An abstraction-based decision procedure for bit-vector arithmetic

  • Randal E. Bryant
  • Daniel Kroening
  • Joël Ouaknine
  • Sanjit A. Seshia
  • Ofer Strichman
  • Bryan Brady
Special Section on TACAS07

Abstract

We present a new decision procedure for finite-precision bit-vector arithmetic with arbitrary bit-vector operations. Such decision procedures are essential components of verifications systems, whether the domain of interest is hardware, such as in word-level bounded model-checking of circuits, or software, where one must often reason about programs with finite-precision datatypes. Our procedure alternates between generating under- and over-approximations of the original bit-vector formula. An under-approximation is obtained by a translation to propositional logic in which some bit-vector variables are encoded with fewer Boolean variables than their width. If the under-approximation is unsatisfiable, we use the unsatisfiable core to derive an over-approximation based on the subset of predicates that participated in the proof of unsatisfiability. If this over- approximation is satisfiable, the satisfying assignment guides the refinement of the previous under-approximation by increasing, for some bit-vector variables, the number of Boolean variables that encode them. We present experimental results that suggest that this abstraction-based approach can be considerably more efficient than directly invoking the SAT solver on the original formula as well as other competing decision procedures.

Keywords

Bit-vector Decision-procedures 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Arons, T., Elster, E., Fix, L., Mador-Haim, S., Mishaeli, M., Shalev, J., Singerman, E., Tiemeyer, A., Vardi, M.Y., Zuck, L.D.: Formal verification of backward compatibility of microcode. In: Proceedings of the Computer-Aided Verification (CAV’05). LNCS, vol. 2404, pp. 185–198 (2005)Google Scholar
  2. 2.
    Babic, D., Spear, F.H.: Proceedings of the SAT 2007 competition (2007)Google Scholar
  3. 3.
    Babić, D., Musuvathi, M.: Modular Arithmetic Decision Procedure. Technical report, Microsoft Research, Redmond (2005)Google Scholar
  4. 4.
    Barrett, C.W., Dill, D.L., Levitt, J.R.: A decision procedure for bit-vector arithmetic. In: Proceedings of DAC’98, pp. 522–527. ACM Press, New York (1998)Google Scholar
  5. 5.
    Biere, A., Cimatti, A., Clarke, E., Yhu, Y.: Symbolic model checking without BDDs. In: TACAS, pp. 193–207 (1999)Google Scholar
  6. 6.
    Brinkmann, R., Drechsler, R.: RTL-datapath verification using integer linear programming. In: Proceedings of VLSI Design, pp. 741–746. IEEE (2002)Google Scholar
  7. 7.
    Bryant, R.E.: Term-Level Verification of a Pipelined CISC Microprocessor. Technical Report CMU-CS-05-195, Computer Science Department, Carnegie Mellon University (2005)Google Scholar
  8. 8.
    Bryant, R.E., Kroening, D., Ouaknine, J., Seshia, S.A., Strichman, O., Brady, B.A.: Deciding bit-vector arithmetic with abstraction. In: Grumberg, O., Huth, M. (eds.) 13th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’07), pp. 358–372 (2007)Google Scholar
  9. 9.
    Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., Engler, D.R.: EXE: automatically generating inputs of death. In: 13th ACM Conference on Computer and Communications Security (CCS ’06), pp. 322–335. ACM, New York (2006)Google Scholar
  10. 10.
    Clarke, E., Kroening, D.: Hardware verification using ANSI-C programs as a reference. In: Proceedings of ASP-DAC 2003, pp. 308–311. IEEE Computer Society Press, Washington (2003)Google Scholar
  11. 11.
