Abstract
Recent experiments have shown that satisfiability of a quantified bitvector formula coming from practical applications almost never changes after reducing all bitwidths in the formula to a small number of bits. This paper proposes a novel technique based on this observation. Roughly speaking, a given quantified bitvector formula is reduced and sent to a solver, an obtained model is then extended to the original bitwidths and verified against the original formula. We also present an experimental evaluation demonstrating that this technique can significantly improve the performance of stateoftheart smt solvers Boolector, CVC4, and Q3B on quantified bitvector formulas from the smtlib repository.
J. Strejček has been supported by the Czech Science Foundation grant GA1802177S.
Download conference paper PDF
1 Introduction
We have recently studied the influence of bitwidth changes on satisfiability of quantified bitvector formulas from the smtlib repository. The experiments showed that satisfiability is surprisingly stable under these changes [7]. For example, more than 95% of the considered formulas keep the same satisfiability status after changing the bitwidths of all variables and constants to an arbitrary value between 1 and the original bitwidth. Indeed, all these stable formulas have the same satisfiability status even if we replace every bitvector constant and variable by its leastsignificant bit and thus transform the formula into a quantified Boolean formula. Moreover, the percentage of stable formulas increased well over 99% if all bitwidths are reduced to any value between 4 and the original bitwidth.
The experiments also confirm natural expectation that a formula with smaller bitwidths can be often solved considerably faster than the formula with the same structure but with larger bitwidths. For example, solving the formula
takes Boolector [11] several minutes on a standard desktop machine when the variables x, y, z and the constant 0 have the bitwidth 32, but it is solved instantly when the bitwidth is 2.
This paper presents a new technique for deciding satisfiability of quantified bitvector formulas that builds on the two mentioned observations: satisfiability status of these formulas is usually stable under bitwidth reduction and formulas with reduced bitwidths can be often solved faster. Intuitively, the technique consists of the following steps:

1.
Reduce bitwidths of variables and constants in the input formula to a smaller bitwidth.

2.
Decide satisfiability of the reduced formula using a standard decision procedure. If the reduced formula is satisfiable, obtain its model. If it is unsatisfiable, obtain its countermodel (i.e., a reason for unsatisfiability).

3.
Extend the model or the countermodel to the original bitwidths. For example, a model of the formula \(\varphi \) defined above reduced to bitwidths 2 has the form \(z^{[2]}=y^{[2]}\), where the superscripts denote bitwidths of the corresponding variables. After extension to the original bitwidth, we get \(z^{[32]}=y^{[32]}\).

4.
Check whether the extended (counter)model is also a (counter)model of the original formula. If the extended model is a model of the original formula, then the formula is satisfiable. If the extended countermodel is a countermodel of the original formula, then the formula unsatisfiable. In the remaining cases, we increase the bitwidths in the reduced formula and repeat the process.
The technique has some similarities with the approximation framework of Zeljić et al. [12], which also reduces the precision of a given formula, computes a model of the reduced formula, and checks if it is a model of the original formula. However, the framework considers only quantifierfree formulas (and hence models are just elements of the considered domains, while they are interpretations of Skolem functions in our setting) and it does not work with countermodels (it processes unsat cores of reduced formulas instead).
The detailed description of formula reduction and (counter)model extension is given in Sect. 3, preceded by Sect. 2 that recalls all necessary background and notation. The algorithm is precisely formulated in Sect. 4. Section 5 presents our proofofconcept implementation and it discusses many practical aspects: how to get a counterexample, what to do with an incomplete model etc. Experimental evaluation of the technique can be found in Sect. 6. It clearly shows that the presented technique can improve performance of considered stateoftheart solvers for quantified bitvector formulas, namely Boolector [11], CVC4 [1], and Q3B [9], on both satisfiable and unsatisfiable formulas from various subcategories of the relevant smtlib category BV.
2 Preliminaries
This section briefly recalls the used logical notions and the theory of fixed sized bitvectors (BV or bitvector theory for short). In the description, we assume familiarity with standard definitions of a manysorted logic, wellsorted terms, atomic formulas, and formulas. To simplify the presentation, we suppose that all formulas are in the negation normal form. That is, all formulas use only logical connectives disjunction, conjunction, and negation and the arguments of all negations are atomic formulas. We suppose that sets of all free and all bound variables in the formula are disjoint and that each variable is quantified at most once.
