Multiple changes

Bibliography.bib

@@ -1046,4 +1046,56 @@ year = {2005},
   title = 	 {Solving Exists/Forall Problems With Yices},
   booktitle = {13th International Workshop on Satisfiability Modulo
                  Theories (SMT 2015)},
-  year = 	 2015}
\ No newline at end of file
+  year = 	 2015}
+
+@inproceedings{FKB13,
+  author    = {Andreas Fr{\"{o}}hlich and
+               Gergely Kov{\'{a}}sznai and
+               Armin Biere},
+  title     = {More on the Complexity of Quantifier-Free Fixed-Size Bit-Vector Logics
+               with Binary Encoding},
+  booktitle = {Computer Science - Theory and Applications - 8th International Computer
+               Science Symposium in Russia, {CSR} 2013, Ekaterinburg, Russia, June
+               25-29, 2013. Proceedings},
+  pages     = {378--390},
+  year      = {2013}
+}
+
+@MISC{BST10,
+  author =	 {Clark Barrett and Aaron Stump and Cesare Tinelli},
+  title =	 {{The Satisfiability Modulo Theories Library (SMT-LIB)}},
+  howpublished = {{\tt www.SMT-LIB.org}},
+  year =	 2010,
+}
+
+@INCOLLECTION{BHB14,
+  author = {Petr Bauch and Vojt\v{e}ch Havel and Ji\v{r}\'{\i} Barnat},
+  title = {{LTL Model Checking of LLVM Bitcode with Symbolic Data}},
+  booktitle = {{MEMICS} 2014},
+  publisher = {Springer},
+  year = 2014,
+  volume = 8934,
+  series = {LNCS},
+  pages = {47--59},
+}
+
+@article{Bry91,
+ author = {Bryant, Randal E.},
+ title = {{On the Complexity of VLSI Implementations and Graph Representations of Boolean Functions with Application to Integer Multiplication}},
+ journal = {IEEE Trans. Comput.},
+ volume = {40},
+ number = {2},
+ year = {1991},
+ issn = {0018-9340},
+ pages = {205--213},
+ publisher = {IEEE Computer Society},
+}
+
+@inproceedings{Rud93,
+  author    = {Richard Rudell},
+  title     = {Dynamic variable ordering for ordered binary decision diagrams},
+  booktitle = {Proceedings of the 1993 {IEEE/ACM} International Conference on Computer-Aided
+               Design, 1993},
+  pages     = {42--47},
+  year      = {1993}
+}
\ No newline at end of file

Chapters/Chapter02.tex

@@ -269,29 +269,26 @@ theories.
 
