)
choices that results in the given formula evaluating to true (resp. false)
no matter what choices UNSAT (resp. SAT) may make. Typically, procedures for satisfiability of quantified formulas require conversion to a
normal form (e.g. prenex normal form) which alter the game semantics
of the formula—i.e. by changing the scope of a quantified variable or via
introduction of additional quantified variables. We present fine-grained
strategy improvement which avoids these conversions. Additional, we
provide a means of extracting a winning strategy that serves as a proof
of (un)satisfiability that may be used in higher-level applications. We
experimentally evaluate our technique against existing methods and find
it performs favorably against state-of-the-art satisfiability solvers.

Algebraic Reasoning Meets Automata in Solving Linear Integer Arithmetic

ABSTRACT. We present a new angle on solving quantified linear integer arithmetic based on combining the automata-based approach, where numbers are understood as bitvectors, with ideas from (nowadays prevalent) algebraic approaches, which work directly with numbers. This combination is enabled by a fine-grained version of the duality between automata and arithmetic formulae. In particular, we employ a construction where states of automaton are obtained as derivatives of arithmetic formulae: then every state corresponds to a formula. Optimizations based on techniques and ideas transferred from the world of algebraic methods are used on thousands of automata states, which dramatically amplifies their effect. The merit of this combination of automata with algebraic methods is demonstrated by our prototype implementation being competitive to and even superior to state-of-the-art SMT solvers.

(Distinguished Paper) (Recorded) Distributed SMT Solving Based on Dynamic Variable-level Partitioning

ABSTRACT. Satisfiability Modulo Theories on arithmetic theories have significant applications in many important domains. Previous efforts have been mainly devoted to improving the techniques and heuristics in sequential SMT solvers. With the development of computing resources, a promising direction to boost performance is parallel and even distributed SMT solving. We explore this potential in a divide-and-conquer view and propose a novel dynamic parallel framework with variable-level partitioning. To the best of our knowledge, this is the first attempt to perform variable-level partitioning for arithmetic theories. Moreover, we enhance the interval constraint propagation algorithm, coordinate it with Boolean propagation, and integrate it into our variable-level partitioning strategy. Our partitioning algorithm effectively capitalizes on propagation information, enabling efficient formula simplification and search space pruning. We apply our method to three state-of-the-art SMT solvers, namely CVC5, Z3, and OpenSMT2, resulting in efficient parallel SMT solvers. Experiments are carried out on benchmarks of linear and non-linear arithmetic over both real and integer variables, and our variable-level partitioning method shows substantial improvements over previous partitioning strategies and is particularly good at non-linear theories.

ABSTRACT. The theory of arithmetic is integral to many uses of SMT solvers.
Z3 has implemented native solvers for arithmetic reasoning since its first release.
We present a full re-implementation of Z3's original
arithmetic solver. It is based on substantial experiences from user feedback, engineering and experimentation.
While providing a comprehensive overview of the main components
we emphasize selected new insights we arrived at while developing and testing the solver.

Parsimonious Optimal Dynamic Partial Order Reduction

ABSTRACT. Stateless model checking is a fully automatic verification technique for concurrent programs that checks for safety violations by exploring all possible thread schedulings.
It becomes effective when coupled with Dynamic Partial Order Reduction (DPOR), which introduces an equivalence on schedulings and reduces the amount of needed exploration.
DPOR algorithms that are \emph{optimal} are particularly effective in that they guarantee to explore \emph{exactly} one execution from each equivalence class.
Unfortunately, existing sequence-based optimal algorithms may in the worst case consume memory that is exponential in the size of the analyzed program.
In this paper, we present Parsimonious-OPtimal (POP) DPOR, an optimal DPOR algorithm for analyzing multi-threaded programs under sequential consistency, whose space consumption is polynomial in the worst case. POP combines several novel algorithmic techniques, including
(i) a parsimonious race reversal strategy, which avoids multiple reversals of the same race, (ii) an eager race reversal strategy to avoid storing initial fragments of to-be-explored executions, and (iii) a space-efficient scheme for preventing redundant exploration, which replaces the use of sleep sets.
Our implementation in Nidhugg shows that these techniques can significantly speed up the analysis of concurrent programs, and do so with low memory consumption. Comparison to a related optimal DPOR algorithm for a different representation of concurrent executions as graphs shows that POP has comparable worst-case performance for smaller benchmarks and outperforms the other one for larger programs.