The bitvector theory is a manysorted firstorder theory with infinitely many sorts denoted [n], where n is a positive integer. Each sort [n] is interpreted as the set of all bitvectors of length n, which is also called their bitwidth. We denote the set of all bitvectors of bitwidth n as \(\mathcal {BV}_n\) and variables of sort [n] as \({x}^{[n]}\), \({y}^{[n]}\), etc. The BV theory uses only three predicate symbols, namely equality (\(=\)), unsigned inequality of binaryencoded natural numbers (\(\le _u\)), and signed inequality of integers in two’s complement representation (\(\le _s\)). The theory also contains various interpreted function symbols. Many of them represent binary operations that produce a bitvector of the same bitwidth as its two arguments. This is the case of addition (\(+\)), multiplication (\(\cdot \)), bitwise and (&), bitwise or (), bitwise exclusive or (\(\oplus \)), leftshift (\(\ll \)), and rightshift (\(\gg \)). The theory further contains function symbols for two’s complement negation (−), concatenation (\(\texttt {concat}\)), zero extension extending the argument with n mostsignificant zero bits (zeroExt\(_n\)), sign extension extending the argument with n copies of the sign bit (\(\texttt {signExt}_n\)), and extraction of bits delimited by positions u and l (including bits at these positions) from the argument, where position 0 refers to the leastsignificant bit and \(u\ge l\) (\(\texttt {extract}^{u}_{l}\)). The signature of BV theory also contains numerals for constants \({m}^{[n]}\) for each bitwidth \(n>0\) and each number \(0 \le m \le 2^n  1\). Each term t has an associated bitwidth, which is denoted as \(\mathrm {bw}(t)\). The precise definition of the manysorted logic can be found for example in Barrett et al. [3]. The precise description of bitvector theory can be found for example in the paper describing complexity of quantified bitvector theory by Kovásznai et al. [10].
A signature \(\varSigma \) is a set of uninterpreted function symbols, which is disjoint with the set of all interpreted bitvector function and predicate symbols. Each function symbol \(f\in \varSigma \) has an associated arity \(k \in \mathbb {N}_0\) and a sort \((n_1, n_2, \ldots , n_k, n) \in \mathbb {N}^{k+1}\), where the numbers \(n_i\) represent bitwidths of the arguments of f and n represents the bitwidth of its result. A \(\varSigma \)structure \(\mathcal {M}\) maps each uninterpreted function f of the sort \((n_1,n_2, \ldots , n_k, n)\) to a function of the type \(\mathcal {BV}_{n_1} \times \mathcal {BV}_{n_2} \times \ldots \times \mathcal {BV}_{n_k} \rightarrow \mathcal {BV}_{n}\), and each variable \({x}^{[n]}\) to a bitvector value in \(\mathcal {BV}_{n}\).
For a \(\varSigma \)structure \(\mathcal {M}\), we define the evaluation function \(\llbracket {\_} \rrbracket _\mathcal {M}\), which assigns to each term t the bitvector \(\llbracket {t} \rrbracket _\mathcal {M}\) obtained by (i) substituting each variable x in t by its value \(\mathcal {M}(x)\) given by \(\mathcal {M}\) and (ii) evaluating all interpreted functions and predicates using their given semantics and all uninterpreted functions using their interpretations given by \(\mathcal {M}(f)\). Similarly, the function \(\llbracket {\_} \rrbracket _\mathcal {M}\) assigns to each formula \(\varphi \) the Boolean value \(\llbracket \varphi \rrbracket _\mathcal {M}\) obtained by substituting free variables in \(\varphi \) by values given by \(\mathcal {M}\) and evaluating all functions, predicates, logical operators etc. according to \(\mathcal {M}\) and the standard semantics. A formula \(\varphi \) is satisfiable if \(\llbracket \varphi \rrbracket _\mathcal {M}= \top \) for some \(\varSigma \)structure \(\mathcal {M}\); it is unsatisfiable otherwise. A \(\varSigma \)structure \(\mathcal {M}\) is called a model of \(\varphi \) whenever \(\llbracket \varphi \rrbracket _\mathcal {M}= \top \).
The Skolemization of a formula \(\varphi \), denoted \( skolemize (\varphi )\), is a formula that is obtained from \(\varphi \) by replacing each existentially quantified variable \({x}^{[n]}\) in \(\varphi \) by a fresh uninterpreted function symbol \(f_{{x}^{[n]}}\) that has as arguments all variables that are universally quantified above \({x}^{[n]}\) in the syntactic tree of the formula \(\varphi \). Skolemization preserves the satisfiability of the input formula \(\varphi \) [6].
