Strejda comments

Chapters/Chapter02.tex

@@ -355,13 +355,13 @@ solvers is to convert a \cnf formula to the corresponding \robdd and
 check the root of the resulting \bdd. If the resulting \bdd has the
 root 0, the formula is unsatisfiable, and it is satisfiable
 otherwise. However, in order to keep the size of the \bdd small, it is
-necessary to existentially quantify the variables as soon as
-possible. This technique is known as \emph{early
+necessary to existentially quantify the variables during the
+computation. This technique is known as \emph{early
   quantification}~\cite{HKB96}. A simplified symbolic \sat algorithm
 can be found for example in the survey of \sat solving by Darwiche and
 Pipatsriswat~\cite{DP09}.
 
-Look-ahead based algorithm, in contrast with the \cdcl, are employing
+Look-ahead based algorithm, in contrast to the \cdcl, are employing
 expensive heuristics to guide the \dpll search to a satisfying
 assignment instead of using cheap heuristics and learning from the
 conflicts~\cite{HD04}. Therefore, while \cdcl solvers are efficient on
@@ -379,9 +379,10 @@ theory~\cite{HKM16}.
 \section{Satisfiability modulo theories}
 
 Similarly to \sat, the \emph{satisfiability modulo theories problem}
-(\smt) is for a given a \cnf formula $\varphi$ in a fixed theory $\mathcal{T}$
-decide whether it is $\mathcal{T}$-satisfiable. Depending on the the theory $\mathcal{T}$,
-the complexity of the \smt problem ranges from polynomial to
+(\smt) is to decide for a given a \cnf formula $\varphi$ in a fixed
+theory $\mathcal{T}$ whether it is
+$\mathcal{T}$-satisfiable. Depending on the theory $\mathcal{T}$, the
+complexity of the \smt problem ranges from polynomial to
 undecidable. However, as the formula $\varphi$ can contain Boolean
 connectives, the \smt problem is at least \NP-hard for non-trivial
 theories.
@@ -441,13 +442,12 @@ infinite have been proposed~\cite{TZ05, RRZ05, JB10}.
 \subsection{DPLL modulo theories}
 
 Most of the \smt approaches can be classified as \emph{eager} or
-\emph{lazy}~\cite{BSST09}. The eager \smt approach consists in
-directly translating the input formula to an equivalent propositional
-formula and using an off-the-shelf \sat solver to decide
-satisfiability of this formula. The eager \smt approach is implemented
-for example in the \smt solver \uclid, which supports the combination
-of the theory of uninterpreted functions and the theory of Presburger
-arithmetic with ordering~\cite{LS04}.
+\emph{lazy}~\cite{BSST09}. In the eager \smt approach, input formula
+is directly translated to an equivalent propositional formula and an
+off-the-shelf \sat solver is used to decide satisfiability of this
+formula. The eager \smt approach is implemented for example in the
+\smt solver \uclid, which supports the combination of the theory of
+uninterpreted functions and linear integer arithmetic~\cite{LS04}.
 
 On the other hand, the lazy \smt approach uses a \sat solver to reason
 about the Boolean structure of the formula and a specialized
@@ -471,8 +471,8 @@ $\mathcal{T}$-satisfiable. If the propositional model is not
 $\mathcal{T}$-satisfiable, the corresponding theory lemma $\neg M^p$
 is added to the formula and the procedure is repeated. This variant of
 the lazy \smt approach is called offline, because it uses the \sat
-solver as a black box and employs the \smt solver only to check
-satisfiability of a complete Boolean assignment.
+solver as a black box and employs the $\mathcal{T}$-solver only to
+check satisfiability of a complete Boolean assignment.
 
 \paragraph{Online approach}
 In contrast to the offline approach, the \sat and \smt solvers can
@@ -504,14 +504,13 @@ transition system~\cite{NOT06}. The \dpllt approach is used in the
 majority of modern \smt solvers, including solvers
 Barcelogic~\cite{Barcelogic}, CVC4~\cite{CVC4},
 MathSAT~\cite{MathSAT}, OpenSMT~\cite{OpenSMT},
-Simplify~\cite{Simplify}, Yices~\cite{Yices}, or
-Z3~\cite{Z3}.
+Simplify~\cite{Simplify}, Yices~\cite{Yices}, and Z3~\cite{Z3}.
 
