Deciding Bit-Vector Arithmetic with Abstraction

  • Randal E. Bryant
  • Daniel Kroening
  • Joël Ouaknine
  • Sanjit A. Seshia
  • Ofer Strichman
  • Bryan Brady
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4424)


We present a new decision procedure for finite-precision bit-vector arithmetic with arbitrary bit-vector operations. Our procedure alternates between generating under- and over-approximations of the original bit-vector formula. An under-approximation is obtained by a translation to propositional logic in which some bit-vector variables are encoded with fewer Boolean variables than their width. If the under-approximation is unsatisfiable, we use the unsatisfiable core to derive an over-approximation based on the subset of predicates that participated in the proof of unsatisfiability. If this over-approximation is satisfiable, the satisfying assignment guides the refinement of the previous under-approximation by increasing, for some bit-vector variables, the number of Boolean variables that encode them. We present experimental results that suggest that this abstraction-based approach can be considerably more efficient than directly invoking the SAT solver on the original formula as well as other competing decision procedures.


  1. 1.
    Clarke, E., et al.: Symbolic Model Checking without BDDs. In: Cleaveland, W.R. (ed.) ETAPS 1999 and TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999)Google Scholar
  2. 2.
    Clarke, E., Kroening, D.: Hardware verification using ANSI-C programs as a reference. In: Proceedings of ASP-DAC 2003, pp. 308–311. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  3. 3.
    Xie, Y., Aiken, A.: Scalable error detection using Boolean satisfiability. In: Proc. 32nd ACM Symposium on Principles of Programming Languages (POPL), pp. 351–363 (2005)Google Scholar
  4. 4.
    Vardi, M.Y., et al.: Formal Verification of Backward Compatibility of Microcode. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 185–198. Springer, Heidelberg (2005)Google Scholar
  5. 5.
    Kroening, D., et al.: Abstraction-based satisfiability solving of Presburger arithmetic. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 308–320. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    McMillan, K., Amla, N.: Automatic abstraction without counterexamples. In: Garavel, H., Hatcliff, J. (eds.) ETAPS 2003 and TACAS 2003. LNCS, vol. 2619, pp. 2–17. Springer, Heidelberg (2003)Google Scholar
  7. 7.
    Cook, B., Kroening, D., Sharygina, N.: Cogent: Accurate theorem proving for program verification. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 296–300. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Berezin, S., Ganesh, V., Dill, D.: A decision procedure for fixed-width bit-vectors. Technical report, Computer Science Department, Stanford University (2005)Google Scholar
  9. 9.
    Wedler, M., Stoffel, D., Kunz, W.: Normalization at the arithmetic bit level. In: Proc. DAC, pp. 457–462. ACM Press, New York (2005)Google Scholar
  10. 10.
    Cadar, C., et al.: EXE: Automatically generating inputs of death. In: 13th ACM Conference on Computer and Communications Security (CCS ’06), pp. 322–335. ACM, New York (2006)CrossRefGoogle Scholar
  11. 11.
    Dutertre, B., de Moura, L.: The Yices SMT solver (2006), Available at
  12. 12.
    Cyrluk, D., Möller, M.O., Rueß, H.: An efficient decision procedure for the theory of fixed-sized bit-vectors. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 60–71. Springer, Heidelberg (1997)Google Scholar
  13. 13.
    Barrett, C.W., Dill, D.L., Levitt, J.R.: A decision procedure for bit-vector arithmetic. In: Proceedings of DAC’98, pp. 522–527. ACM Press, New York (1998)Google Scholar
  14. 14.
    Babić, D., Musuvathi, M.: Modular Arithmetic Decision Procedure. Technical report, Microsoft Research, Redmond (2005)Google Scholar
  15. 15.
    Brinkmann, R., Drechsler, R.: RTL-datapath verification using integer linear programming. In: Proceedings of VLSI Design, pp. 741–746 (2002)Google Scholar
  16. 16.
    Parthasarathy, G., et al.: An efficient finite-domain constraint solver for circuits. In: Design Automation Conference (DAC), pp. 212–217 (2004)Google Scholar
  17. 17.
    Huang, C.Y., Cheng, K.T.: Assertion checking by combined word-level ATPG and modular arithmetic constraint-solving techniques. In: Proc. DAC, pp. 118–123 (2000)Google Scholar
  18. 18.
    Gupta, A., et al.: Iterative abstraction using SAT-based BMC with proof analysis. In: ICCAD (2003)Google Scholar
  19. 19.
    Lahiri, S., Mehra, K.: Interpolant based decision procedure for quantifier-free Presburger arithmetic. Technical Report 2005-121, Microsoft Research (2005)Google Scholar
  20. 20.
    Tseitin, G.: On the complexity of proofs in poropositional logics. In: Siekmann, J., Wrightson, G. (eds.) Automation of Reasoning: Classical Papers in Computational Logic 1967–1970, vol. 2 (Originally published 1970). Springer, Heidelberg (1983)Google Scholar
  21. 21.
  22. 22.
  23. 23.
    Zhang, L., Malik, S.: Extracting small unsatisfiable cores from unsatisfiable Boolean formulas. In: Proceedings of SAT 03 (2003)Google Scholar
  24. 24.
    UCLID verification system:
  25. 25.
  26. 26.
    Bryant, R.E.: Term-level verification of a pipelined CISC microprocessor. Technical Report CMU-CS-05-195, Computer Science Department, Carnegie Mellon University (2005)Google Scholar
  27. 27.
    Wisconsin Safety Analyzer Project:

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Randal E. Bryant
    • 1
  • Daniel Kroening
    • 2
  • Joël Ouaknine
    • 3
  • Sanjit A. Seshia
    • 4
  • Ofer Strichman
    • 5
  • Bryan Brady
    • 4
  1. 1.Carnegie Mellon University, Pittsburgh 
  2. 2.ETH Zürich 
  3. 3.Oxford University Computing Laboratory 
  4. 4.University of California, Berkeley 
  5. 5.The Technion, Haifa 

Personalised recommendations