For a satisfiable formula \(\varphi \) without uninterpreted functions, a model \(\mathcal {M}\) of \( skolemize (\varphi )\) assigns a bitvector \(\mathcal {M}({y}^{[m]}) \in \mathcal {BV}_{m}\) to each free variable \({y}^{[m]}\) in \(\varphi \), and a function \(\mathcal {M}(f_{{x}^{[n]}})\) to each Skolem function \(f_{{x}^{[n]}}\), which corresponds to an existentially quantified variable \({x}^{[n]}\) in the formula \(\varphi \). The functions \(\mathcal {M}(f_{{x}^{[n]}})\) may be arbitrary functions (of the corresponding type) in the mathematical sense. To be able to work with the model, we use the notion of a symbolic model, in which the functions \(\mathcal {M}(f_{{x}^{[n]}})\) are represented symbolically by terms. Namely, \(\mathcal {M}(f_{{x}^{[n]}})\) is a bitvector term of bitwidth n whose free variables may be only the variables that are universally quantified above \({x}^{[n]}\) in the original formula \(\varphi \). In the further text, we treat the symbolic models as if they assign a term not to the corresponding Skolem function \(f_{{x}^{[n]}}\), but directly to the existentially quantified variable \({x}^{[n]}\). For example, the formula
from the introduction has a symbolic model \(\{ {z}^{[32]} \mapsto {y}^{[32]} \}\).
For a sentence \(\varphi \), the dual notion to the symbolic model is a symbolic countermodel. The symbolic countermodel of a sentence \(\varphi \) is a symbolic model of the negation normal form of \(\lnot \varphi \), i.e., a \(\varSigma \)structure \(\mathcal {M}\) that assigns to each universally quantified variable \({x}^{[n]}\) in \(\varphi \) a term of bitwidth n whose free variables may be only the existentially quantified variables that are quantified above \({x}^{[n]}\) in the original formula \(\varphi \).
We can define substitution of a symbolic (counter)model into a given formula. We define this notion more generally to allow substitution of an arbitrary assignment that assigns terms to variables of the formula. For each such assignment \(\mathcal {A}\) and a formula \(\varphi \), we denote as \(\mathcal {A}(\varphi )\) the result of simultaneous substitution of the term \(\mathcal {A}({x}^{[n]})\) for each variable \({x}^{[n]}\) in the domain of \(\mathcal {A}\) and removing all quantifications of the substituted variables. For example, the value of
for \(\mathcal {A}= \{ {z}^{[32]} \mapsto {y}^{[32]} \}\) is \(\forall {x}^{[32]} \forall {y}^{[32]}~({x}^{[32]}\cdot ({y}^{[32]}+({y}^{[32]}))={0}^{[32]})\).
3 Formula Reduction and Model Extension
This section describes the basic building blocks of our new technique, namely reduction of bitwidths in a given formula and extension of bitwidths in a given model or countermodel.
3.1 Reduction of BitWidths in Formulas
The goal of the reduction procedure is to reduce the bitwidths of all variables and constants in a given formula so that they do not exceed a given bitwidth. In fact, we reduce bitwidths of all terms in the formula in order to keep the formula type consistent. A similar reduction is defined in our previous paper [7], but only for a simpler fragment of the considered logic.
As the first step, we inductively define a function \( rt \) that takes a term and a bitwidth \(bw\in \mathbb {N}\) and reduces all subterms of the term. The function always cuts off all mostsignificant bits above the given bitwidth bw. As the base case, we define the reduction on constants and variables.
Further, let \(\circ \) range over the set \( \{ +, \cdot , \& , , \oplus , \ll , \gg \}\) of binary functions that produce results of the same bitwidth as the bitwidth of their arguments. To reduce a term \(t_1\circ t_2\), we just need to reduce the arguments.
The most interesting cases are the functions that change bitwidths. As the first case, let \( ext _n\) be a function that extends its argument with n mostsignificant zero bits (\(\texttt {zeroExt}_n\)) or with n copies of the sign bit (\(\texttt {signExt}_n\)). A term \( ext _n(t)\) where t has bw or more bits is reduced just to \( rt (t, bw)\). Indeed, the function \( ext _n\) is completely removed as the bits it would add exceed the maximal bitwidth. When t has less than bw bits, we apply the extension function but we decrement its parameter if the bitwidth of the resulting term should exceed bw. Moreover, we also apply the reduction function to t to guarantee that bitwidths of its subterms do not exceed bw.
As the second case, consider a term \(\texttt {extract}^{u}_{l}(t)\) that represents bits of t between positions u and l (including these positions). The reduction is defined by one of the following three subcases according to the relation of bw and positions u and l. Recall that \(u\ge l\), the bitwidth of the original term is \(ul+1\), and it has to be reduced to \(m=\min (ul+1,bw)\).

If both u and l point to some of the bw leastsignificant bits of t (i.e., \(bw>u\)), the positions u and l of \( rt (t, bw)\) are defined, and so we just reduce the argument t and do not change the parameters of \(\texttt {extract}\).

If l points to some of the bw leastsignificant bits of t but u does not (i.e., \(u\ge bw>l\)), we reduce the argument t, extract its mostsignificant bits up to the position l, and extend the result with mostsignificant zero bits such that the bitwidth of the result is m. These additional zero bits correspond to the positions that should be extracted, but are not present in the term \( rt (t, bw)\).