 \subsection{Natural domain \smt}
 \label{ssec:natDomainSat}
-Although the separation of the Boolean and theory reasoning in the
-\dpll approach allows the solver to be modular, it can be also
-restricting in some cases. In particular, \dpllt based solvers can not
+Although the separation of the propositional and theory reasoning in
+the \dpllt approach allows the solver to be modular, it can be also
+restricting in some cases. In particular, \dpllt-based solvers can not
 directly reason about values of first-order variables, but have to
 rely on the $\mathcal{T}$-solver guiding the search over Boolean
 valuations. While there are some techniques like \emph{splitting on
@@ -571,7 +570,7 @@ search, but in addition to assigning values of Boolean variables, it
 can assign the value of theory variables and it can generate new
 literals not occurring in the original formula. De Moura et al. have
 implemented the \mcsat solver supporting linear real arithmetic and
-uninterpreted function, which uses model-driven Fourier-Motzkin
+uninterpreted functions, which uses model-driven Fourier-Motzkin
 elimination~\cite{Dan63} to learn new predicates from arithmetic
 conflicts and model-driven Ackermannization~\cite{MB08, Ack54} to
 learn new predicates from conflicts involving uninterpreted
@@ -589,7 +588,7 @@ for unsatisfiable formulas, or to compute \emph{Craig
   interpolants}~\cite{McM06, UltimateInterpol13, UltimateCores14}.
 
 In the context of \sat and \smt solving, an unsatisfiable core is a
-subset of clauses of a unsatisfiable formula that is already
+subset of clauses of an unsatisfiable formula that is already
 unsatisfiable~\cite{CGS07}. Three main approaches are used for the
 unsatisfiable core computation in \smt~\cite{BSST09}. In the first, if
 a solver can compute resolution proofs for unsatisfiable formulas, the
@@ -623,19 +622,20 @@ to bit-vectors of length $n$. The only predicate symbols in the \BV
 theory are $=$, $\leq_u$, and $\leq_s$, interpreted as equality,
 unsigned inequality of binary-encoded natural numbers, and signed
 inequality of integers in $2$'s complement representation,
-respectively. Function symbols in the theory are
-$+, \times, \div, \&, \mid, \oplus, \ll, \gg, \cdot, \extract{n}{p}$,
-interpreted as addition, multiplication, unsigned division, bit-wise
-and, bit-wise or, bit-wise exclusive or, left-shift, right-shift,
-concatenation, and extraction of $n$ bits starting from the position
-$p$, respectively. For the detailed description of the \BV theory
-syntax and semantics, see for example Hadarean's PhD
-thesis~\cite{Had15}. This section focuses on the problem of
-satisfiability of the quantifier-free fragment of the \BV theory,
-denoted \QFBV. The the full \BV logic is treated in the next section.
+respectively. Function symbols in the theory are $+$, $\times$,
+$\div$, $\&$, $\mid$, $\oplus$, $\ll$, $\gg$, $\cdot$,
+$\extract{n}{p}$, interpreted as addition, multiplication, unsigned
+division, bit-wise and, bit-wise or, bit-wise exclusive or,
+left-shift, right-shift, concatenation, and extraction of $n$ bits
+starting from the position $p$, respectively. For the detailed
+description of the \BV theory syntax and semantics, see for example
+Hadarean's PhD thesis~\cite{Had15}. This section focuses on the
+problem of satisfiability of the quantifier-free fragment of the \BV
+theory, denoted \QFBV. The the full \BV logic is treated in the next
+section.
 
 Current state-of-the-art \smt solvers for the \QFBV logic rely on
-rewriting techniques, used to simplify the formula during the
+rewriting techniques used to simplify the formula during the
 preprocessing, and eager or lazy translation of the bit-vector formula
 to the equivalent propositional formula, which is subsequently solved
 by a \sat solver. The transformation of a bit-vector formula to the
@@ -646,7 +646,7 @@ bit-blasting is beneficial when the theory combination is
 required. For example, solvers Z3 and Yices apply bit-blasting to all
 operations except for the equality, which is handled by a specialized
 solver, and dynamically add axioms of the array
-theory~\cite{Z3,Yices}, and Boolector applies bit-blasting to the
+theory~\cite{Z3,Yices}. Boolector applies bit-blasting to the
 bit-vector operations and lazily instantiates definitions of macros
 and array axioms~\cite{Boolector}. Furthermore, CVC4 uses lazy and
 layered solver, which tries to decide the satisfiability using
@@ -660,8 +660,9 @@ generated by the sub-solvers are added to the formula and a lazy
 Although bit-blasting is highly efficient for most of practical
 problems, it can exhaust memory of the solver if the input formula
 contains complex arithmetic or variables with large bit-width. Several
-techniques that avoid the bit-blasting have been proposed to alleviate
-this problem.
+techniques that avoid the bit-blasting and work directly on the level
+of individual bit-vectors (\emph{word-level}) have been proposed to
+alleviate this problem.
 
