SlideShare a Scribd company logo

Fuzzing and Verifying RAT Refutations with Deletion Information

T
Tobias Philipp

This paper proposes a technique called fuzzing to automatically generate random DRAT refutations and check them against SAT solvers and verified checkers in order to find bugs. The technique found bugs in two existing DRAT checkers, drat-trim and proofcheck, showing they incorrectly reject or accept certain refutations. The paper's contributions are a fuzzing technique to find bugs in DRAT checkers, discovering specific bugs in two checkers, and developing a verified checker in Coq that is complete.

Technology
1 of 1
Download to read offline
1
Fuzzing and Verifying RAT Refutations with Deletion Information Walter Forkel, Tobias Philipp, Adri´an Rebola-Pardo, Elias Werner Introduction SAT solvers are common tools in the industry Unfortunately, SAT solvers contain bugs DRAT format is the de facto standard for emitting unsatisfiable proofs F SAT solver SAT UNSAT, P checker Single Point of Failure Are there any unknown bugs in the checker ? Background Tautological clause: clause containing A and ¬A for some variable A Resolvent of C, D with A ∈ C and ¬A ∈ D is (C {A}) ∪ (D {¬A}) Asymmetric Tautology (AT) Asymmetric Literal Addition (ALA): alaF (C) = C ∪ {L | L1, ..., Ln, L ∈ F and Li ∈ C for all 1 ≤ i ≤ n} C is an AT wrt F if there is n ∈ N such that alaF (C) ↑ n is a tautology Resolution Asymmetric Tautology (RAT) C is a RAT upon literal L wrt the formula F if 1. C is an AT wrt the formula F, or 2. L ∈ C, and all resolvents of C with any D ∈ F upon L are AT wrt F DRAT Refutation Finite sequence of addition and deletion instructions to the empty clause Each added clause is a RAT wrt the preceding clauses Our Approach: Fuzzing DRAT Refutations and Check Against a Fully Mechanically Verified Checker 1 2 3 4 5 random formula generation SAT solver checkers classify P Verified Checker in Coq modifier checkers classify P Verified Checker in Coq F unsatisfiable proof P F satisfiable F all accept P inconsistent P inconsistent all reject P Example F = {p, q} {p, q} {p, q} {p, q} P = a {¬r} RAT upon ¬r a {r, p} AT a {r} AT d {p, q} deletion d {¬p, q} deletion d {p, ¬q} deletion d {¬p, ¬q} deletion d {} AT drat-trim and drat-fc classify P as accepted add r to the first clause P = a {¬r, r} RAT upon ¬r a {r, p} AT a {r} AT d {p, q} deletion d {¬p, q} deletion d {p, ¬q} deletion d {¬p, ¬q} deletion d {} AT drat-trim rejects P drat-fc accepts P Our verified checker also accepts P Found a bug in drat-trim Results Formulas: 2900 clauses, 800 variables on average Resulting proofs: 2100 steps on average drat-trim rejects DRAT refutations containing tautological clauses proofcheck rejects DRAT refutations in which unit clauses are deleted DRAT emission procedure in the SAT solver minisat constructs unexpected DRAT refutations of the form (a {})(d C)(a {}) Conclusion DRAT checkers proofcheck and drat-trim contain bugs New fuzzing technique that automatically finds bugs in checkers Our verified DRAT checker is complete Future Work: adapt the checker and fuzzing procedure to other proof formats Code available at github.com/drat-tools Acknowledgement: This work was supported by RiSE, LogiCS and WWTF grant VRG11-005 FLAIRS 30

More Related Content

PPTX
Compiler: Syntax Analysis
Dr. Jaydeep Patil
 
PPT
Ll(1) Parser in Compilers
Mahbubur Rahman
 
DOC
Pcd(Mca)
guestf07b62f
 
PPTX
MSc_thesis
Nokib Uddin
 
PPT
Propositional logic for Beginners
kianryan
 
PPTX
First and follow set
Dawood Faheem Abbasi
 
PPTX
Lecture 07 08 syntax analysis-4
Iffat Anjum
 
PPT
Lecture 05 syntax analysis 2
Iffat Anjum
 
Compiler: Syntax Analysis
Dr. Jaydeep Patil
 
Ll(1) Parser in Compilers
Mahbubur Rahman
 
Pcd(Mca)
guestf07b62f
 
MSc_thesis
Nokib Uddin
 
Propositional logic for Beginners
kianryan
 
First and follow set
Dawood Faheem Abbasi
 
Lecture 07 08 syntax analysis-4
Iffat Anjum
 
Lecture 05 syntax analysis 2
Iffat Anjum
 

What's hot (20)