If both positions u and l point outside the bw leastsignificant bits of t (i.e., \(l\ge bw\)), we replace the term with the bitvector of zeroes of the length m.
In the following formal definition, we denote by o the bitwidth of term t after reduction, i.e., \(o=\mathrm {bw}( rt (t, bw))=\min (\mathrm {bw}(t),bw)\).
where \( ext \in \{ \texttt {signExt}, \texttt {zeroExt} \}\) can be chosen during the implementation.
Finally, reduction of a term \(\texttt {concat}(t_1,t_2)\) representing concatenation of \(t_1\) and \(t_2\) is given by one of the following two cases. Note that the reduced term should have the size \(m=\min (\mathrm {bw}(t_1)+\mathrm {bw}(t_2),bw)\). If \(\mathrm {bw}(t_2)\ge bw\), the term is reduced to \( rt (t_2, bw)\) as the bits of \(t_1\) exceed the desired maximal bitwidth. In the opposite case, we reduce both \(t_1\) and \(t_2\) and create the term containing all the bits of the reduced term \(t_2\) preceded by \(m\mathrm {bw}(t_2)\) leastsignificant bits of the reduced term \(t_1\).
Now we define a function \( rf \) that reduces the maximal bitwidths of all terms in a given formula to a given value bw. The function is again defined inductively using the function \( rt \) in the base case to reduce arguments of predicate symbols. The rest of the definition is straightforward.
3.2 Extending BitWidths of Symbolic Models
If a reduced formula is satisfiable and its symbolic model \(\mathcal {M}\) is obtained, it cannot be directly substituted into the original formula. It first needs to be extended to the original bitwidths. Intuitively, for each result \(\mathcal {M}(x) = t\), where the original bitwidth of the variable x is n, we

1.
increase bitwidths of all variables in t to match the bitwidths in the original formula \(\varphi \),

2.
for each operation whose arguments need to have the same bitwidth, we increase bitwidth of the argument with the smaller bitwidth to match the bitwidth of the other argument,

3.
change the bitwidth of the resulting term to match the bitwidth of the original variable \({x}^{[n]}\).
In the formalization, we need to know bitwidths of the variables in the original formula. Therefore, for a formula \(\varphi \), we introduce the function \(\mathrm {bws}_\varphi \) that maps each variable name x in \(\varphi \) to its original bitwidth in \(\varphi \). For example, \(\mathrm {bws}_{{x}^{[32]} + {y}^{[32]} = {0}^{[32]}}(x) = 32\). Further, we use the function \( adjust \), which adjusts the bitwidth of the given term t to the given bitwidth bw.
where \( ext \in \{ \texttt {signExt}, \texttt {zeroExt} \}\) can be chosen during the implementation.
For each term t of the reduced model, we now recursively construct a term \(\overline{t}\), which uses only the variables of the original formula and is wellsorted. In other words, this construction implements the first two steps of the symbolic model extension described above.
As the base cases, we keep the bitwidth of all constants and extend the bitwidth of all variables to their original bitwidths in \(\varphi \).
For any operation \( \circ \in \{ +, \cdot , \& , , \oplus , \ll , \gg \}\) that requires arguments of the same bitwidths, we may need to extend the shorter of these arguments.
For the remaining operations, the construction is straightforward.
Now we complete the symbolic model extension with its third step. Formally, for a symbolic model \(\mathcal {M}\) we define a model extension \( extendM (\mathcal {M})\) that assigns to each variable x in the domain of \(\mathcal {M}\) the term \(\overline{\mathcal {M}(x)}\) adjusted to the original bitwidth of x.
Example 1
Consider a formula \(\varphi \) that contains variables \({x}^{[8]}\), \({y}^{[8]}\), \({z}^{[4]}\), \({v}^{[8]}\), \({w}^{[4]}\). Suppose that we have the \(\mathcal {M}\) of \( rf (\varphi , 4)\) given below. With the parameter \( ext \) of \( adjust \) set to signExt, the assignment \( extendM (\mathcal {M})\) is defined as follows.
Note that the numeral \({3}^{[8]}\) in \( extendM (\mathcal {M})\) arises by evaluation of the ground term signExt\(_4({3}^{[4]})\).
Note on additional smtlib operations. The syntax of the BV theory given in smtlib actually contains more predicates and functions than we have defined. The constructions presented in Subsections 3.1 and 3.2 can be extended to cover these additional predicates and functions mostly very easily. One interesting case is the ifthenelse operator \(\texttt {ite}(\varphi , t_1, t_2)\) where the first argument is a formula instead of a term. To accommodate this operator, the reduction functions \( rt \) and \( rf \) are defined as mutually recursive, and the symbolic model extension has to be enriched to handle not only terms, but also formulas. All these extensions can be found in the dissertation of M. Jonáš [8]. Note that \(\texttt {ite}\) indeed appears in symbolic models in practice.