 Some useful fragments of the bit-vector theory can be solved by
 specialized algorithms for deciding satisfiability. For example,
@@ -682,17 +683,17 @@ heuristics for generalizing explanations of bit-vector conflicts. For
 example, the solver \mcsat can perform the partial assignment
 $\extract{2}{0}(x) \mapsto 10$, denoting that the two least
 significant bits of $x$ are $10$. To be able to efficiently use such
-partial assignments, the solver \mcbv maintains two over-approximations
-of the set of models that are compatible with the current partial
-assignment -- using \emph{bit-patterns} and \emph{arithmetic
-  intervals}. Bit-patterns are sequences of $0$, $1$ and $u$, which
-represents undefined bit, and constrain the values of particular bits
-in the assignment. On the other hand, arithmetic intervals are pairs
-of bit-vector values representing lower and upper bounds and constrain
-integral values of bit-vectors. Both bit-patterns and arithmetic
-intervals can be ordered to form a lattice in which the solver
-performs a search for a more general explanation if a conflict is
-detected.
+partial assignments, the solver \mcbv maintains two
+over-approximations of the set of models that are compatible with the
+current partial assignment -- using \emph{bit-patterns} and
+\emph{arithmetic intervals}. Bit-patterns are sequences of $0$, $1$
+and $u$ (represents undefined bit), which constrain the values of
+particular bits in the assignment. On the other hand, arithmetic
+intervals are pairs of bit-vector values representing lower and upper
+bounds and constrain integral values of bit-vectors. Both bit-patterns
+and arithmetic intervals can be ordered to form a lattice in which the
+solver performs a search for a more general explanation if a conflict
+is detected.
 
 Another word-level approach for the full bit-vector theory is
 \emph{stochastic local search} (\sls), proposed for solving
@@ -709,10 +710,10 @@ necessary to satisfy randomly selected subformulas. The \sls based
 solver has been shown to be able to decide several formulas not
 decided by bit-blasting solvers. To combine benefit of bit-blasting
 and \sls approaches, the latest version of Boolector, which have won
-the 2016 SMT competition in category of quantifier-free bit-vectors,
-uses a portfolio approach, which consists in first running a \sls
-based solver for a short period of time and then running a
-bit-blasting solver if the \sls solver fails to solve the
+the 2016 SMT competition in the category of quantifier-free
+bit-vectors, uses a portfolio approach, which consists in first
+running a \sls based solver for a short period of time and then
+running a bit-blasting solver if the \sls solver fails to solve the
 formula~\cite{BoolectorComp}.
 
 \subsection{Preprocessing}
@@ -741,9 +742,9 @@ relevant for software verification.
 A variable $x$ in a formula is called \emph{unconstrained} if it
 occurs only once in the formula. Brummayer~\cite{Brum10} and
 Bruttomesso~\cite{Bru08} have independently observed that if an
-unconstrained variable occurs as an argument to a function symbol,
-which can be \emph{inverted} with respect to this argument, replacing
-this function with a fresh variable yields an equisatisfiable
+unconstrained variable occurs as an argument to a function symbol that
+can be \emph{inverted} with respect to this argument, replacing this
+function with a fresh variable yields an equisatisfiable
 formula. Moreover, unconstrained variables often occur in the
 industrial benchmarks and especially in benchmarks produced during a
 verification of programs in a single static assignment form, such as
@@ -766,22 +767,22 @@ in bit-vectors precisely if $k$ is odd.
 