 Notable examples of decidable first-order theories include
 \begin{itemize}
-\item the theory of \emph{equality and uninterpreted functions}
-  $\teuf$, which contains all structures that interpret the predicate
-  $=$ as a congruence with respect to all other functions,
+\item the theory of \emph{equality and uninterpreted functions}, which
+  contains all structures that interpret the predicate $=$ as a
+  congruence with respect to all other functions,
 \item the theory of \emph{linear integer arithmetic}, which consists
-  of all structures from $\teuf$ that are isomorphic to the set of
-  integers and interpret the function $+$ as addition and the
-  predicate $\leq$ as the integer comparison;
-\item the theory of \emph{linear real arithmetic}, which consists of
-  all structures from $\teuf$ that are isomorphic to real numbers and
-  interpret the function $+$ as addition, and the predicate $\leq$ as
-  the real comparison;
+  of all structures isomorphic to integers with the function $+$ and
+  predicates $\leq$ and $=$,
+\item the theory of \emph{linear real arithmetic}, which consists
+  of all structures isomorphic to real numbers with the function $+$ and
+  predicates $\leq$ and $=$,
 \item the theory of \emph{real arithmetic}\marginpar{In contrast to
     real arithmetic, integer arithmetic with multiplication was shown
     to be undecidable by Gödel.}, which consists of all structures
-  from $\teuf$ that are isomorphic to real numbers and interpret the
-  function $+$ as addition, $\times$ as multiplication, and the
-  predicate $\leq$ as the real comparison;
+  isomorphic to real numbers with functions $+$ and $\times$ and
+  predicates $\leq$ and $=$,
 \item the theory of \emph{arrays}, which consists of all structures
-  from $\teuf$ isomorphic to the set of arrays with a binary function
-  $read(a, i)$ interpreted as a value in the index $i$ of the array
-  $a$, and a ternary function $write(a, i, v)$ interpreted as an array
-  $a$ modified to contain the value $v$ on the index $i$;
-\item the theory of fixed-size bit-vectors.
+  isomorphic to the set of arrays with a binary function $read(a, i)$
+  interpreted as a value in the index $i$ of the array $a$, and a
+  ternary function $write(a, i, v)$ interpreted as an array $a$
+  modified to contain the value $v$ on the index $i$;
+\item the theory of \emph{fixed-size bit-vectors}. \marginpar{TODO: describe}
 \end{itemize}
 For a detailed description of these theories and implementation of the
 respective $T$-solvers, we refer the reader for example to the book of
@@ -496,7 +493,8 @@ preprocessing, and eager or lazy translation of the bit-vector formula
 to the equivalent propositional formula, which is subsequently solved
 by a \sat solver. The transformation of a bit-vector formula to the
 equivalent propositional formula is traditionally called
-\emph{bit-blasting}~\cite{Kro08}. More lazy approach to the
+\emph{bit-blasting}~\cite{Kro08}.  \marginpar{TODO: Nepřidat odstavec
+  o propagating-complete \cnf encodings?} More lazy approach to the
 bit-blasting is benefitial when the theory combination is
 required. For example, solvers Z3 and Yices apply bit-blasting to all
 operations except for the equality, which is handled by a specialized
@@ -509,9 +507,7 @@ possibly faster but incomplete sub-solvers for equality and inequality
 reasoning and if the sub-solvers are not sufficient for deciding the
 satisfiability of the formula, theory lemmas and propagated literals
 generated by the sub-solvers are added to the formula and a lazy
-\dpllt bit-blasting solver is
-employed~\cite{HBJBT14}. \marginpar{TODO: Nepřidat odstavec o
-  propagating-complete \cnf encodings?}
+\dpllt bit-blasting solver is employed~\cite{HBJBT14}.
 