4 Algorithm
In this section, we propose an algorithm that employs bitwidth reductions and extensions to decide satisfiability of an input formula. In the first subsection, we describe a simpler approach that can only decide that a formula is satisfiable. The following subsection dualizes this approach to unsatisfiable formulas. We then show how to combine these two approaches in a single algorithm, which is able to decide both satisfiability and unsatisfiability of a formula.
4.1 Checking Satisfiability Using Reductions and Extensions
Having defined the functions \( rf \) (see Subsect. 3.1), which reduces bitwidths in a formula, and \( extendM \) (see Subsect. 3.2), which extends bitwidths in a symbolic model of the reduced formula, it is fairly straightforward to formulate an algorithm that can decide satisfiability of a formula using reduced bitwidths.
This algorithm first reduces the bitwidths in the input formula \(\varphi \), thus obtains a reduced formula \(\varphi _{ red }\), and checks its satisfiability. If the formula is not satisfiable, the algorithm computes a new reduced formula \(\varphi _{ red }\) with an increased bitwidth and repeats the process. If, on the other hand, the reduced formula \(\varphi _{ red }\) is satisfiable, the algorithm obtains its symbolic model \(\mathcal {M}\), which assigns a term to each existentially quantified and free variable of the formula \(\varphi _{ red }\). The model is then extended to the original bitwidths of the variables in the formula \(\varphi \) and the extended model is substituted into the original formula \(\varphi \), yielding a formula \(\varphi _{ sub }\). The formula \(\varphi _{ sub }\) may not be quantifierfree, but it contains only universally quantified variables and no free variables. The formula \(\varphi _{ sub }\) may therefore be checked for satisfiability by a solver for quantifierfree bitvector formulas: the solver can be called on the formula \(\varphi _{ sub }^\lnot \) that results from removing all quantifiers from the formula \(\lnot \varphi _{ sub }\) transformed to the negation normal form. Since the formula \(\varphi _{ sub }\) is closed, the satisfiability of \(\varphi _{ sub }^\lnot \) implies unsatisfiability of \(\varphi _{ sub }\) and vice versa. Finally, if the formula \(\varphi _{ sub }\) is satisfiable, so is the original formula. If the formula \(\varphi _{ sub }\) is not satisfiable, the process is repeated with an increased bitwidth.
Example 2
Consider the formula \(\varphi \equiv \forall {x}^{[32]} \exists {y}^{[32]} \, ({x}^{[32]} + {y}^{[32]} = {0}^{[32]})\). Reduction to 2 bits yields the formula \( rf (\varphi , 2) \equiv \forall {x}^{[2]} \exists {y}^{[2]} \, ({x}^{[2]} + {y}^{[2]} = {0}^{[2]})\). An smt solver can decide that this formula is satisfiable and its symbolic model is \(\{ {y}^{[2]} \mapsto {x}^{[2]} \}\). An extended candidate model is then \(\{ {y}^{[32]} \mapsto {x}^{[32]} \}\). After substituting this candidate model into the formula, one gets the formula \(\varphi _{ sub } \equiv \forall {x}^{[32]} \, ({x}^{[32]} + ({x}^{[32]}) = {0}^{[32]})\). Negating the formula \(\varphi _{ sub }\) and removing all the quantifiers yields the quantifierfree formula \(({x}^{[32]} + ({x}^{[32]}) \not = {0}^{[32]})\), which is unsatisfiable. Therefore, the formula \(\varphi _{ sub }\) is satisfiable and, in turn, the original formula \(\varphi \) is satisfiable as well.
The correctness of the approach is guaranteed by the following theorem.
Theorem 1
([8, Theorem 11.1]). Let \(\varphi \) be a formula in the negation normal form and \(\mathcal {A}\) a mapping that assigns terms only to free and existentially quantified variables of \(\varphi \). If each term \(\mathcal {A}(x)\) contains only universal variables that are quantified in \(\varphi \) before the variable x, satisfiability of \(\mathcal {A}(\varphi )\) implies satisfiability of \(\varphi \).
4.2 Dual Algorithm
The algorithm of the previous subsection can improve performance of an smt solver only for satisfiable formulas. However, its dual version can be used to improve performance on unsatisfiable formulas. In the dual algorithm, one can decide unsatisfiability of a formula by computing a countermodel of a reduced formula and verifying it against the original formula. More precisely, if the solver decides that the reduced formula \(\varphi _{ red }\) is unsatisfiable, one can extend its countermodel \(\mathcal {M}\), substitute the extended countermodel into the original formula, obtaining a formula \(\varphi _{ sub }\) which contains only existentially quantified variables. Satisfiability of \(\varphi _{ sub }\) can be again checked by a solver for quantifierfree formulas applied to \(\varphi _{ sub }\) after removing all its existential quantifiers. If the formula \(\varphi _{ sub }\) is unsatisfiable, the original formula \(\varphi \) must have been unsatisfiable. If the formula \(\varphi _{ sub }\) is satisfiable, the process is repeated with an increased bitwidth.