 Although the bit-vector theory admits quantifier elimination by
 expanding all quantifiers with all possible bit-vector values of the
-corresponding bit-width, this is rarely practical approach. Instead,
-the formula is usually converted to a equisatisfiable formula by
+corresponding bit-width, this is rarely a practical approach. Instead,
+the formula is usually converted to an equisatisfiable formula by
 Skolemization and then instances of the universally quantified
 formulas are lazily added to the formula until a model is found or the
 formula is found to be unsatisfiable by a \QFBV solver. There are
 multiple ways to choose quantifier instances that are sufficient to
 decide the satisfiability of the formula. For the bit-vector theory,
 the most widely used approach is the \emph{model-based quantifier
-  instantiation} approach~\cite{GM09}, supported by Z3, CVC4, and
-Yices, combined by heuristics as E-matching or symbolic quantifier
-instantiation~\cite{WHD13,Dut15}. Additionally, for dealing with
-quantifiers, CVC4 supports solving quantified formulas by
+  instantiation}~\cite{GM09}, implemented in Z3, CVC4, and Yices,
+combined by heuristics as \emph{E-matching} or \emph{symbolic
+  quantifier instantiation}~\cite{WHD13,Dut15}. Additionally, for
+dealing with quantifiers, CVC4 supports solving quantified formulas by
 \emph{counter-example guided quantifier instantiation}~\cite{RDKT15}.
 % and \emph{finite model finding}~\cite{RTG13}.
-However, we describe only the model-based quantifier instantiation in
-detail, as the counter-example guided quantifier considers all
+We describe only the model-based quantifier instantiation in detail,
+as the counter-example guided quantifier instantiation considers all
 functions as uninterpreted during the conflict search, and therefore
 its performance on bit-vector formulas is limited.
 
@@ -807,9 +808,9 @@ indeed a model of the formula $\forall x_1, x_2, \dots, x_n\,(\psi)$,
 therefore the entire formula is satisfiable and $M$ is its model. If
 $\neg \widehat{\psi}$ is satisfiable, we get values $v_1, \dots, v_n$
 such that $\neg\widehat{\psi}[v_1, \dots, v_n]$ holds.  To rule out
-$M$ as a model, the instance $\psi[v_1, \dots, v_n]$ of the quantified
-formula is added to the quantifier-free part, i.e.~the formula
-$\varphi$ is modified to
+$M$ as a model as the formula $\varphi$, the instance
+$\psi[v_1, \dots, v_n]$ of the quantified formula is added to the
+quantifier-free part, i.e.~the formula $\varphi$ is modified to
 \[
    \varphi' ~\equiv~ \varphi \wedge \psi[v_1, \dots, v_n],
 \]
@@ -877,7 +878,7 @@ quantifier-free fragments are denoted by the prefix QF\_, the
 combination with the theory of uninterpreted functions is denoted by
 the prefix UF, and the problems with unary and binary encoded
 bit-widths are denoted by suffixes 1 and 2, respectively. For example,
-QF\_UFBV2 is the decision problem for quantifier free formulas with
+QF\_UFBV2 is the decision problem for quantifier-free formulas with
 uninterpreted functions and binary encoded bit-widths. The completeness
 results for these classes are summarized in table
 \ref{tbl:complexity}, and briefly explained in the rest of this section.
@@ -914,8 +915,9 @@ polynomial time reduction from QF\_BV1 to \sat, showing that QF\_BV1
 is in NP. A similar reduction from BV1 to \qbf can show that BV is in
 \PSPACE. For lower bounds, \NP-hardness of QF\_BV1 follows from a
 simple reduction from \sat, by encoding each propositional variable as
-a bit-vector of bit-width 1, and similarly, BV1 can be shown to be
-\PSPACE-hard.
+a bit-vector of bit-width 1. Similarly, BV1 can be shown to be
+\PSPACE-hard by considering every bit-vector as a quantified variable
+of bit-width 1.
 
 In quantifier-free formulas, uninterpreted functions can be eliminated
 by the Ackermann expansion with only quadratic increase in the size of
@@ -927,8 +929,8 @@ fragment of the first-order logic, which is well known to be
 \NEXPTIME-complete~\cite{WHD13}. The class of effectively
 \marginpar{The class of effectively propositional formulas is also
   known as the Bernays--Schönfinkel class.} propositional formulas
-consists only of formulas in form $\exists^*\forall^*\varphi$, where
-$\varphi$ does not contain any quantifiers or function symbols.
+consists only of formulas in the form $\exists^*\forall^*\varphi$,
+where $\varphi$ does not contain any quantifiers or function symbols.
 