    Cook, B., Kroening, D., Sharygina, N.: Cogent: accurate theorem proving for program verification. In: Proceedings of CAV 2005, pp. 296–300. Springer, Berlin (2005)Google Scholar
  12. 12.
    Cyrluk, D., Möller, M.O., Rueß, H.: An efficient decision procedure for the theory of fixed-sized bit-vectors. In: Computer-Aided Verification (CAV ’97), pp. 60–71 (1997)Google Scholar
  13. 13.
    Dutertre, B., de Moura, L.: The Yices SMT solver. Available at http://yices.csl.sri.com/tool-paper.pdf (2006)
  14. 14.
    Ganesh, V., Berezin, S., Dill, D.: A decision procedure for fixed-width bit-vectors. Technical Report, Computer Science Department, Stanford University (2005)Google Scholar
  15. 15.
    Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Computer Aided Verification (CAV ’07), Berlin, Germany, July 2007. Springer, Berlin (2007)Google Scholar
  16. 16.
    Gupta, A., Ganai, M., Yang, Z., Ashar, P.: Iterative abstraction using SAT-based BMC with proof analysis. In: ICCAD (2003)Google Scholar
  17. 17.
    Huang, C.-Y., Cheng, K.-T.: Assertion checking by combined word-level ATPG and modular arithmetic constraint-solving techniques. In: Proceedings of DAC, pp. 118–123 (2000)Google Scholar
  18. 18.
    Kroening, D., Ouaknine, J., Seshia, S., Strichman, O.: Abstraction-based satisfiability solving of Presburger arithmetic. In: Alur R., Peled D. (eds.) Proceedings of the 16th International Conference on Computer Aided Verification (CAV’04). LNCS, vol. 3114, pp. 308–320, Boston, MA, July 2004. Springer, Berlin (2004)Google Scholar
  19. 19.
    Lahiri, S., Mehra, K.: Interpolant Based Decision Procedure for Quantifier-Free Presburger Arithmetic. Technical Report 2005-121, Microsoft Research (2005)Google Scholar
  20. 20.
    McMillan, K., Amla, N.: Automatic abstraction without counterexamples. In: Garavel, H., Hatcliff, J. (eds.) TACAS’03. Lect. Notes in Comp. Sci., vol. 2619 (2003)Google Scholar
  21. 21.
  22. 22.
  23. 23.
    Parthasarathy, G., Iyer, M.K., Cheng, K.-T., Wang, L.-C.: An efficient finite-domain constraint solver for circuits. In: Design Automation Conference (DAC), pp. 212–217 (2004)Google Scholar
  24. 24.
    Tseitin, G.: On the complexity of proofs in poropositional logics. In: Siekmann, J., Wrightson, G. (eds.) Automation of Reasoning: Classical Papers in Computational Logic 1967–1970, volume 2. Springer-Verlag, 1983. Originally published 1970Google Scholar
  25. 25.
    UCLID verification system. http://www.cs.cmu.edu/~uclid
  26. 26.
    Wedler, M., Stoffel, D., Kunz, W.: Normalization at the arithmetic bit level. In: Proceedings of DAC, pp. 457–462. ACM Press, New York (2005)Google Scholar
  27. 27.
    Wisconsin Safety Analyzer Project. http://www.cs.wisc.edu/wisa
  28. 28.
    Xie, Y., Aiken, A.: Scalable error detection using Boolean satisfiability. In: Proceedings of the 32nd ACM Symposium on Principles of Programming Languages (POPL), pp. 351–363 (2005)Google Scholar
  29. 29.
    Zhang, L., Malik, S.: Extracting small unsatisfiable cores from unsatisfiable boolean formulas. In: In Sixth International Conference on Theory and Applications of Satisfiability Testing (SAT2003), S. Margherita Ligure (2003)Google Scholar

Copyright information

© Springer-Verlag 2009

Authors and Affiliations

  • Randal E. Bryant
    • 1
  • Daniel Kroening
    • 2
  • Joël Ouaknine
    • 2
  • Sanjit A. Seshia
    • 3
  • Ofer Strichman
    • 4
  • Bryan Brady
    • 3
  1. 1.Carnegie Mellon UniversityPittsburghUSA
  2. 2.Oxford University Computing LaboratoryOxfordUK
  3. 3.University of CaliforniaBerkeleyUSA
  4. 4.The TechnionHaifaIsrael

Personalised recommendations