 \subsection{Word-level techinques}
 Although bit-blasting is highly efficient for most of practical
@@ -625,18 +621,17 @@ Although the bit-vector theory admits quantifier elimination by
 expanding all quantifiers with all possible bit-vector values of the
 corresponding bit-width, this is rarely practical approach. Instead,
 the formula is usually converted to a equisatisfiable formula by
-Skolemization and then instances of the universal quantifiers are
-lazily added to the formula until a model is found by a solver for
-quantifier-free bit-vector formulas or the formula is found to be
-unsatisfiable. There are multiple ways to choose quantifier instances
-that are sufficient to decide the satisfiability of the formula. For
-the bit-vector theory, the most widely used approach is the
-\emph{model-based quantifier instantiation} approach~\cite{GM09},
-supported by Z3, CVC4, and Yices, combined by heuristics as E-matching
-or symbolic quantifier instantiation~\cite{WHD13,Dut15}. Additionally,
-for dealing with quantifiers, CVC4 supports solving quantified
-formulas by \emph{counter-example guided quantifier
-  instantiation}~\cite{RDKT15}.
+Skolemization and then instances of the universally quantified
+formulas are lazily added to the formula until a model is found or the
+formula is found to be unsatisfiable by a \QFBV solver. There are
+multiple ways to choose quantifier instances that are sufficient to
+decide the satisfiability of the formula. For the bit-vector theory,
+the most widely used approach is the \emph{model-based quantifier
+  instantiation} approach~\cite{GM09}, supported by Z3, CVC4, and
+Yices, combined by heuristics as E-matching or symbolic quantifier
+instantiation~\cite{WHD13,Dut15}. Additionally, for dealing with
+quantifiers, CVC4 supports solving quantified formulas by
+\emph{counter-example guided quantifier instantiation}~\cite{RDKT15}.
 % and \emph{finite model finding}~\cite{RTG13}.
 However, we describe only the model-based quantifier instantiation in
 detail, as the counter-example guided quantifier considers all
@@ -646,7 +641,8 @@ its performance on bit-vector formulas is limited.
 \subsection{Model-based quantifier instantiation}
 Given a closed formula with quantifiers, the first step is to convert
 the formula to the negation normal form and apply Skolemization to
-obtain equisatisfiable formula of the form
+obtain equisatisfiable formula of the form \marginpar{TODO: V
+  preliminaries vysvětlit notaci $\psi[x_1, \ldots, x_n]$}
 \[
    \varphi ~\wedge~ \forall x_1, x_2, \dots, x_n\, (\psi[x_1, \dots, x_n]),
 \]
@@ -695,32 +691,31 @@ This algorithm is trivially terminating, since there is only a finite
 number of distinct models $M$ of $\varphi$. However, in some cases
 exponentially many such models have to be ruled out before the solver
 is able to find a correct model or decide unsatisfiability of the
-whole formula. To overcome this issue, state-of-the-art SMT solvers do
-not use just instances of the form $\psi[v_1, \dots, v_n]$ with
-concrete values, but employ heuristics such as
-E-matching~\cite{DNS05,MB07} or symbolic quantifier
-instantiation~\cite{WHD13} to choose instances with ground terms which
-can potentially rule out more spurious models and thus significantly
-reduce the number of iterations of the algorithm. In practice,
-suitable ground terms substituted for quantified variables are
-selected only from subterms of the input formula.
+whole formula. To overcome this issue, state-of-the-art \smt solvers
+do not use just instances of the form $\psi[v_1, \dots, v_n]$ with
+concrete values, but employ mentioned heuristics such as E-matching or
+symbolic quantifier instantiation to choose instances with ground
+terms that can potentially rule out more spurious models and thus
+significantly reduce the number of iterations of the algorithm. In
+practice, suitable ground terms substituted for quantified variables
+are selected only from subterms of the input formula.
 
 Note that Skolemization introduces uninterpreted functions to the
 quantified formulas of form other than
 $\exists^*\forall^*\varphi$. This class of formulas is usually called
 \emph{exists/forall}, or simply $\exists\forall$. Therefore, for the
 model-based quantifier instantiation approach to be usable for
-formulas not from the exists/forall class, the underlying
-quantifier-free bit-vector solver has to support reasoning about
-uninterpreted functions. In case of Z3, this is achieved by
-\emph{template-based model finding} -- uninterpreted functions are
-assigned templates and the quantifier-free \smt solver is used to find
-parameters of these templates, which satisfy the formula. For example,
-an uninterpreted function $f$ may be assigned a linear template
-$f(x) = ax + b$ and finding a model of $f$ reduces to finding
-parameters $a$ and $b$.
-
-\section{Computational complexity}
+formulas not from the exists/forall class, the underlying \QFBV solver
+has to support reasoning about uninterpreted functions. In case of Z3,
+this is achieved by \emph{template-based model finding} --
+uninterpreted functions are assigned templates and the \QFBV solver is
+used to find satisfying parameters of these templates. For example, an
+uninterpreted function $f$ may be assigned a template for linear
+functions $f(x) = ax + b$ and finding a satisfying function $f$
+reduces to finding values $a$ and $b$.
+
+
+\section{Computational complexity of bit-vector logics}
 The propositional satisfiability problem is well known from the
 computational complexity perspective, as it is the first problem that
 was shown to be \NP-complete. The complexity of the satisfiability
@@ -736,7 +731,36 @@ combination with the theory of uninterpreted functions is denoted by
 the prefix UF, and the problems with unary and binary encoded
 bit-widths are denoted by suffixes 1 and 2, respectively. For example,
 QF\_UFBV2 is the decision problem for quantifier free formulas with
-uninterpreted functions and binary encoded bit-withs.
+uninterpreted functions and binary encoded bit-withs. The completeness
+results for these classes are summarized in table
+\ref{tbl:complexity}, and briefly explained in the rest of this section.
+
+\begin{table}
+\checkoddpage
+\edef\side{\ifoddpage l\else r\fi}
+\makebox[\textwidth][\side]{
+\begin{minipage}[bt]{\fullwidth}
+  \begin{center}
+    \setlength{\tabcolsep}{0.6em}
+    \begin{tabularx}{\textwidth}{l l l l X l r}
+      \toprule
+      & & \multicolumn{5}{c}{Quantifiers} \\
+      \cmidrule(l){3-7}
+      & & \multicolumn{2}{c}{No} & & \multicolumn{2}{c}{Yes} \\
+      \cmidrule(l){3-4}
+      \cmidrule(l){6-7}
+      & & \multicolumn{2}{c}{Uninterpreted functions} & & \multicolumn{2}{c}{Uninterpreted functions} \\
+      & & \multicolumn{1}{c}{No} & \multicolumn{1}{c}{Yes} & & \multicolumn{1}{c}{No} & \multicolumn{1}{c}{Yes} \\
+      \midrule
+      \multirow{2}{*}{Encoding~} & Unary & \NP & \NP & & \PSPACE & \NEXPTIME \\
+       & Binary\hspace{2em} & \NEXPTIME & \NEXPTIME & & ? & \NNEXPTIME \\
+      \bottomrule
+    \end{tabularx}
+  \end{center}
+  \caption{Completeness results for various bit-vector logics and encodings~\cite{FKB13}.}
+  \label{tbl:complexity}
+\end{minipage}}
+\end{table}
 