 \paragraph{Binary encoded bit-widths}
 For formulas with binary encoded bit-widths, the bit-blasting may
@@ -950,7 +952,7 @@ Similarly to the case with the unary encoding, the complexity of the
 quantifier-free fragment stays the same when the uninterpreted
 functions are added -- QF\_UFBV2 can be shown to be in \NEXPTIME by
 the Ackermann reduction and \NEXPTIME-hard by the simple reduction
-from QF\_UFBV2. The complexity of the problem after adding quantifiers
+from QF\_BV2. The complexity of the problem after adding quantifiers
 and uninterpreted functions was investigated by Kovásznai et
 al.~\cite{KFB12}. Reencoding of all bit-widths to unary shows that
 UFBV2 is in \NNEXPTIME. For the lower bound, Kovásznai et al. present

Chapters/Chapter03.tex

@@ -12,13 +12,13 @@ variable ordering based on dependencies in the input formula, which
 can further reduce the size of \bdds, and approximations, which
 partially alleviate infeasibility of representing multiplication with
 a \bdd. This section summarizes all three of these components, which
-were in detail described in our paper published at the SAT conference
-2016~\cite{JS16}.
+were in detail described in our paper published at the SAT 2016
+conference~\cite{JS16}.
 
 The benefit of a \bdd-based solver over the quantifier
 instantiation-based one is the ability of representing all models of a
 universally quantified formula even in cases in which finding a
-suitable set quantifier instantiations would be infeasible. The
+suitable set of quantifier instantiations would be infeasible. The
 following formula, in which all variables have bit-with 32 bits, shows
 this difference:
 \[
@@ -28,14 +28,14 @@ this difference:
 
 The \bdd-based solver can quickly compute the \bdd for the quantified
 subformula $\forall (x : [32]) \, (a \not = 16 \cdot x)$, which shows
-that the last 4 bits of the variable $a$ have to be $0$, i.e. the
-value of $a$ is divisible by $16$. After conjoining this \bdd to the
-\bdd for $a=16 \cdot b \,+\, 16 \cdot c$, the formula is decided
-unsatisfiable, as the resulting \bdd has root $0$. On the other hand,
-if one considers only quantifier instantiations by the subterm of the
-input formula, exponentially many quantifier instances have to be
-added to the formula to show its unsatisfiability, as there is no
-subterm of $\varphi$ that can be instantiated as $x$ to yield an
+that at least one of the last 4 bits of the variable $a$ has to be
+$0$, i.e. the value of $a$ is not divisible by $16$. After conjoining
+this \bdd to the \bdd for $a=16 \cdot b \,+\, 16 \cdot c$, the formula
+is decided unsatisfiable, as the resulting \bdd has root $0$. On the
+other hand, if one considers only quantifier instantiations by the
+subterm of the input formula, exponentially many quantifier instances
+have to be added to the formula to show its unsatisfiability, as there
+is no subterm of $\varphi$ that can be instantiated as $x$ to yield an
 unsatisfiable quantifier-free formula.
 
 \subsection{Simplifications}
@@ -88,10 +88,10 @@ where $t$ is an arbitrary term that does not contain $x$.
 
 
 \subsection{Variable ordering}
-Ordering of \bdd variables is crucial to efficiency. The size of a
+Ordering of \bdd variables is crucial for efficiency. The size of a
 \bdd can differ exponentially when choosing a different
-ordering. Therefore, besides well known methods dynamic variable
-reordering during the computation~\cite{Rud93}, Q3B precomputes
+ordering. Therefore, besides well known methods of dynamic variable
+reordering during the computation, Q3B precomputes
 initial variable ordering, which is based on the dependencies among
 the variables in the formula.
 
@@ -103,13 +103,13 @@ which we denote $\leq_1, \leq_2, \leq_3$.
   with the same significance are ordered by the order of the first
   occurrences of the corresponding bit-vector variables in the
   formula. In this ordering, bit variables of the same significance
-  are near each other.
+  are close to each other.
 \item In $\leq_2$, bit variables are ordered by the order of the first
   occurrences of the corresponding bit-vector variables in the formula
   and bit variables corresponding to the same bit-vector variable are
   ordered according to their significance (from the least to the most
   significant). In this ordering, bit variables corresponding to the
-  same bit-vector variable are near each other
+  same bit-vector variable are close to each other.
 \item In $\leq_3$, we first identify syntactically dependent
   variables. Two variables are \emph{syntactically dependent} if they
   occur in the same atomic subformula. Then the set of variables is
@@ -117,10 +117,11 @@ which we denote $\leq_1, \leq_2, \leq_3$.
   the syntactic dependence relation and each of these classes is
   ordered according to $\leq_2$. Therefore, in this ordering, only
   potentially dependent bit variables of the same significance are
-  near each other.
+  close to each other.
 \end{itemize}
 From these three orderings, $\leq_3$ performs best on the set of our
-benchmarks even if the dynamic variable reordering by sifting is used.
+benchmarks even if the dynamic variable reordering by
+\emph{sifting}~\cite{Rud93} is used.
 