Example 3
Consider the formula \(\varphi = \forall {y}^{[32]} \, ({x}^{[32]} + {y}^{[32]} = {0}^{[32]})\). Reduction to one bit yields the formula \( rf (\varphi , 1) = \forall {y}^{[1]} \, ({x}^{[1]} + {y}^{[1]} = {0}^{[1]})\). This formula can be decided as unsatisfiable by an smt solver and its countermodel is \(\{ {y}^{[1]} \mapsto {x}^{[1]} + {1}^{[1]} \}\). The extension of this countermodel to the original bitwidths is then \(\{ {y}^{[32]} \mapsto {x}^{[32]} + {1}^{[32]} \}\). After substituting this candidate countermodel to the original formula, one obtains the quantifierfree formula \(\varphi _{ sub } = ({x}^{[32]} + ({x}^{[32]} + {1}^{[32]}) = {0}^{[32]})\), which is unsatisfiable. The original formula \(\varphi \) is thus unsatisfiable.
The correctness of the dual algorithm is guaranteed by the following theorem.
Theorem 2
([8, Theorem 11.2]). Let \(\varphi \) be a formula in the negation normal form and \(\mathcal {A}\) a mapping that assigns terms only to universally quantified variables of \(\varphi \). If each term \(\mathcal {A}(x)\) contains only free and existential variables that are quantified in \(\varphi \) before the variable x, unsatisfiability of \(\mathcal {A}(\varphi )\) implies unsatisfiability of \(\varphi \).
4.3 Combined Algorithm
Now we combine the two algorithms into one. In the rest of this section, we suppose that there exists a modelgenerating solver that produces symbolic models for satisfiable quantified bitvector formulas and countermodels for unsatisfiable ones. Formally, let \(\texttt {solve}(\varphi )\) be the function that returns \((\texttt {sat}, model )\) if \(\varphi \) is satisfiable and \((\texttt {unsat}, countermodel )\) in the opposite case.
Further, we use smt queries to check the satisfiability of \(\varphi _{ sub }\). Generally, these queries can be answered by a different smt solver than the modelgenerating one. We call it modelvalidating solver and suppose that it has the function \(\texttt {verify}(\psi )\) which returns either \(\texttt {sat}\) or \(\texttt {unsat}\) reflecting the satisfiability of \(\psi \).
Using these two solvers, the algorithm presented in Listing 1.1 combines the techniques of the two preceding subsections. This algorithm first reduces the bitwidths in the input formula to 1 and checks satisfiability of the reduced formula \(\varphi _{ red }\) by the modelgenerating solver. According to the result, we try to validate either the extended symbolic model or the extended symbolic countermodel with the modelvalidating solver. If the validation succeeds, the satisfiability of the original formula is decided. Otherwise, we repeat the process but this time we reduce the bitwidths in the input formula to twice the value used in the previous iteration. The algorithm terminates at the latest in the iteration when the value of bw is so high that the formula \(\varphi _{ red }\) is identical to the input formula \(\varphi \). In this case, the modelgenerating solver provides a model or a countermodel \(\mathcal {M}\) of \(\varphi \). As \(\mathcal {M}\) contains the unchanged variables of \(\varphi \), its extension \( extendM (\mathcal {M})\) is identical to \(\mathcal {M}\) and the modelvalidating solver has to confirm the result.
5 Implementation
We have implemented the proposed algorithm in a proofofconcept tool. However, our implementation differs in several aspects from the described algorithm. This section explains all these differences and provides more details about the implementation.
5.1 ModelGenerating Solver
As the modelgenerating solver, we use Boolector 3.2.0 as it can return symbolically expressed Skolem functions as models of satisfiable quantified formulas, which is crucial for our approach. Unfortunately, Boolector does not satisfy some requirements that we imposed on the modelgenerating solver.
First, the symbolic model \(\mathcal {M}\) returned by Boolector may not contain terms for all existentially quantified variables of the input formula \(\varphi \). Therefore, the formula \(\varphi _{ sub }\) may still contain both existentially and universally quantified variables and we cannot employ an smt solver for quantifierfree formulas as the modelvalidation solver. Our implementation thus uses a modelvalidating solver that supports quantified formulas. An alternative solution is to extend \(\mathcal {M}\) to all existentially quantified variables, for example by assigning \({0}^{[n]}\) to each existentially quantified variable \({x}^{[n]}\) that is not assigned by \(\mathcal {M}\). This allows using a solver for quantifierfree formulas as the modelvalidating solver. However, our preliminary experiments indicate that this alternative solution does not bring any significant benefit. Moreover, the best performing smt solvers for the quantifierfree bitvector formulas can also handle quantified formulas.
