A Tale Of Two Solvers Eager and Lazy Approaches to Bitvectors Liana Hadarean Kshitij - PDF document

442 views
Uploaded On 2014-10-24

A Tale Of Two Solvers Eager and Lazy Approaches to Bitvectors Liana Hadarean Kshitij - PPT Presentation

The standard method for deciding bitvector constraints is via eager reduction to propositional logic This is usually done after 64257rst applying powerful rewrite techniques While often ef64257cient in practice this method does not scale on problems ID: 7376

The standard method for

Link:

Copy

Embed:

<iframe width="560" height="315" src="https://www.docslides.com/embed/7376" frameborder="0" allowfullscreen></iframe>

Download Presentation from below link

Download Pdf The PPT/PDF document "A Tale Of Two Solvers Eager and Lazy App..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentation Transcript

2Alazysolvercanaddresstheselimitations,explicitlytargetingproblemsthataredifcultforeagersolversandthusprovidingacomplementaryapproach.Thelazyap-proachforbit-vectorswasrstproposedin[8,16].Inthispaper,werevisitthisap-proach,extendingandimprovingitinseveralways.Ourlazysolverintegratesalge-braic,word-levelreasoningwithbit-blasting.Designedforeasyplug-and-playcom-binationwithsolversforothertheories,theprocedureintegratesanon-linelazyTbvsolver(LBV)intotheDPLL(T)framework[20],separatingtheory-specicreasoningfromthesearchovertheBooleanstructureoftheinputproblem.Thisseparationoffersbenetsorthogonaltothoseprovidedbyeagerbit-vectorsolversbutalsoposesinter-estingtrade-offs.Ononehand,ithasthepotentialofincurringadditionaloverheadandlosingimportantconnectionsbetweensubproblems;ontheotherhand,dependingontheBooleanstructureoftheproblem,itoftenallowstheTbvsolvertoreasonaboutmuchsmallerproblemsatatime.Weuseaspecializeddecisionheuristictoreducethesizeofthesesub-problemsevenfurtherbyconsideringonlyliteralsrelevanttothecurrentsearchcontext.Ourapproachisparticularlyusefulonproblemswhosesubproblemsfallintooneoftheefcientlydecidablefragmentofthebit-vectortheory(e.g.,thecoretheoryofconcatenationandextraction[11],thetheoryofbit-vectorinequalities,orfragmentsdecidableusingequationalreasoning).Totargetsuchproblems,ourLBVsolverisbuiltasthecombinationofseveralalgebraicsolversspecializedforsomeofthesefragmentstogetherwithacompletebit-blastingsolver.Thebit-blastingsolverusesadedicatedSATsolverSATbb,distinctfromtheDPLL(T)Booleanenginedrivingthemainsearch(SATmain).TheseparationofthetwoSATenginestscleanlyintotheDPLL(T)frame-workandallowsthesolverstobetunedindependently.Experiments(describedinSection6)conrmourclaimthatthelazyapproachiscomplementarytotheeagerapproach,asthelazysolverefcientlysolvesproblemsthatareeitherimpossibleorverydifcultforeagersolvers.Atthesametime,itisnotrealistictoexpectthelazysolvertodowellonproblemsthatareeasyforeagersolvers(andindeeditisoftenslowerontheseproblems).Forthisreasonweproposeaportfolioapproachthatrunsaneagersolverandalazysolverinparallel.Additionalexperimentsshowthatourportfoliosolveroutperformseagersolversbothintermsofthenumberofproblemssolvedandthetimetakentosolvethem.Therestofthepaperisorganizedasfollows.Section2framesourcontributionsintermsofrelatedwork.Sections3and4providetechnicalpreliminariesandabriefoverviewoftheDPLL(T)framework.Section5describesthecomponentsofourlazysolverLBVincludingsomeoptimizationsenabledbythelazyframework.Wepresentanexperimentalevaluationofthesolverfollowedbyanin-depthanalysisinSection6.Finally,weconcludewithfutureworkinSection7.2RelatedworkThepredominantapproachtosolvingbit-vectorconstraintsisviareductiontoSAT.Boolector,aspecializedsolverforbit-vectorsandarrays,andthewinnerofthe2012SMT-COMPforQF