 \paragraph{Unary encoded bit-widths} The bit-blasting yields a
 polynomial time reduction from QF\_BV1 to \sat, showing that QF\_BV1

Chapters/Chapter03.tex

@@ -5,14 +5,14 @@
 \section{Symbolic approach to quantified bit-vectors}
 Our research is focused on employing symbolic methods for deciding
 satisfiability of quantified bit-vector formulas. In particular, we
-have developed a \bdd-based solver for quantified bit-vector logic
-called Q3B. The solver uses simplifications like early quantification
-in order to reduce the size of the intermediate \bdds, tailored \bdd
+have developed a \bdd-based solver Q3B for quantified bit-vector
+logic. The solver uses simplifications like early quantification in
+order to reduce the size of the intermediate \bdds, tailored \bdd
 variable ordering based on dependencies in the input formula, which
-can further reduce the size of \bdds, and approximations to partially
-alleviate infeasibility of dealing with multiplications in \bdds. This
-section summarizes all three of these components, which were in detail
-described in our paper published at the SAT conference
+can further reduce the size of \bdds, and approximations, which
+partially alleviate infeasibility of representing multiplication with
+a \bdd. This section summarizes all three of these components, which
+were in detail described in our paper published at the SAT conference
 2016~\cite{JS16}.
 
 The benefit of a \bdd-based solver over the quantifier
@@ -22,44 +22,46 @@ suitable set quantifier instantiations would be infeasible. The
 following formula, in which all variables have bit-with 32 bits, shows
 this difference:
 \[
-  \varphi \equiv a=16 \cdot b \,+\, 16 \cdot c~\wedge~\forall (x : BitVec_{32}) \, (a
-  \not = 16 \cdot x).
+  \varphi \equiv a=16 \cdot b \,+\, 16 \cdot c~\wedge~\forall (x :
+  [32]) \, (a \not = 16 \cdot x).
 \]
 
 The \bdd-based solver can quickly compute the \bdd for the quantified
-subformula, which shows that the last 4 bits of the variable $a$ have
-to be 0, i.e. the value of $a$ is divisible by $16$. After conjoining
-this \bdd to the \bdd for $a=16 \cdot b \,+\, 16 \cdot c$, the formula
-is decided unsatisfiable, as the resulting \bdd is empty. On the other
-hand, exponentially many quantifier instances have to be added to the
-formula to show its unsatisfiability, as there is no subterm of
-$\varphi$ that can be instantiated as $x$ to yield an unsatisfiable
-quantifier-free formula.
+subformula $\forall (x : [32]) \, (a \not = 16 \cdot x)$, which shows
+that the last 4 bits of the variable $a$ have to be $0$, i.e. the
+value of $a$ is divisible by $16$. After conjoining this \bdd to the
+\bdd for $a=16 \cdot b \,+\, 16 \cdot c$, the formula is decided
+unsatisfiable, as the resulting \bdd has root $0$. On the other hand,
+if one considers only quantifier instantiations by the subterm of the
+input formula, exponentially many quantifier instances have to be
+added to the formula to show its unsatisfiability, as there is no
+subterm of $\varphi$ that can be instantiated as $x$ to yield an
+unsatisfiable quantifier-free formula.
 