PPTX
LL(1) parsing
KHYATI PATEL
 
PPT
Chapter Five(2)
bolovv
 
PDF
Time series forecasting with ARIMA
Yury Kashnitsky
 
PPT
Ch4a
kinnarshah8888
 
PPTX
Push down automata
Ratnakar Mikkili
 
PPT
Ch4b
kinnarshah8888
 
PPTX
Complete and Interpretable Conformance Checking of Business Processes
Marlon Dumas
 
PPSX
ω Automaton
Abdul Haseeb
 
PPTX
Incremental and Interactive Process Model Repair
Marlon Dumas
 
PPTX
Context free grammar
Ratnakar Mikkili
 
PDF
Topdown parsing
Royalzig Luxury Furniture
 
PPTX
Simplification of cfg ppt
Shiela Rani
 
PDF
Linear logic (and Linear Lisp)
Sosuke MORIGUCHI
 
PPTX
PUSH DOWN AUTOMATA VS TURING MACHINE
Abhishek Shivhare
 
PPT
Lecture 03 lexical analysis
Iffat Anjum
 
PPTX
Finite Automata: Deterministic And Non-deterministic Finite Automaton (DFA)
Mohammad Ilyas Malik
 
PDF
Generazione Automatica di Test - S. Vuotto (Università di Sassari)
Sardegna Ricerche
 
PPTX
Push down automata
Somya Bagai
 
PPTX
push down automata
Christopher Chizoba
 
PPTX
Polish Notation In Data Structure
Meghaj Mallick
 
LL(1) parsing
KHYATI PATEL
 
Chapter Five(2)
bolovv
 
Time series forecasting with ARIMA
Yury Kashnitsky
 
Ch4a
kinnarshah8888
 
Push down automata
Ratnakar Mikkili
 
Ch4b
kinnarshah8888
 
Complete and Interpretable Conformance Checking of Business Processes
Marlon Dumas
 
ω Automaton
Abdul Haseeb
 
Incremental and Interactive Process Model Repair
Marlon Dumas
 
Context free grammar
Ratnakar Mikkili
 
Topdown parsing
Royalzig Luxury Furniture
 
Simplification of cfg ppt
Shiela Rani
 
Linear logic (and Linear Lisp)
Sosuke MORIGUCHI
 
PUSH DOWN AUTOMATA VS TURING MACHINE
Abhishek Shivhare
 
Lecture 03 lexical analysis
Iffat Anjum
 
Finite Automata: Deterministic And Non-deterministic Finite Automaton (DFA)
Mohammad Ilyas Malik
 
Generazione Automatica di Test - S. Vuotto (Università di Sassari)
Sardegna Ricerche
 
Push down automata
Somya Bagai
 
push down automata
Christopher Chizoba
 
Polish Notation In Data Structure
Meghaj Mallick
 
Ad

Similar to Fuzzing and Verifying RAT Refutations with Deletion Information (11)

PDF
Cerutti -- TAFA2013
Federico Cerutti
 
PPT
Arima model (time series)
Kumar P
 
PDF
TMPA-2017: The Quest for Average Response Time
Iosif Itkin
 
PPTX
Presentation1
emitche6
 
DOCX
Discrete mathematics
M.Saber
 
PDF
Consistency proof of a feasible arithmetic inside a bounded arithmetic
Yamagata Yoriyuki
 
PPT
Logic
Loida Silao
 
PDF
Arima
Nuriye Sancar
 
PDF
A SCC Recursive Meta-Algorithm for Computing Preferred Labellings in Abstract...
Federico Cerutti
 
DOCX
Logic worksheet
AlejandroBuhia
 
PPT
4. symbolic logic
Nur Agustinus
 
Cerutti -- TAFA2013
Federico Cerutti
 
Arima model (time series)
Kumar P
 
TMPA-2017: The Quest for Average Response Time
Iosif Itkin
 
Presentation1
emitche6
 
Discrete mathematics
M.Saber
 
Consistency proof of a feasible arithmetic inside a bounded arithmetic
Yamagata Yoriyuki
 
Logic
Loida Silao
 
Arima
Nuriye Sancar
 
A SCC Recursive Meta-Algorithm for Computing Preferred Labellings in Abstract...
Federico Cerutti
 
Logic worksheet
AlejandroBuhia
 
4. symbolic logic
Nur Agustinus
 
Ad

More from Tobias Philipp (9)

PDF
An Expressive Model for Instance Decomposition Based Parallel SAT Solvers
Tobias Philipp
 
PDF
Unsatisfiability Proofs for Parallel SAT Solver Portfolios with Clause Sharin...
Tobias Philipp
 