 \subsection{Approximations}
 The size of the \bdd for multiplication is exponential regardless the
@@ -128,7 +129,7 @@ variable ordering~\cite{Bry91}. Therefore, to be able to decide
 formulas with multiplication or complex arithmetic, Q3B uses
 approximations of the input formula, which allow deciding a
 satisfiability of the input formula by solving a simpler formula
-instead. In the context of \smt solving, underapproximation of a
+instead. In the context of \smt solving, an underapproximation of a
 formula is a formula that logically entails the input formula and an
 overapproximation of an input formula is a formula logically entailed
 by the input formula. It can be easily seen that satisfiability of an
@@ -142,16 +143,16 @@ underapproximated by representing each bit-vector variable by the
 smaller number of bit variables than its original bit-width. The
 number of bits by which the bit-variable is represented is called the
 \emph{effective bit-width}. For reducing the effective bit-width,
-\uclid offers multiple ways representation the variable by a smaller
-number of bits -- zero extension, one-extension, and
-sign-extension. In all three of these cases, the effective bit-width
-is used to represent the least significant bits of the bit-vector
-variable and all other bits are set to 0, 1, or the value of the most
-significant effectively represented bit, respectively. To these
-extensions, we have proposed their right variants, which use
-effective-bit width for representing the most significant bits. Figure
-xxx illustrates left and right variants of zero-extension and
-sign-extensions.
+\uclid offers multiple ways to represent a variable by a smaller
+number of bits: \emph{zero extension}, \emph{one-extension}, and
+\emph{sign-extension}. In all three, the effective bit-width is used
+to represent the least significant bits of the bit-vector variable and
+all other bits are set to 0, 1, or the value of the most significant
+effectively represented bit, respectively. To these extensions, we
+have proposed their right variants, which use effective-bit width to
+represent the most significant bits. Figure \ref{fig:extensions}
+illustrates left and right variants of zero-extension and
+sign-extension.
 
 \begin{figure}[tb]
       \begin{tabularx}{\textwidth}{c X c}
@@ -191,7 +192,7 @@ sign-extensions.
     \label{fig:extensions}
 \end{figure}
 
-In contrast to \uclid, we can use the same approach to performing
+In contrast to \uclid, we can use the same approach to perform
 overapproximations, because we work with the quantified formulas. For
 formulas in the negation normal form, underapproximations can be
 achieved by reducing effective bit-widths of existentially quantified
@@ -202,22 +203,23 @@ In Q3B, approximations are used in a portfolio style. The solver
 without approximations is run in parallel with the solver which
 employs underapproximations and the solver which employs
 overapproximations. Our experimental evaluation has shown that this
-set up can help decide more formulas, especially formulas containing
-multiplication.
+set up can help to decide more formulas, especially formulas
+containing multiplication.
 
 \subsection{Experimental evaluation}
 
 Our experimental evaluation has shown that a \bdd-based \smt solver
-can decide more formulas of the set of quantified bit-vector formulas
-from the SMT-LIB benchmark library~\cite{BST10}. An addition to this
-set of benchmarks, we have gathered quantified formulas produced by
-the semi-symbolic model checker \SymDivine~\cite{BHB14}, which uses
-quantified formulas to decide the equality of two symbolic states. On
-this set of benchmarks, our solver Q3B also has better performance
-than \smt solvers based on the quantifier instantiation and
-bit-blasting. Table \ref{tbl:results} shows the numbers of formulas
-solved by each solver and figure \ref{fig:quantilePlots} presents a
-quantile plot of CPU times needed to solve these formulas.
+can decide more formulas than CVC4 and Z3, when the set of quantified
+bit-vector formulas in the SMT-LIB benchmark library~\cite{BST10} is
+considered. Additionally, we have gathered quantified formulas
+produced by the semi-symbolic model checker \SymDivine~\cite{BHB14},
+which uses quantified formulas to decide the equality of two symbolic
+states. On this set of benchmarks, our solver Q3B also has better
+performance than \smt solvers based on the quantifier instantiation
+and bit-blasting. Table \ref{tbl:results} shows the numbers of
+formulas solved by each solver and figure \ref{fig:quantilePlots}
+presents the quantile plot of CPU times needed to solve these
+formulas.
 
 \begin{table}
 \checkoddpage
@@ -297,20 +299,20 @@ quantile plot of CPU times needed to solve these formulas.
 
