SMT in Verification, Modeling, and Testing at Microsoft

  • Nikolaj Bjørner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7857)


The Satisfiability Modulo Theories (SMT) solver, Z3 [1], from Microsoft Research is a state-of-the art theorem prover that integrates specialized solvers for domains that are of relevance for program analysis, testing and verification. Z3 has been used within and outside of Microsoft for the past few years including the Windows 7 static driver verifier, the SAGE white-box fuzzer for finding security vulnerabilities, Pex, in a Verifying C Compiler, the Verve verified operating system kernel and the Dafny safe programming language. This talk delves into some of the more recent efforts around Z3, in particular using Z3 in a firewall analysis engine, and adventures in using Z3 for points-to analysis in JavaScript malware detection, and finally emerging support for reachability queries by solving Satisfiability Modulo Theories for Horn clauses.

Z3 is joint work with Leonardo de Moura and Christoph Wintersteiger.


  1. 1.
    de Moura, L., Bjørner, N.: Z3: An Efficient SMT Solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Nikolaj Bjørner
    • 1
  1. 1.Microsoft ResearchUSA

Personalised recommendations