 \subsection{Simplifications}
 
 Simplifications used in Q3B aim for reducing the size of the
-intermediate \bdds. This can be achieved, besides partial canonization
-of subterms, by reducing the scope of quantifiers occurring in the
+intermediate \bdds. This can be achieved, besides partially canonizing
+the subterms, by reducing scopes of quantifiers occurring in the
 formula. One such simplification is distributivity of universal
 quantification over conjunction:
 \[
-  \forall x. \, (\varphi \wedge \psi)~~\leadsto~~(\forall x . \,
-  \varphi) \wedge (\forall x . \, \psi).
+  \forall x. \, (\varphi ~\wedge~ \psi)~~\leadsto~~(\forall x . \,
+  \varphi) ~\wedge~ (\forall x . \, \psi).
 \]
 After such transformation, the \bdd for $\varphi \wedge \psi$ does not
 have to be computed and the conjunction of the \bdds is computed only
-after the elimination of the universal quantifier, which usually
-reduces the size of the formula. Dually, the existential
-quantification can be distributed over disjunctions.
+after elimination of the universal quantifier, which usually reduces
+the size of the formula. Dually, the existential quantification can be
+distributed over disjunctions.
 
 Moreover, universal quantification can distribute over disjunctions in
 cases where the variable bound by the quantifier does not occur in one
 of the conjuncts. This leads to the following rule and its dual
-version, which is known as miniscoping:
+version, which is known as \emph{miniscoping}:
 \[
-  \forall x. \, (\varphi \vee \psi)~~\leadsto~~(\forall x . \,
-  \varphi) \vee \psi,
+  \forall x. \, (\varphi ~\vee~ \psi)~~\leadsto~~(\forall x . \,
+  \varphi) ~\vee~ \psi,
 \]
 where $x$ does not occur freely in $\psi$. Note that the scope of the
 quantifier is again reduced, which can lead to smaller intermediate
@@ -69,27 +71,29 @@ Q3B also uses \emph{destructive equality resolution} (\der) rule,
 which was proposed for quantified bit-vector formulas by Wintersteiger
 et al:
 \[
-  \forall x. \, (x \not = t \vee \varphi)~~\leadsto~~\varphi[x \leftarrow t],
+  \forall x. \, (x \not = t ~\vee~ \varphi)~~\leadsto~~\varphi[x \leftarrow t],
 \]
 where $t$ is an arbitrary term that does not contain $x$. As the
 \der rule eliminates the quantified variable, it in many cases also
 reduces the size of the \bdds.
 
-Because unlike Z3, for which the \der rule was proposed, our solver
-does not perform Skolemization before solving, we also need a dual
-version of this rule, which we have called \emph{constructive equality
-  resolution}:
+Unlike Z3, for which the \der rule was proposed, our solver does not
+perform Skolemization before solving. Therefore we also need a dual
+version of the \der rule, which we have called \emph{constructive
+  equality resolution}:
 \[
-  \exists x. \, (x = t \wedge \varphi)~~\leadsto~~\varphi[x \leftarrow t],
+  \exists x. \, (x = t ~\wedge~ \varphi)~~\leadsto~~\varphi[x \leftarrow t],
 \]
 where $t$ is an arbitrary term that does not contain $x$.
 
 
 \subsection{Variable ordering}
-Ordering of \bdd variables is crucial to efficiency. The size of a \bdd
-can differ even exponentially when choosing a different
-ordering. Therefore, besides well known dynamic variable reordering,
-Q3B precomputes initial variable ordering based on the formula.
+Ordering of \bdd variables is crucial to efficiency. The size of a
+\bdd can differexponentially when choosing a different
+ordering. Therefore, besides well known methods dynamic variable
+reordering during the computation~\cite{Rud93}, Q3B precomputes
+initial variable ordering, which is based on the dependencies among
+the variables in the formula.
 