 Recently, this results was confirmed by the \smt competition 2016 --
 our solver is the winner of the quantified-bit vectors category. Table
-\ref{tbl:smtcomp} shows official results for this category. The benchmarks
-are divided into two groups, with \emph{known} and \emph{unknown}
-status. A benchmark has a known status if at least two solvers in the
-previous year of the competition agreed whether the benchmark is
-satisfiable or unsatisfiable. The results show that Q3B can solve as
-many known benchmarks as other solvers, but solves them in the
-shortest time. Moreover, Q3B can solve more benchmarks with unknown
-status than any of the other solvers.
+\ref{tbl:smtcomp} shows official results for this category. The
+benchmarks are divided into two groups, with \emph{known} and
+\emph{unknown} status. A benchmark has a known status if at least two
+solvers in the previous year of the competition agreed whether the
+benchmark is satisfiable or unsatisfiable. The results show that Q3B
+can solve as many known benchmarks as the other solvers, but solves
+them in the shortest time. Moreover, Q3B can solve more benchmarks
+with unknown status than any of the other solvers.
 
 \section{Other areas of research}
 Outside the field of \smt solving, my research also consists in
 software verification. In this field, I have co-authored the following
 paper on the tool Symbiotic, which combines instrumentation, slicing
-and symbolic execution to allow verification of a real-world
+and, symbolic execution to allow verification of a real-world
 code~\cite{CJSSV16}.
 
 

Chapters/Chapter04.tex

@@ -5,13 +5,13 @@
 \section{Objectives and Expected Results}
 
 \subsection{Symbolic solver for quantified bit-vectors}
-I will continue developing the implemented symbolic \smt solver Q3B,
-which is aimed at solving quantified bit-vector formulas. In
+I plan to continue developing the implemented symbolic \smt solver
+Q3B, which is aimed at solving quantified bit-vector formulas. In
 particular, I plan to add support for uninterpreted functions and the
 theory of arrays, which is highly desirable for applications in the
 program verification. I also want to implement extraction of an
 unsatisfiable core from the intermediate \bdds that were produced
-during the computation of the solver.
+during the computation.
 
 Additionally, currently implemented approximations are very simple and
 could benefit from better refinement in the case that the current
@@ -21,26 +21,27 @@ Moreover, I want to implement other variants of decision diagrams such
 as zero-suppressed decision diagrams introduced by
 Minato~\cite{Min93}, binary moment diagrams introduced by Bryant and
 Chen~\cite{BC95}, and algebraic decision diagrams introduced by Bahar
-et al.~\cite{BFGHMPS} and experimentally evaluate their effect on the
-performance of the symbolic \smt solver for the quantified
+et al.~\cite{BFGHMPS}. I plan to experimentally evaluate their effect
+on the performance of the symbolic \smt solver for the quantified
 bit-vectors.
 
 \subsection{Hybrid approach to quantified bit-vectors}
 Although results of the symbolic \smt solver for quantified
-bit-vectors look promising, standard \smt solvers still perform
-better on queries containing multiplication and complex
+bit-vectors look promising, standard \smt solvers still perform better
+on queries containing multiplication and complex
 arithmetic. Therefore, I plan to develop a hybrid approach to \smt
 solving of quantified bit-vector formulas that combines strengths of
-both of these approaches. For example, parts of the quantified
-formula that do not contain multiplication can be converted to the
-\bdd, which can be used to guide the model search in the model-based
-quantifier instantiation. One possible way of achieving this is adding
-support for \bdds to the solver \mcbv developed by Zeljić et al. The
-\bdd representation can be added to the currently used
-over-approximations by bit-patterns and arithmetic
-intervals. Moreover, a tighter cooperation is possible -- if a \mcsat
-solver decides a value, it can be used to partially instantiate a
-quantified part of the formula, for which the \bdd will be computed.
+both of these approaches. For example, parts of the quantified formula
+that do not contain multiplication can be converted to the \bdd, which
+can be used to guide the model search in the model-based quantifier
+instantiation of the other parts of the formula. One possible way of
+achieving this is adding support for \bdds to the solver \mcbv
+developed by Zeljić et al. The \bdd representation can be added to the
+currently used over-approximations by bit-patterns and arithmetic
+intervals. Moreover, a tighter cooperation is possible -- if a value
+of a variable is decided by during the \mcbv computation, it can be
+used to partially instantiate a quantified part of the formula, for
+which the \bdd will be computed.
 