Collective Contracts for Message-Passing Parallel Programs

ABSTRACT. Procedure contracts are a well-known approach for specifying programs in a modular way. We investigate a new contract theory for collective procedures in parallel message-passing programs. As in the sequential setting, one can verify that a procedure $f$ conforms to its contract using only the contracts, and not the implementations, of the collective procedures called by $f$. We apply this approach to C programs that use the Message Passing Interface (MPI), introducing a new contract language that extends the ANSI/ISO C Specification Language (ACSL). We present contracts for the standard MPI collective functions, as well as many user-defined collective functions. A prototype verification system has been implemented using the CIVL symbolic execution and model checking framework for checking contract satisfaction within small bounds on the number of processes.

Efficient Implementation of an Abstract Domain of Quantified First-Order Formulas

ABSTRACT. This paper lays a practical foundation for using abstract interpretation with an abstract domain that consists of sets of quantified first-order logic formulas. This abstract domain seems infeasible at first sight due to the complexity of the formulas involved and the enormous size of sets of formulas (abstract elements). We introduce an efficient representation of abstract elements, which eliminates redundancies based on a novel syntactic subsumption relation that underapproximates semantic entailment. We develop algorithms and data structures to efficiently compute the join of an abstract element with the abstraction of a concrete state, operating on the representation of abstract elements. To demonstrate feasibility of the domain, we use our data structures and algorithms to implement a symbolic abstraction algorithm that computes the least fixpoint of the best abstract transformer of a transition system, which corresponds to the strongest inductive invariant. We succeed at finding, for example, the least fixpoint for Paxos (which in our representation has 1,438 formulas with forall-exists-forall quantification) in time comparable to state-of-the-art property-directed approaches.

ABSTRACT. Envy-free cake cutting protocols procedurally divide an infinitely divisible good among a set of agents so that no agent prefers another's allocation to their own. These protocols are highly complex and difficult to prove correct. Recently, Bertram, Levinson, and Hsu introduced a language called Slice for describing and verifying cake-cutting protocols. Slice programs can be translated to formulas encoding envy-freeness, which are solved by SMT. While Slice works well on smaller protocols, it fails to scale to more complex cake-cutting protocols.

We improve Slice in two ways. First, inspired by Kurokawa, Lai, and Procaccia, we show any protocol execution in Slice can be replicated using piecewise uniform valuations. We then reduce Slice's constraint formulas to formulas within the theory of linear real arithmetic, showing that verifying envy-freeness of Slice programs is efficiently decidable. Second, we design and implement a linear type system for Slice which enforces that no two agents receive the same part of the good. We implement our methods and verify a range of challenging examples, including the first nontrivial four-agent protocol proposed by Segal-Halevi et al. in 2015.

ABSTRACT. Quantum circuit compilation comprises many computationally hard reasoning tasks that nonetheless lie inside #P and its decision counterpart in PP. The classical simulation of general quantum circuits is a core example. We show for the first time that a strong simulation of universal quantum circuits can be efficiently tackled through weighted model counting by providing a linear encoding of Clifford+T circuits. To achieve this, we exploit the stabilizer formalism by Knill, Gottesmann, and Aaronson and the fact that stabilizer states form a basis for density operators. With an open-source simulator implementation, we demonstrate empirically that model counting often outperforms state-of-the-art simulation techniques based on the ZX calculus and decision diagrams. Our work paves the way to apply the existing array of powerful classical reasoning tools to realize efficient quantum circuit compilation; one of the obstacles on the road towards quantum supremacy.

ABSTRACT. This paper gives an overview of the most recent developments on the VerCors verifier. VerCors supports deductive verification of concurrent software, written in multiple programming languages, where the specifications are written in terms of pre-/postcondition contracts using permission-based separation logic. In essence, VerCors is a program transformation tool: it translates an annotated program into input for the Viper framework, which is then used as verification back-end.
The paper discusses the different programming languages and features for which VerCors provides verification support. It also discusses how the tool internally has been reorganised to become easily extendible, and to improve the connection and interaction with Viper. In addition, we also introduce two tools built on top of VerCors, which support correctness-preserving transformations of verified programs. Finally, we discuss how the VerCors verifier has been used on a range of realistic case studies.

mypyvy: A Research Platform for Verification of Transition Systems in First-Order Logic

ABSTRACT. mypyvy is an open-source tool for specifying transition systems in first-order logic and reasoning about them.
mypyvy is particularly suitable for analyzing and verifying distributed algorithms.
mypyvy implements key functionalities needed for safety verification and provides flexible interfaces that makes it useful not only as a verification tool but also as a research platform for developing verification techniques, and in particular invariant inference algorithms.
Moreover, the mypyvy input language is both simple and general, and the mypyvy repository includes several dozen benchmarks---transition systems that model a wide range of distributed and concurrent algorithms.
mypyvy has supported several recent research efforts that benefited from its development framework and benchmark set.