 We have implemented and compared three different initial orderings,
 which we denote $\leq_1, \leq_2, \leq_3$.
@@ -120,40 +124,34 @@ benchmarks even if the dynamic variable reordering by sifting is used.
 
 \subsection{Approximations}
 The size of the \bdd for multiplication is exponential regardless the
-variable ordering. Therefore, to be able to decide formulas with
-multiplication or complex arithmetic, Q3B uses approximations of the
-input formula, which allow deciding a satisfiability of the input
-formula by solving a simpler formula instead. In the context of \smt
-solving, underapproximation of a formula is a formula which logically
-entails the input formula and an overapproximation of an input formula
-is a formula logically entailed by the input formula. It can be easily
-seen that satisfiability of an underapproximation implies
-satisfiability of the input formula and unsatisfiability of an
-overapproximation implies unsatisfiability of the input formula.
+variable ordering~\cite{Bry91}. Therefore, to be able to decide
+formulas with multiplication or complex arithmetic, Q3B uses
+approximations of the input formula, which allow deciding a
+satisfiability of the input formula by solving a simpler formula
+instead. In the context of \smt solving, underapproximation of a
+formula is a formula that logically entails the input formula and an
+overapproximation of an input formula is a formula logically entailed
+by the input formula. It can be easily seen that satisfiability of an
+underapproximation implies satisfiability of the input formula and
+unsatisfiability of an overapproximation implies unsatisfiability of
+the input formula.
 
-Q3B employs approximations to those used by the \smt solver UCLID. In
-UCLID, the quantifier-free input formula is underapproximated by
-representing each bit-vector variable by the smaller number of bits
-variables than the original bit-width. The number of bits, by which
-the bit-variable is represented is called \emph{effective
-  bit-width}. For reducing the effective bit-width, UCLID offers
-multiple ways of representation by smaller number of bits -- zero
-extension, one-extension, and sign-extension. In all three of these
-cases, the effective bit-width is used to represent the least
-significant bits and all more significant bits are set to be 0, 1, or
-the value of the most significant effectively represented bit,
-respectively. To these extension, we have proposed their right
-variants, which use effective-bit width for representing the most
-significant bits. Figure xxx illustrates left and right variants of
-zero-extension and sign-extensions.
-
-\newlength\fullmarginwidth
-\fullmarginwidth=\marginparwidth
-\advance\fullmarginwidth by \marginparsep
-
-\newlength\fullwidth
-\fullwidth=\textwidth
-\advance\fullwidth by \fullmarginwidth
+Q3B employs approximations similar to those used by the \smt solver
+\uclid. In \uclid, the quantifier-free input formula is
+underapproximated by representing each bit-vector variable by the
+smaller number of bit variables than its original bit-width. The
+number of bits by which the bit-variable is represented is called the
+\emph{effective bit-width}. For reducing the effective bit-width,
+\uclid offers multiple ways representation the variable by a smaller
+number of bits -- zero extension, one-extension, and
+sign-extension. In all three of these cases, the effective bit-width
+is used to represent the least significant bits of the bit-vector
+variable and all other bits are set to 0, 1, or the value of the most
+significant effectively represented bit, respectively. To these
+extensions, we have proposed their right variants, which use
+effective-bit width for representing the most significant bits. Figure
+xxx illustrates left and right variants of zero-extension and
+sign-extensions.
 
 \begin{figure}[tb]
   \checkoddpage
@@ -193,12 +191,12 @@ zero-extension and sign-extensions.
         right zero-extension && right sign-extension
       \end{tabularx}
       \caption{Reductions using zero-extension and sign-extension of a
-        8-bit variable $a=a_5a_4a_3a_2a_1a_0$ to $3$ effective bits.}
+        6-bit variable $a=a_5a_4a_3a_2a_1a_0$ to $3$ effective bits.}
     \label{fig:extensions}
   \end{minipage}}
 \end{figure}
 
-In contrast to UCLID, we can use the same approach to performing
+In contrast to \uclid, we can use the same approach to performing
 overapproximations, because we work with the quantified formulas. For
 formulas in the negation normal form, underapproximations can be
 achieved by reducing effective bit-widths of existentially quantified
@@ -207,23 +205,24 @@ bit-widths of universally quantified variables.
 