BVlogic,employspreprocessingbeforeencodingthebit-vectorformulaintotheAIGformat[7].Z3,aDPLL(T)-styleSMTsolver,appliesbit-blasting 4Table1:Tbvsignaturebv eqsorts[n]n�0constants0;1::[1]equal = ::[n][n]... conconcat ::[m][n]![m+n]extract [i:j]::[m]![i�j+1] ineqless ::[n][n]less-eq ::[n][n] ariplus + ::[n][n]![n]neg� ::[n]![n]times ::[n][n]![n]div = ::[n][n]![n]rem % ::[n][n]![n] booland & ::[n][n]![n]or j ::[n][n]![n]not ::[n]![n]xor ::[n][n]![n] shiftleftshift ::[n][n]![n]rightshift �� ::[n][n]![n]Wewillwritet[n]forsomexedntodenotethattisabv-termofsort[n].Notethatexceptfortheconstants,thefunctionandpredicatesymbolsinTable1areoverloaded;forexample,+standsforanyofthesymbolsintheinnitefamilyf+::[n];[n]![n]g�n0.Forsimplicity,werestrictourattentiontoasubsetofthebit-vectoroperatorsdescribedintheSMT-LIBv2.0standard[4];themissingonescaneasilybeexpressedintermsofthosegivenhere.TheTbv-satisabilityofconjunctionsofequalitiesbetweentermsoverthecoresub-signatureeq[conisdecidableinpolynomialtime[9,11].However,addingalmostanyoftheadditionaloperators,orallowingforarbitraryBooleanstructure,makestheTbv-satisabilityproblemNP-hard[6].4TheDPLL(T)FrameworkState-of-the-artSMTsolversefcientlydecidethesatisabilityofquantier-freerst-orderformulaswithrespecttoabackgroundtheoryTbyusingtheDPLL(T)frame-work[20].TheframeworkextendstheDavis-Putnam-Logemann-Loveland(DPLL)de-cisionprocedureforSATtohandlereasoninginatheoryTbyrelyingonatheorysolver(T-solver):adecisionprocedurefortheT-satisabilityofT-constraints.Algorithm1givesasimpliedalgorithmicviewoftheDPLL(T)frameworkwithageneralizedtheoryinterface.ThealgorithmtakesasinputaT-formula andreturnssatif isT-satisableandunsatotherwise.VariableCstoresthesetofworkingclausesandAthecurrenttruthassignmentforCasasequenceofT-literals.Weuse[]fortheemptyassignmentand;fortheconcatenationoftwoassignments.Initially,AisemptyandCissimplythesetofclausesobtainedbyconverting toConjunctiveNormalForm(CNF).WesaythatapairhA;CiisinconsistentiftheassignmentAfalsiessomeclauseinC;itisconsistentotherwise.AnassignmentApropositionallysatises if issatisedbyeveryfullassignmentextendingA.InAlgorithm1,theSATandtheorysolverworktogethertoaugmentAandCviaSatSolveandTheoryCheck,respectively.TheinputtoSatSolveisanassignmentandasetofclauseshA;Ci.ThereturnvalueisanewpairhA0;C0iderivedfromthe 6WesayacalltoTheoryCheckisnalwhentheparameternalissettotrue.FinalcallstoTheoryCheckmusteitherensurethatAisT-satisable,orreturnoneormoretheorylemmas.Twoimportantaspectsoftheorysolversarenotcapturedhere.TherstisthatactualimplementationsofTheoryCheckarestateful:theystoreacopyoftheassignmentAinternallyandareinstructedtopushandpopliteralsfromitasAismodiedbythemainloop.Inpractice,itiscrucialthatthetheorysolverbeabletobacktrackefcientlywhenAisshrunk,andreasonincrementallywhenitisextended.Thesecondaspectisthatatheorysolvermustbeabletoprovideanexplanationforeachtheory-propagatedliteralp.Thisisaclauseoftheform:l1__:ln_lforsomesubsetfl1;:::;lngofA,explainingwhytheliteralwasentailed.ExplanationsareneededbySatSolveduringitsconictanalysis.Itisimportantforefciencythatthetheorysolverbeabletocomputeexplanationslazily,onlyasneededbySatSolve.5ALazyBit-vectorSolverWenowproceedtogivethedetailsofourlazybit-vectorsolverLBV,designedtofullltherequirementsoftheTheoryCheckinterfacedescribedabove.5.1SubsolversTheLBVsolverconsistsoffoursub-solvers:theequalitysolverLBVeq,thecoresolverLBVcore,theinequalitysolverLBVineqandthebit-blastingsolverLBVbb.Eachsub-solverisincrementalandprovidesthetheorysolverfunctionalitiesdescribedinSec-tion4.ThearchitectureofLBVwasdesignedtobemodularandextensible:allthebit-vectorreasoningisconnedwithinthesolver,anditiseasytoenhanceitbyaddingmoresub-solvers. Algorithm2:LBVCheck