PDF
A Verified Decision Procedure for Pseudo-Boolean Formulas
Tobias Philipp
 
PDF
PBLib - A Library for Encoding Pseudo-Boolean Constraints into CNF
Tobias Philipp
 
PDF
The Complexity of Contextual Abduction in Human Reasoning Tasks
Tobias Philipp
 
PDF
Checking Unsatisfiability Proofs in Parallel
Tobias Philipp
 
PDF
Anwendungen der Logik in der IT-Sicherheit
Tobias Philipp
 
PDF
Formal Verification with Ada/SPARK
Tobias Philipp
 
PDF
Formale Verifikation von Answer Set Programming
Tobias Philipp
 
An Expressive Model for Instance Decomposition Based Parallel SAT Solvers
Tobias Philipp
 
Unsatisfiability Proofs for Parallel SAT Solver Portfolios with Clause Sharin...
Tobias Philipp
 
A Verified Decision Procedure for Pseudo-Boolean Formulas
Tobias Philipp
 
PBLib - A Library for Encoding Pseudo-Boolean Constraints into CNF
Tobias Philipp
 
The Complexity of Contextual Abduction in Human Reasoning Tasks
Tobias Philipp
 
Checking Unsatisfiability Proofs in Parallel
Tobias Philipp
 
Anwendungen der Logik in der IT-Sicherheit
Tobias Philipp
 
Formal Verification with Ada/SPARK
Tobias Philipp
 
Formale Verifikation von Answer Set Programming
Tobias Philipp
 

Recently uploaded (20)

PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Approach and Philosophy of On baking technology
30anthuong17
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Cloud computing and distributed systems.
kkkkkhan
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Encapsulation theory and applications.pdf
gurumoop
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 

Fuzzing and Verifying RAT Refutations with Deletion Information

  • 1. Fuzzing and Verifying RAT Refutations with Deletion Information Walter Forkel, Tobias Philipp, Adri´an Rebola-Pardo, Elias Werner Introduction SAT solvers are common tools in the industry Unfortunately, SAT solvers contain bugs DRAT format is the de facto standard for emitting unsatisfiable proofs F SAT solver SAT UNSAT, P checker Single Point of Failure Are there any unknown bugs in the checker ? Background Tautological clause: clause containing A and ¬A for some variable A Resolvent of C, D with A ∈ C and ¬A ∈ D is (C {A}) ∪ (D {¬A}) Asymmetric Tautology (AT) Asymmetric Literal Addition (ALA): alaF (C) = C ∪ {L | L1, ..., Ln, L ∈ F and Li ∈ C for all 1 ≤ i ≤ n} C is an AT wrt F if there is n ∈ N such that alaF (C) ↑ n is a tautology Resolution Asymmetric Tautology (RAT) C is a RAT upon literal L wrt the formula F if 1. C is an AT wrt the formula F, or 2. L ∈ C, and all resolvents of C with any D ∈ F upon L are AT wrt F DRAT Refutation Finite sequence of addition and deletion instructions to the empty clause Each added clause is a RAT wrt the preceding clauses Our Approach: Fuzzing DRAT Refutations and Check Against a Fully Mechanically Verified Checker 1 2 3 4 5 random formula generation SAT solver checkers classify P Verified Checker in Coq modifier checkers classify P Verified Checker in Coq F unsatisfiable proof P F satisfiable F all accept P inconsistent P inconsistent all reject P Example F = {p, q} {p, q} {p, q} {p, q} P = a {¬r} RAT upon ¬r a {r, p} AT a {r} AT d {p, q} deletion d {¬p, q} deletion d {p, ¬q} deletion d {¬p, ¬q} deletion d {} AT drat-trim and drat-fc classify P as accepted add r to the first clause P = a {¬r, r} RAT upon ¬r a {r, p} AT a {r} AT d {p, q} deletion d {¬p, q} deletion d {p, ¬q} deletion d {¬p, ¬q} deletion d {} AT drat-trim rejects P drat-fc accepts P Our verified checker also accepts P Found a bug in drat-trim Results Formulas: 2900 clauses, 800 variables on average Resulting proofs: 2100 steps on average drat-trim rejects DRAT refutations containing tautological clauses proofcheck rejects DRAT refutations in which unit clauses are deleted DRAT emission procedure in the SAT solver minisat constructs unexpected DRAT refutations of the form (a {})(d C)(a {}) Conclusion DRAT checkers proofcheck and drat-trim contain bugs New fuzzing technique that automatically finds bugs in checkers Our verified DRAT checker is complete Future Work: adapt the checker and fuzzing procedure to other proof formats Code available at github.com/drat-tools Acknowledgement: This work was supported by RiSE, LogiCS and WWTF grant VRG11-005 FLAIRS 30