 In Q3B, approximations are used in a portfolio style. The solver
 without approximations is run in parallel with the solver which
-employs underapproximation and the solver which employs
+employs underapproximations and the solver which employs
 overapproximations. Our experimental evaluation has shown that this
-set up can decide more formulas, especially formulas containing
-multiplications.
+set up can help decide more formulas, especially formulas containing
+multiplication.
 
 \subsection{Experimental evaluation}
 
-Our experimental evaluation has shown that \bdd-based \smt solver can
-decide more formulas of the set of quantified bit-vector formulas from
-the SMT-LIB benchmark library. An addition to this set of benchmarks,
-we have gathered quantified formulas produced by the semi-symbolic
-model checker \SymDivine, which uses quantified formulas to decide the
-equality of two symbolic states. On this set of benchmarks, our solver
-Q3B also has better performance than \smt solvers based on the
-quantifier instantiation and bit-blasting. Table xxx shows the numbers
-of formulas solved by each solver and Figure yyy presents a cactus
-plot of cpu-times needed to solve these formulas.
+Our experimental evaluation has shown that a \bdd-based \smt solver
+can decide more formulas of the set of quantified bit-vector formulas
+from the SMT-LIB benchmark library~\cite{BST10}. An addition to this
+set of benchmarks, we have gathered quantified formulas produced by
+the semi-symbolic model checker \SymDivine~\cite{BHB14}, which uses
+quantified formulas to decide the equality of two symbolic states. On
+this set of benchmarks, our solver Q3B also has better performance
+than \smt solvers based on the quantifier instantiation and
+bit-blasting. Table \ref{tbl:results} shows the numbers of formulas
+solved by each solver and figure \ref{fig:quantilePlots} presents a
+quantile plot of CPU times needed to solve these formulas.
 
 \begin{table}
 \checkoddpage
@@ -239,9 +238,9 @@ plot of cpu-times needed to solve these formulas.
       \cmidrule(l){8-11}
       & & sat & unsat & unknown & timeout & & sat & unsat & unknown & timeout \\
       \midrule
-      CVC4 & & 29 & 55 & 32 & 75 & & 1\,124 & 3\,845 & 2 & 490  \\
-      Z3 & & 71 & 93 & 5 & 22 & & 1\,135 & 4\,162 & 22 & 142 \\
-      Q3B & & \textbf{94} & \textbf{94} & 0 & 3 & & \textbf{1\,137} & \textbf{4\,202} & 0 & 122  \\
+      CVC4 & & $29$ & $55$ & $32$ & $75$ & & $1\,124$ & $3\,845$ & $2$ & $490$  \\
+      Z3 & & $71$ & $93$ & $5$ & $22$ & & $1\,135$ & $4\,162$ & $22$ & $142$ \\
+      Q3B & & $\mathbf{94}$ & $\mathbf{94}$ & $0$ & $3$ & & $\mathbf{1\,137}$ & $\mathbf{4\,202}$ & $0$ & $122$  \\
       \bottomrule
     \end{tabularx}
   \end{center}
@@ -275,17 +274,17 @@ plot of cpu-times needed to solve these formulas.
 \end{figure}
 
 Recently, this results was confirmed by the \smt competition 2016 --
-our solver is the winner of the category of solvers for quantified-bit
-vectors. Table xxx shows official results of the competition. The
-benchmarks are divided into two categories, with \emph{known} and
-\emph{unknown} status. A benchmark has known status if at least two
-solvers in the previous year of the competition agreed whether the
-benchmark is satisfiable or unsatisfiable. The results show that Q3B
-can solve as many benchmarks as other solvers, but solves them in the
+our solver is the winner of the quantified-bit vectors category. Table
+\ref{tbl:smtcomp} shows official results for this category. The benchmarks
+are divided into two groups, with \emph{known} and \emph{unknown}
+status. A benchmark has a known status if at least two solvers in the
+previous year of the competition agreed whether the benchmark is
+satisfiable or unsatisfiable. The results show that Q3B can solve as
+many known benchmarks as other solvers, but solves them in the
 shortest time. Moreover, Q3B can solve more benchmarks with unknown
 status than any of the other solvers.
 