Second, Boolector returns symbolic models only for satisfiable formulas and cannot return symbolic countermodels. We alleviate this problem by running two parallel instances of Boolector: one on the original formula \(\varphi \) and one on the formula \(\lnot \varphi '\), where \(\varphi '\) arises from \(\varphi \) by existential quantification of all free variables. We then use only the result of the solver that decides that the formula is satisfiable; if \(\varphi \) is satisfiable, we get its symbolic model, if \(\lnot \varphi '\) is satisfiable, we get its symbolic model, which is a symbolic countermodel of \(\varphi \). Effectively, this is equivalent to running the algorithm of Listing 1.1 without the lines 12–16 in two parallel instances: one on \(\varphi \) and the other on \(\lnot \varphi '\). This is what our implementation actually does.
5.2 Portfolio Solver
The aim of our research is to improve the performance of an smt solver for the BV theory using the bitwidth reductions and extensions. The solver is used as the modelvalidating solver. We investigate two implementations:

To see realworld benefits, we run the original solver in parallel with the two processes that use bitwidth reductions. The result of the first process that decides the satisfiability of the input formula is returned. The schematic overview of our portfolio solver is presented in Fig. 1. In this variant, if the reducing solvers reach the original bitwidth of the formula, they return unknown.

To see the negative overhead of reductions, we also consider a variant of the abovementioned approach, but without the middle thread with original solver. In this variant, the reducing solvers are additionally executed for the original bitwidth in their last iteration.
Our experimental implementation is written in C++ and Python. It utilizes the C++ api of Z3 [5] to parse the input formula in the smtlib format. The Z3 api is also used in the implementation of formula reductions and some simplifications (conversion to the negation normal form and renaming bound variables to have unique names). The only part written in Python is a simple wrapper that executes the three parallel threads and collects their results. As the parameters, we use \( ext = \texttt {zeroExt}\) in \( rt \), \( ext = \texttt {signExt}\) in \( adjust \), and \(\texttt {increaseBW}(x) = 2*x\). These parameters had the best performance during our preliminary evaluation, but can be changed. The implementation is available at: https://github.com/martinjonas/bwreducingsolver.
6 Experimental Evaluation
We have evaluated the impact of our technique on the performance of three leading smt solvers for the BV theory: Boolector 3.2.0 [11], CVC4 1.6 [1], and Q3B 1.0 [9]. Each of these solvers has been employed as the modelvalidating solver, while the modelgenerating solver remains the same, namely Boolector. For the evaluation, we have used all 5741 quantified bitvector formulas from the smtlib benchmark repository [2]. The formulas are divided into 8 benchmark families coming from different sources.
All experiments were performed on a Debian machine with two sixcore Intel Xeon E52620 2.00 GHz processors and 128 gb of ram. Each benchmark run was limited to use 16 gb of ram and 5 min of wall time. All measured times are wall times. For reliable benchmarking we employed BenchExec [4].
6.1 Boolector
First, we have evaluated the impact of our technique on the performance of Boolector 3.2.0. We have compared the vanilla Boolector (referred to as btor), our portfolio solver running Boolector as both modelgenerating and modelvalidating solver (btorr), and the portfolio variant without the original solver (btorrno). The numbers of formulas of individual benchmark families solved by the three solvers can be found in the corresponding columns of Table 1. While btorrno is not very competitive, the full portfolio solver was able to solve 22 formulas more than Boolector itself. Note that this amounts to 8.6% of the formulas unsolved by Boolector. The scatter plots in Fig. 2 shows the performance of the solvers. With the full portfolio approach, our technique can also significantly reduce the running time of Boolector on a nontrivial number of both satisfiable and unsatisfiable formulas from various benchmark families.
We have also investigated the reduction bitwidth that was necessary to improve the performance of Boolector. Among all executions of the full portfolio solver, 475 benchmarks were actually decided by one of the two parallel threads that perform bitwidth reductions. From these 475 benchmarks, 193 were decided using the bitwidth of 1 bit, 141 using 2 bits, 111 using 4 bits, 23 using 8 bits, and 7 using 16 bits.
6.2 CVC4 and Q3B
We have also performed evaluations with CVC4 and Q3B as modelvalidating solvers. This yields the following four solvers: cvc4, q3b are the vanilla CVC4 and Q3B, respectively; cvc4r, q3br are the portfolio solvers using CVC4 and Q3B, respectively, as the modelvalidating solver.