Input:hA,nalihPeq;Leq;completei LBVCheckeq(A,nal);ifcompletethen returnhPeq;Leqi; hPineq;Lineq;completei LBVCheckineq(A;Peq,nal);ifcompletethen returnhPeq;Pineq;Leq[Lineqi; hPbb;Lbbi LBVCheckbb(A;Peq;Pineq,nal);returnhPeq;Pineq;Pbb;Leq[Lineq[Lbbi Algorithm2showstheimplementationofLBVCheck,theTheoryCheckfromAl-gorithm1correspondingtotheLBVsolver.LBVCheckcallsthesubsolversinincreasingorderofcomputationalcost.Foreachi2feq;ineq;bbg,LBVCheckireturnsasequence 10 Algorithm3:LBVCheckbb Input:hA,nalihP;Li BvSatBCP(A);ifnalandL=;then L BvSatSolve(A); returnhP;Li; 5.2LazyTechniquesThelazyDPLL(T)frameworkenablesseveraltechniquesthataredifcultorimpossibletousewitheagersolvers.Inthissectionwediscusstwoofthesetechniques:applyingword-levelrewritesduringsolving(inprocessing)andreducingtheproblemsizebyonlyreasoningaboutatomsrelevantinthecurrentsearchcontext(relevancy-baseddecisionheuristics).InprocessingTechniquesBeforeengaginginpotentiallyexpensiveSATreasoning,LBVbbreliesontheinprocessingmoduletocheckiftheproblemcanbesolvedorsig-nicantlysimpliedbyword-levelsimplicationtechniques.Thisisdonebyaprocess,describedinAlgorithm4,thathastheavorofGaussianelimination.Itworksbyiter-atingoveraworklistoftheoryliteralsWwhilemaintainingasubstitutionmap.Initially,WisinitializedtothesetofliteralsAassignedtotrueinthecurrentsearchcontext.Foreachworklistassertionw2W,werstapplythesubstitutionmap,andthenrewriteitusingword-levelsimplicationtechniques(Simplify).TheSolveEqprocedurethenattemptstosolvetheupdatedassertionwtoobtainanewsubstitution.Alternatively,itcanalsolearnnewequalitiesentailedbywandaddthesetothework-inglist.8TheworkinglistWandthesubstitutionmapareupdatedwiththisnewinformation,andtheprocessisrepeatedtoaxpoint.9IfanyoftheassertionsinWreducestofalse,wehaveaconict.IftherearenosuchobviousinconsistencieswecanruntheLBVCheckbbroutineonthesimpliedsetofassertionsW.Wedothisheuristically,iftheproblemhasbeenreducedenoughintermsofthecircuitsize.Wefoundcheckingthesimpliedassertionswhentheyarelessthan50%ofthesizeoftheoriginalassertionstobeagoodheuristic.Relevancy-AwareDecisionHeuristicsTheideaofrelevancyisbestunderstoodwithasimpleexample.Let =:a^(b_')withassignmentA=[:a;b].NotethatApropositionallysatises regardlessofhowmanyunassignedliteralsarein'.Theliteralsin'areirrelevant.TheDPLL(T)frameworkmakesiteasytoaddadecisionheuristicthatavoidssplit-tingonirrelevantliterals.Inparticular,wecan(i)detectwhenanassignmentAbe-comespropositionallysatisfyingandstopearlyinordertoreducethenumberofliterals 8Inourimplementation,wesolvexorequationsandsliceequationsbetweenconcatenationexpressionstogetnewequalities.9Thedata-structuresareenhancedwithextrabook-keepinginformationtokeeptrackofexpla-nations.Weomitthesedetailsforsimplicity. 