-\begin{table}[t]
+\begin{table}[bt]
   \checkoddpage
   \edef\side{\ifoddpage l\else r\fi}
   \makebox[\textwidth][\side]{
@@ -294,14 +293,13 @@ status than any of the other solvers.
     \begin{tabularx}{\textwidth}{l r r r X r r r}
       \toprule
       & ~ & \multicolumn{2}{c}{Known status} & & \multicolumn{3}{c}{Unknown status}  \\
-      \cmidrule(l){3-4}
-      \cmidrule(l){6-8}
-      & & \# solved & avg. CPU time & &\# solved & avg. CPU time &
+      \cmidrule(l){3-4} \cmidrule(l){6-8} & & \# solved & avg. CPU
+      time & &\# solved & avg. CPU time &
       avg. WALL time \\
       \midrule
-      Boolector & & $85$ & $1.635$ & & $89$ & $11\,431$ & $11\,422$ \\
+      Boolector & & $85$ & $1.635$ & & $89$ & $\mathbf{11\,431}$ & $11\,422$ \\
       CVC4 & & $85$ & $1.576$ & & $56$ & $29\,464$ & $29\,453$ \\
-      Q3B & & $85$ & $0.138$ & & $99$ & $12\,111$ & $4\,059$ \\
+      Q3B & & $85$ & $\mathbf{0.138}$ & & $\mathbf{99}$ & $12\,111$ & $\mathbf{4\,059}$ \\
       Z3 & & $85$ & $0.339$ & & $78$ & $16\,721$ & $16\,713$ \\
       \bottomrule
     \end{tabularx}
@@ -309,6 +307,7 @@ status than any of the other solvers.
       \smt competition 2016 divided into the benchmarks with known
       status and benchmarks with a previously unknown status. All
       times are in seconds.}
+    \label{tbl:smtcomp}
   \end{minipage}}
 \end{table}
 
@@ -316,9 +315,12 @@ status than any of the other solvers.
 Outside the field of \smt solving, my research also consists in
 software verification. In this field, I have co-authored the following
 paper on the tool Symbiotic, which combines instrumentation, slicing
-and symbolic execution to allow verification of a real-world code:
+and symbolic execution to allow verification of a real-world
+code~\cite{CJSSV16}.
+
+\section{Published papers}
+TODO
 
-paper~\cite{CJSSV16}.
 
 %*****************************************
 %*****************************************

ClassicThesis.tex

@@ -79,6 +79,13 @@
 %\setcounter{page}{90}
 % use \cleardoublepage here to avoid problems with pdfbookmark
 \cleardoublepage
+\newlength\fullmarginwidth
+\fullmarginwidth=\marginparwidth
+\advance\fullmarginwidth by \marginparsep
+
+\newlength\fullwidth
+\fullwidth=\textwidth
+\advance\fullwidth by \fullmarginwidth
 \include{Chapters/Chapter01}
 \include{Chapters/Chapter02}
 %\addtocontents{toc}{\protect\clearpage} % <--- just debug stuff, ignore

FrontBackmatter/Titleback.tex

 \thispagestyle{empty}
 
-\hfill
+%\hfill
 
-\vfill
+%\vfill
 
-\noindent\myName: \textit{\myTitle,} \mySubtitle, %\myDegree, 
-\textcopyright\ \myTime
+%\noindent\myName: \textit{\myTitle,} \mySubtitle, %\myDegree,
+%\textcopyright\ \myTime
 
 %\bigskip
 %
 %\noindent\spacedlowsmallcaps{Supervisors}: \\
 %\myProf \\
-%\myOtherProf \\ 
+%\myOtherProf \\
 %\mySupervisor
 %
 %\medskip