Whenever the modelgenerating solver differs from the modelvalidating solver, the comparison is more involved. For example, the direct comparison of cvc4 and cvc4r would be unfair and could be biased towards cvc4r. This happens because models are provided by Boolector as the modelgenerating solver and the model validation may become trivial for CVC4, even if it could not solve the reduced formula alone. To eliminate this bias, we do not compare cvc4 against cvc4r, but the virtualbest solver from btor and cvc4, denoted as btorcvc4, against the virtualbest solver from btor and cvc4r, denoted as btorcvc4r. We thus investigate only the effect of reductions and not the performance of the modelgenerating solver on the input formula. Similarly, we compare the virtualbest solver btorq3b against the virtualbest solver btorq3br.
Table 1 shows the number of benchmarks solved by the compared solvers. In particular, reductions helped the virtualbest solver btorcvc4r to solve 4 more benchmarks than the solver btorcvc4. This amounts to 3.4% of the benchmarks unsolved by btorcvc4. For btorq3br, the reductions help to solve 7 new benchmarks, i.e., 8.8% of unsolved benchmarks.
Similarly to the case of Boolector, reductions also help btorcvc4r to decide several benchmarks faster than the solver btorcvc4 without reductions. This can be seen on the first scatter plot in Fig. 3. As the second scatter plot in this figure shows, reductions also help Q3B to solve some benchmarks faster.
All experimental data, together with additional results and all scripts that were used during the evaluation are available at: https://fi.muni.cz/~xstrejc/sat2020/.
7 Conclusions
We have described an algorithm that improves performance of smt solvers for quantified bitvector formulas by reducing bitwidths in the input formula. We have shown that if used in a portfolio approach, our proofofconcept implementation of this algorithm improves performance of stateofthe art smt solvers Boolector, CVC4, and Q3B.
References
Barrett, C., et al.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011). https://doi.org/10.1007/9783642221101_14
Barrett, C., Fontaine, P., Tinelli, C.: The Satisfiability Modulo Theories Library (SMTLIB) (2016). www.SMTLIB.org
Barrett, C.W., Sebastiani, R., Seshia, S.A., Tinelli, C.: Satisfiability modulo theories. In: Handbook of Satisfiability, pp. 825–885. IOS Press (2009)
Beyer, D., Löwe, S., Wendler, P.: Benchmarking and resource measurement. In: Fischer, B., Geldenhuys, J. (eds.) SPIN 2015. LNCS, vol. 9232, pp. 160–178. Springer, Cham (2015). https://doi.org/10.1007/9783319234045_12
de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/9783540788003_24
Harrison, J.: Handbook of Practical Logic and Automated Reasoning. Cambridge University Press, Cambridge (2009)
Jonáš, M., Strejček, J.: Is satisfiability of quantified bitvector formulas stable under bitwidth changes? In: Barthe, G., Sutcliffe, G., Veanes, M. (eds.) LPAR22. 22nd International Conference on Logic for Programming, Artificial Intelligence and Reasoning. EPiC Series in Computing, Awassa, Ethiopia, 16–21 November 2018, vol. 57, pp. 488–497. EasyChair (2018)
Jonáš, M.: Satisfiability of quantified bitvector formulas: theory & practice. Ph.D. thesis, Masaryk University (2019)
Jonáš, M., Strejček, J.: Q3B: an efficient BDDbased SMT solver for quantified bitvectors. In: Dillig, I., Tasiran, S. (eds.) CAV 2019. LNCS, vol. 11562, pp. 64–73. Springer, Cham (2019). https://doi.org/10.1007/9783030255435_4
Kovásznai, G., Fröhlich, A., Biere, A.: Complexity of fixedsize bitvector logics. Theory Comput. Syst. 59(2), 323–376 (2015). https://doi.org/10.1007/s0022401596531
Niemetz, A., Preiner, M., Wolf, C., Biere, A.: Btor2, BtorMC and Boolector 3.0. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10981, pp. 587–595. Springer, Cham (2018). https://doi.org/10.1007/9783319961453_32
Zeljić, A., Wintersteiger, C.M., Rümmer, P.: An approximation framework for solvers and decision procedures. J. Autom. Reasoning 58(1), 127–147 (2016). https://doi.org/10.1007/s1081701693931
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Jonáš, M., Strejček, J. (2020). Speeding up Quantified BitVector SMT Solvers by BitWidth Reductions and Extensions. In: Pulina, L., Seidl, M. (eds) Theory and Applications of Satisfiability Testing – SAT 2020. SAT 2020. Lecture Notes in Computer Science(), vol 12178. Springer, Cham. https://doi.org/10.1007/9783030518257_27
Download citation
DOI: https://doi.org/10.1007/9783030518257_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 9783030518240
Online ISBN: 9783030518257
eBook Packages: Computer ScienceComputer Science (R0)