(Sigh... I realized I have no good way to mark your assignments if we go with Z3 , as I don't have remote access to a high performance Windows box. So, this is probably the last year we're still stuck using CVC3. CVC3 was an amazing solver in its day, and it's still great in a lot of different ways: open source, supports almost all theories, etc. But it's performance is no longer competitive. I spent some time investigating CVC4 and OpenSMT , which are newer, faster, and also open source, but they don't support enough theories yet. Z3 is actually available in a Linux version, but that version is stripped-down for competition and doesn't give satisfying assignments. The full version is free for non-commercial use, but runs only under Windows, and there isn't enough Windows compute power generally available as a departmental resource. So, CVC3 for one more year... If you do a project using an SMT solver, though, you should definitely look at using a faster solver. You can always go to the SMT Competition website to see lists of solvers, the logics they support, and how they did in competition.)

Please email me your sorting program (in any convenient procedural language, or pseudo-code), your program for generating the CVC3 scripts (preferably in C, C++, Perl, etc. -- basically, anything that will run easily under Linux), your generated CVC3 scripts, and a brief description of what you thought of the assignment. (BTW, please send this to me as plain ASCII text. Not as a PDF, not as a Word file, etc. And please don't email me the binaries.)

OK, so what is the assignment? The goal of this assignment is to give you an understanding of how to write a symbolic execution engine to verify software with an SMT solver, but to save you (and me) the pain of writing a symbolic execution engine. Instead, you will:

• Write a small, specific program, namely a program to sort a small, fixed number of integers. This is just to give you a concrete program to verify, so you may write your sorting program in any reasonable, procedural language, or even in pseudo-code. Given that it's hard to determine when to terminate a while-loop when doing symbolic execution, I'll encourage you to use a sorting algorithm where termination occurs after a fixed amount of work (e.g., mergesort, or selection sort, or a hardware sorting network, or even two nested loops from 0 to n-1 walking through the array and swapping out-of-order neighbors, but not something like standard bubblesort, where you terminate when there are no out-of-order pairs to swap). Start small! Try 4 first. Or maybe even 2 or 3. Then increase this number. In the past, I don't think anyone successfully verified a program sorting more than 6 integers. Try to shoot for 8.
• Once you know what your little sorting program is, your goal is to create the SMT problem instance to verify that your program sorts. Note that you are not required to verify that the output is actually a permutation of the input (which is hard to specify), but just that the output is sorted. Conceptually, you are doing the same thing you did in Assignment 2, except that instead of a circuit, you have a program, and your output is an SMT instance, rather than a SAT instance.
• To do the above, you will most likely want to write a program to generate the output for you! (Again, as in Assignment 2, where the program you (and I) wrote generates the SAT instance, which you then give to the SAT solver.) However, unlike Assignment 2, you are NOT required to have your program parse and analyze your sorting program. Instead, you can use any kludgey hacky way of programming you'd like to generate the specific SMT instance for your specific sorting program. You can write this program in any language that you like (e.g., C, C++, Perl, etc.), as long as it runs easily on a standard Linux machine. (Note that it might be easier to write a simple parser to generate the CVC3 scripts, though. I leave that up to you.)
• Of course, you'll want to try out your output on a real SMT solver.

The SMT solver we'll use for this assignment is called CVC3 . This is a completely free, open-source SMT solver, written by some of the very well-established people in the SMT community. On the positive side, it provides a lot of features that look like a programming language, supports a wide variety of theories, and is still widely used. On the negative side, it's now one of the slowest solvers that are still used. If you plan to do a project involving SMT solving, you'll want to use one of the newer systems instead of CVC3.

You can download pre-built binaries (for Linux and Windows, too), from the CVC3 download page. You can also download source and build your own copy, if you'd like. I have a 64-bit Linux version on the departmental machines at /isd/users/software/cvc3-2.4.1-optimized-static/bin/cvc3 This will only run on departmental Linux machines. See this link for a list of servers available to you.

There's pretty good on-line documentation , in particular, the user manual is a must-read. Before you start the assignment itself, you'll probably want to play with the solver a bit. Be sure to use the +interactive option when you run interactively:
/isd/users/software/cvc3-2.4.1-optimized-static/bin/cvc3 +interactive
You can do things like ask whether 1 plus 1 equals 2:
QUERY (1 + 1 = 2);
or try:
a, b, c: INT;
ASSERT (a < b);
ASSERT (b < c);
QUERY (a < c);
QUERY (c <= a);


Here's an example in pseudo-C that sorts three integers. . (You may want to use an array for more data entries, instead of separately named variables as I did here.) And here's an example of a CVC3 script that would be appropriate for that example. You'll probably want to play with this example a bit, to get used to the syntax, and CVC3, before you start writing your code.

That's it! I hope this is fun!

By the way, I have always intended to make this assignment just like Assignment 2, where you (or actually, I) would write a symbolic execution engine for a simple programming language, and this would generate queries to the SMT solver. Then, I would give you a sorting program written in that simple programming language, and you'd use the symbolic execution engine to generate SMT queries, and solve them with the SMT solver. However, this would require me to make up a simple programming language and write up a parser and interpreter for it, and I keep running out of time. Fortunately, each time I have used this assignment, student feedback has actually been quite positive. Furthermore, using scripts to generate inputs to other programs is actually a common and useful way to tackle problems, so it's fun to give that a go, too. I'll appreciate your feedback on whether you think I should make the time to do the assignment more like Assignment 2 in future years.