 As the part of my PhD study, an implementation of a solver using the
 hybrid approach and its evaluation on the representative set of
@@ -53,9 +54,9 @@ Simplifications using unconstrained variables can be extended to
 quantified formulas. However, in the quantified setting, constraints
 among variables can be introduced also by the order in which the
 variables are quantified. We have formulated a hypothesis that
-describes the necessary condition for the quantified variable to be
+describes a sufficient condition for the quantified variable to be
 considered as unconstrained. Based on this hypothesis and a partial
-proof of its validity, we have implemented an proof-of-concept
+proof of its validity, we have implemented a proof-of-concept
 simplification procedure that can simplify quantified formulas that
 contain unconstrained variables. Although the initial experimental
 results, conducted on the formulas from the semi-symbolic model
@@ -64,23 +65,23 @@ correctness is not yet complete.
 
 Moreover, the simplifications of formulas with unconstrained variables
 can be further extended. For example, if a formula contains a term
-$k \times x$ with an odd values of $k$ and the variable $x$ is
-unconstrained, this term can be replaced by a simpler term. In
-particular, if $i$ is the largest number for which $2^i$ divides the
-constant $k$ and the unconstrained variable $x$ has bit-width $n$, the
-term $k \times x$ can be rewritten to $extract_0^{n-i}(x) \cdot
-0^i$. This approach can be also extended to the multiplication of two
-variables from which one is unconstrained. I plan to investigate
-further extensions to the terms containing division and remainder
-operations and to publish a paper concerning propagation of
-unconstrained variables in quantified formulas and extensions of
-unconstrained variable simplification to multiplication and
-division. I will also experimentally evaluate the effect of such
+$k \times x$ in which the variable $x$ is unconstrained, this term can
+be replaced by a simpler term regargless the parity of the value
+$k$. In particular, if $i$ is the largest number for which $2^i$
+divides the constant $k$ and the unconstrained variable $x$ has
+bit-width $n$, the term $k \times x$ can be rewritten to
+$extract_0^{n-i}(x) \cdot 0^i$.. This approach can be also extended to
+the multiplication of two variables from which one is unconstrained. I
+plan to investigate further extensions to the terms containing
+division and remainder operations and to publish a paper concerning
+propagation of unconstrained variables in quantified formulas and
+extensions of unconstrained variable simplification to multiplication
+and division. I will also experimentally evaluate the effect of such
 simplifications on our solver Q3B and on state-of the art solvers such
 as Boolector, CVC4, and Z3.
 
 \subsection{Complexity of BV2}
-As was explained in section \ref{sec:complexity}, the precise
+As was explained in Section \ref{sec:complexity}, the precise
 complexity of quantified bit-vector formulas with binary-encoded
 bit-widths and without uninterpreted functions is not known. It is
 known to be in \EXPSPACE and to be \NEXPTIME-hard. However, a class
@@ -93,13 +94,7 @@ BV2 is complete for the class of problems solvable by the
 and \emph{polynomial number of alternations} with respect to log-space
 reduction. This class is usually denoted as \AEXPTIMEp and is known to
 be in between \NEXPTIME and \EXPSPACE~\cite{HKVV15, Luc16}. However,
-whether any of the inclusions is proper is not known. The
-\AEXPTIMEp-hardness of the BV2 can be shown by reducing the problem of
-satisfiability of \emph{quantified second order boolean formulas},
-which was recently proven to be \AEXPTIMEp-hard by Lück~\cite{Luc16}.
-
-Expected result is a paper published at an international conference or
-in a journal.
+whether any of the inclusions is proper is not known.
 
 \section{Progression Schedule}
 The plan of my future study and research activities is following:

classicthesis-config.tex

@@ -98,7 +98,7 @@
     %style=authoryear-comp, % Author 1999, 2010
     %bibstyle=authoryear,dashed=false, % dashed: substitute rep. author with ---
     sorting=nyt, % name, year, title
-    maxbibnames=3, % default: 3, et al.
+    maxbibnames=10, % default: 3, et al.
     %backref=true,%
     natbib=true % natbib compatibility mode (\citep and \citet still work)
 }{biblatex}