Deciding Bit-Vector Arithmetic with Abstraction

  • Randal E. Bryant
  • Daniel Kroening
  • Joël Ouaknine
  • Sanjit A. Seshia
  • Ofer Strichman
  • Bryan Brady
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4424)

Abstract

We present a new decision procedure for finite-precision bit-vector arithmetic with arbitrary bit-vector operations. Our procedure alternates between generating under- and over-approximations of the original bit-vector formula. An under-approximation is obtained by a translation to propositional logic in which some bit-vector variables are encoded with fewer Boolean variables than their width. If the under-approximation is unsatisfiable, we use the unsatisfiable core to derive an over-approximation based on the subset of predicates that participated in the proof of unsatisfiability. If this over-approximation is satisfiable, the satisfying assignment guides the refinement of the previous under-approximation by increasing, for some bit-vector variables, the number of Boolean variables that encode them. We present experimental results that suggest that this abstraction-based approach can be considerably more efficient than directly invoking the SAT solver on the original formula as well as other competing decision procedures.

References

  1. 1.
    Clarke, E., et al.: Symbolic Model Checking without BDDs. In: Cleaveland, W.R. (ed.) ETAPS 1999 and TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999)Google Scholar
  2. 2.
    Clarke, E., Kroening, D.: Hardware verification using ANSI-C programs as a reference. In: Proceedings of ASP-DAC 2003, pp. 308–311. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  3. 3.
    Xie, Y., Aiken, A.: Scalable error detection using Boolean satisfiability. In: Proc. 32nd ACM Symposium on Principles of Programming Languages (POPL), pp. 351–363 (2005)Google Scholar
  4. 4.
    Vardi, M.Y., et al.: Formal Verification of Backward Compatibility of Microcode. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 185–198. Springer, Heidelberg (2005)Google Scholar
  5. 5.
    Kroening, D., et al.: Abstraction-based satisfiability solving of Presburger arithmetic. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 308–320. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    McMillan, K., Amla, N.: Automatic abstraction without counterexamples. In: Garavel, H., Hatcliff, J. (eds.) ETAPS 2003 and TACAS 2003. LNCS, vol. 2619, pp. 2–17. Springer, Heidelberg (2003)Google Scholar
  7. 7.
    Cook, B., Kroening, D., Sharygina, N.: Cogent: Accurate theorem proving for program verification. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 296–300. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Berezin, S., Ganesh, V., Dill, D.: A decision procedure for fixed-width bit-vectors. Technical report, Computer Science Department, Stanford University (2005)Google Scholar
  9. 9.
    Wedler, M., Stoffel, D., Kunz, W.: Normalization at the arithmetic bit level. In: Proc. DAC, pp. 457–462. ACM Press, New York (2005)Google Scholar
  10. 10.
    Cadar, C., et al.: EXE: Automatically generating inputs of death. In: 13th ACM Conference on Computer and Communications Security (CCS ’06), pp. 322–335. ACM, New York (2006)CrossRefGoogle Scholar
  11. 11.
    Dutertre, B., de Moura, L.: The Yices SMT solver (2006), Available at http://yices.csl.sri.com/tool-paper.pdf
  12. 12.
    Cyrluk, D., Möller, M.O., Rueß, H.: An efficient decision procedure for the theory of fixed-sized bit-vectors. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 60–71. Springer, Heidelberg (1997)Google Scholar
  13. 13.
    Barrett, C.W., Dill, D.L., Levitt, J.R.: A decision procedure for bit-vector arithmetic. In: Proceedings of DAC’98, pp. 522–527. ACM Press, New York (1998)Google Scholar
  14. 14.
    Babić, D., Musuvathi, M.: Modular Arithmetic Decision Procedure. Technical report, Microsoft Research, Redmond (2005)Google Scholar
  15. 15.
    Brinkmann, R., Drechsler, R.: RTL-datapath verification using integer linear programming. In: Proceedings of VLSI Design, pp. 741–746 (2002)Google Scholar
  16. 16.
    Parthasarathy, G., et al.: An efficient finite-domain constraint solver for circuits. In: Design Automation Conference (DAC), pp. 212–217 (2004)Google Scholar
  17. 17.
    Huang, C.Y., Cheng, K.T.: Assertion checking by combined word-level ATPG and modular arithmetic constraint-solving techniques. In: Proc. DAC, pp. 118–123 (2000)Google Scholar
  18. 18.
    Gupta, A., et al.: Iterative abstraction using SAT-based BMC with proof analysis. In: ICCAD (2003)Google Scholar
  19. 19.
    Lahiri, S., Mehra, K.: Interpolant based decision procedure for quantifier-free Presburger arithmetic. Technical Report 2005-121, Microsoft Research (2005)Google Scholar
  20. 20.
    Tseitin, G.: On the complexity of proofs in poropositional logics. In: Siekmann, J., Wrightson, G. (eds.) Automation of Reasoning: Classical Papers in Computational Logic 1967–1970, vol. 2 (Originally published 1970). Springer, Heidelberg (1983)Google Scholar
  21. 21.
  22. 22.
  23. 23.
    Zhang, L., Malik, S.: Extracting small unsatisfiable cores from unsatisfiable Boolean formulas. In: Proceedings of SAT 03 (2003)Google Scholar
  24. 24.
    UCLID verification system: http://www.cs.cmu.edu/~uclid
  25. 25.
  26. 26.
    Bryant, R.E.: Term-level verification of a pipelined CISC microprocessor. Technical Report CMU-CS-05-195, Computer Science Department, Carnegie Mellon University (2005)Google Scholar
  27. 27.
    Wisconsin Safety Analyzer Project: http://www.cs.wisc.edu/wisa

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Randal E. Bryant
    • 1
  • Daniel Kroening
    • 2
  • Joël Ouaknine
    • 3
  • Sanjit A. Seshia
    • 4
  • Ofer Strichman
    • 5
  • Bryan Brady
    • 4
  1. 1.Carnegie Mellon University, Pittsburgh 
  2. 2.ETH Zürich 
  3. 3.Oxford University Computing Laboratory 
  4. 4.University of California, Berkeley 
  5. 5.The Technion, Haifa 

Personalised recommendations