12 (a)cvcLzvscvcLz-J (b)cvcLzvscvcLz-P (c)cvcLzvscvcLz-AlgFig.2:Impactofvariousfeaturesofthelazysolver.Allplotsareonalogarithmicscale.SMT-LIBv2.0.Instead,weselected3786ofthembyfocusingonexamplescomingfromvericationapplications:weexcludedtheanswer-setprogrammingaspfamilyaswellasthecheck2andcraftedfamiliesthatcontaintoyexamples.Topreventverylargefamiliessuchassage(26K)andspear(1694)fromdominatingtheresults,weusedarandomizedprocesstoselectarepresentativefractionofthebenchmarksfromthem.Becausemanyofthesageproblemsareveryeasy,weconsideredonlybenchmarksthattakemorethan10secondstosolve.Fromthespearfamilyweincludedallsmallsub-families,andrandomlyselectedafractionofthelargestsubfamily.Forbrevity,wemergeherethefourfamilieswithabrummayerbiereprexintobrummayerbiere*,uclidanduclid-contrib-smtcomp09intouclid*,andstpandstp-samplesintostp*.WeusecvcEtorefertotheimplementationoftheeagersolverinCVC4,cvcLzforthelazyLBVsolverandcvcPllfortheparallelsolver.TheletterspreceededbyaminussignrepresentwhichfeatureofcvcLzhasbeenturnedoff:Jforthejusticationheuristic,PforLBVbbpropagation,Algforallofthealgebraicsub-solvers(LBVeq,LBVcore,LBVineq)plustheword-levelin-processingtechniques.ThescatterplotsinFigure2comparetheruntimeperformanceofthefullfeaturedlazysolverwithaversionwithoutoneofthefeaturesabove.Figure2ashowstheimpactofthejusticationheuristic.Whileoverallthejusticationheuristicimprovesperfor-mance,ithasanegativeimpactonbenchmarksinthemcmfamily.Theseproblemsconsistofconjunctionsoflargedisjunctions.Onsuchproblemsthejusticationheuris-ticforcesSATmaintochooseanaivepatternofdecisionsbyalwaysinitiallydecidingontherstdisjunctofeachconjunct.Figure2bshowsthatLBVbbpropagationisessen-tialtosolvingdifcultbenchmarks,althoughitaddssomeoverheadtotheeasierones.Figure2cshowstheimpactofalltheword-leveltechniquesenabledbythelazyap-proach.Theplotshowsarelativelysmalloverheadwhenthesetechniquesdonothelp,butdramaticimprovementswhentheydoapply.Table2comparestheperformanceofcvcE,cvcLzandthatoftheonlyotherbit-vectorsolverthatsupportslazybit-blasting:mathsatL(smtcomp2012versionwithlazysolvingenabled).TheeagersolvercvcEperformsbetteronfamiliesthatinvolvebit-levelmanipulations,suchasthebrummayerebiere*families.ThelazysolvercvcLzex- 14celsonfamiliescalypto,tacas07,lfsr,coreandsimple processorsthatbenetfromal-gebraicreasoning.Furthermore,cvcLzsolves6problemsthatnoneoftheothersolversweconsideredcouldsolveinthegiventimelimit.Theunique-solverowatthebottomofTable2andTable3showsthisgureforallothersolvers.Finally,inTable3wecomparecvcPllwithotherstate-of-the-artbit-vectorsolvers:yices(2.1.1),stp2(r1673),z3(r0e74362),boolector(1.6),sonolar(smtcomp2012)andmathsat(smtcomp2012witheagersolver).FortheparallelsolvercvcPllwereportwallclocktime.TheportfoliosolvercvcPllsolvesthelargestnumberofproblems.Weat-tributethisincreaseinperformancetothecomplementarynatureofthetwoapproaches.ToillustratethatthelazycvcLzapproachcomplementseagersolvers,wealsosimulatedrunningcvcLzinparallelwithtwoofthemostefcenteagerbit-vectorsolvers:boolec-torandz3.Wedidthisbychosingthebestresultfromeithersolverforeachproblem.Evenforthesesolvers,cvcLzgreatlyimprovesontheirperformance:thecombinedboolector+cvc4Lsolves57moreproblemsinaquarteroftheoriginalboolectortotaltimeandz3+cvcLsolves42moreproblemsinjustoverhalfthetotaltime.DiscussionWenowprovideamoredetailedanalysisofthetradeoffsbetweenthetwoapproaches,basedonourexperimentalresults.TheeagersolvercvcEisparticularlyefcientonhardwareequivalencecheckingbenchmarksthatverifytheequivalenceofabit-levelimplementationtoitsword-levelspecication.Insuchcasesthecorrectnessoftheproofoftendependsonbit-levelprop-ertiesthatbenetfromefcientpropositionalanalysismorethanthekindofalgebraicreasoningdoneinthelazysolver.Thisisespeciallyobviousinthedifferenceintheper-formanceofcvcEandcvcLzonthebrummayerbiere*family,ascanbeseeninTable2.Maintainingtheword-levelstructureduringthecomputationinLBVrequireses-tablishingacommonlanguagebetweenSATmain,theSATsolverdrivingthemainDPLL(T)search,andSATbb.Inourapproach,thislanguageconsistsoftheTbv-atomsandrepresentsafrontierthatpartitionstheproblembetweenthetwosolvers.LBVcon-ictscanbeseenasinterpolantsbetweenthepartoftheproblemdescribingthecontrolow(theBooleanabstraction)andthedatapath.RestrictingtheconictlanguagetoTbv-atomslimitsthegranularityoftheconicts:wecannotexpressbit-levelconicts.Insomecasesthiscanproveinefcient.Considerthefollowingexample.Example2.Thefollowingassertionsareunsatisable.Allpathsthroughthedisjunctionforcethelastbitofthexivariablestobe0[1].Thereforetheirdisjunctionmustalsohavetheleastsignicantbitequalto0[i]whichmakestheequalityfalse.n_i=0xi=y1[1]^n^i=0(xi=ti0[1]_xi=si0[1])InExample2,aneagersolvermaypotentiallylearnthatthelastbitofxihastobe0.Thelazysolverontheotherhand,willhavetotryallpossiblepathsthroughthedisjunctionandlearnaconictforeachoneofthem.Forproblemswithexpensivearithmeticoperators,thebenetsofmaintainingtheword-levelstructureoutweighthislimitation.Whileeagersolvershavesophisticated 15rewritetechniques,suchtechniquesareusuallyonlyapplicableatthetoplevel.Equiva-lencecheckingproblemsbetweenhigherleveldesignscanrequireprovingtheequiva-lenceofresultsobtainedbytakingdifferentcontrol-owpaths.Thesecanbeencodedaslargeite(if-then-else)termtreeswithasimilarstructure,asinthefollowingexample.Example3.Theformulabelowisunsatisable.Theconditionsonallpathsthroughtheitetreesforcetheleavestobeequal.ite(x0=y0;x0(ite(x1=y1;2x1;2));2)6=2ite(x0=y0;y0(ite(x1=y1;y1;1));1)Collectingtheassertionsdownanyitepathintheexample,andapplyingsimpleequalitysubstitutionsrenderseachsuchpathtriviallyunsatisable.Nomultiplicationreasoningisrequired.However,bitblastingthisexpressionresultsinadifcultSATproblemasthelargecircuitsrequiredtomodeltheproductsobscurethetrivialincon-sistency.Thecalypto,lfsrandsimple processors(Table2)exhibitthistypeofstruc-ture.Onthesefamilies,ourLBVin-processingmodulecanoftensimplifyeachcalltoTheoryChecktofalseorasignicantlysimplercircuit.Othervericationproblems,suchascheckingthecorrectnessofsortingalgorithms,relyonthearithmeticpropertiesofatotalorder.Theequality,coreandinequalitysubsolverscandecidesuchproblems,oftenwithoutanybit-levelreasoningatall.7FutureWorkForfuturework,weplantobothimprovetheperformanceofthelazysolverandin-vestigateheuristicsforautomaticallyselectingbetweentheeagerandlazysolvers.InSection6wegavesomeintuitionforwhichofthetwoapproachesisbestsuitedforwhichproblemstructure.Itwouldbeinterestingtoseeifitispossibletostaticallydeterminewhichsolverislikelytoperformbetter.Thelazysolvercanbeimprovedbyaddingmoresub-theorysolvers,suchasasub-solvercompleteforsomefragmentofmodulararithmetic.Theinprocessingmodulecurrentlyonlyhandlesequalityreasoning,xorsolvingandslicing.Althoughitisal-readyremarkablyefcient,theSolveEqroutinecouldbegeneralizedtoothertypesofequationsolving.Anotherwaytoimprovetheperformanceofthelazysolveristominimizethecon-ictsobtainedfromthebit-blastingsubsolver.Theconictsreturnedbythatsubsolverwithassumptionsinfrastructurearenotguaranteedtobeminimal.Indeed,inourexpe-riencetheyareoftennon-minimal,insomecaseslargerthanminimalonesbyafactorof10.ThechallengehereistominimizetheconictinanefcientlysincesatisabilityqueriesinTbvarepotentiallyveryexpensive.Onewaytoexpandthescopeofthelazybit-vectorsolver,andovercomesomeofitslimitation,wouldbetoincreasethekindofconictsitcanreturn.Currently,thesolvercanonlyreturnconictsintermsofbit-vectoratoms.Itwouldbeinterestingtoexperimentwithexpandingthisvocabularydynamically,byaddingconictsthatrefertoindividualbitsoftheterms.Thiscouldpotentiallybesupportedbyusingthesplittingondemandframework[3].