Daniel Kroening and Ofer Strichman Decision Procedure Decision procedures Decision procedures which we learnt SAT Solver BDDs Decision procedure for equality logic However what kind of logic do we need to express bitwise operations and bitwise arithmetic ID: 285151
Download Presentation The PPT/PDF document "Bit Vector" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Bit Vector
Daniel Kroening and Ofer StrichmanDecision Procedure
Slide2
Decision proceduresDecision procedures which we learnt..
SAT SolverBDDsDecision procedure for equality logic…However, what kind of logic do we need to express bit-wise operations and bit-wise arithmetic?Logics which we covered can not express those kind of operations.We need bit-vector logic.Slide3
We need bit-vector logicWe need bit-vector logic
Bit-wise operators : bit-wise AND, shift …Bit-wise arithmetic : bit addition, bit multiplication …Since bit-vector has finite domain, so we need to consider overflow problem which can not be happened in unbounded type operations, such as integer domain.We want to verify large formulasProgram analysis tools that generate bit-vector formulas:CBMCSATABSF-Soft
…Slide4
Contents Introduction to bit-vector logic
SyntaxSemanticsDecision procedures for bit-vector logicFlattening bit-vector logicIncremental flatteningConclusionSlide5
Bit-vector logic syntaxBit-vector logic syntaxSlide6
SemanticsFollowing formula obviously holds over the integer domain:
However, this equivalence no longer holds over the bit-vectors.Subtraction operation may generate an overflow.ExampleSlide7
Width and EncodingThe meaning of a bit-vector formula obviously depends on
the width of the expression in bitsthe encoding - whether it is signed or unsigned Typical encodings:Binary encoding - unsigned Two’s complement - signedSlide8
ExamplesThe width of the expression in bits
unsatisfiable for one bit wide bit vectors, but satisfiable for larger widths.The encoding means different with respect to each encoding schemes.
Notation to clarify width and encoding
width in bits
U: unsigned binary encoding
S : signed two’s complementSlide9
Definition of bit-vectorDefinition. A bit vector
b is a vector of bits with a given length l (or dimension) :The i-th bit of the bit vector is denoted by
…
bitsSlide10
λ - Notation for bit-vectors
A lambda expression for a bit vector with bits has the form is an expression that denotes the value of the i-th bit.Example
The expression above denotes the bit vector
10101010
.
Slide11
Examples (cond.)The vector of length
l that consists of zeros:A function that inverts a bit vector:A bit-wise OR:Slide12
Semantics for arithmetic operators (1/3)
What is the answer for the below C program ?
On
8 bits
architectures
, this is 44 which is not 300.
Therefore, Bit vector arithmetic uses modular arithmetic.Slide13
Semantics for arithmetic operators (2/3)
Semantics for addition and subtraction:Semantics for relational operators:Slide14
Semantics for arithmetic operators (3/3)
Semantics for shift :logical left shift
logical right shift
arithmetic right shift - the sign bit of a is replicatedSlide15
Decision procedure for bit-vector
Bit-vector flattening Most commonly used decision procedureTransform bit-vector logic to propositional logic, which is then passed to SAT solver.Algorithm
Input : A formula in bit-vector arithmetic
Output : An
equisatisfiable
Boolean formula
Convert each term into new Boolean variable
Set each bit of each term to a new Boolean variable
Add constraint for each atom
Add constraint for each termSlide16
ExampleBit-vector formula
Convert each term into new Boolean variableSet each bit of each term to a new Boolean variable
Add constraint for each atom
Add constraint for each term
Slide17
Example (l-bit Adder)
1-bit adder can be defined as follows:Carry bit can be defined as follows:Slide18
l-bit Adder can be defined as follows:
The constraints generated by algorithm for the formula is following:Example (l-bit Adder)Slide19
Incremental bit flattening (1/4)
Some arithmetic operation result in very hard formulasMultiplicationMultiplier is defined recursively for , where denotes the width of the second operand: Therefore, we want to check satisfiability
of a given formula without checking
satisfiability
of sub-formulas which have complicated arithmetic operations such as multiplication. Slide20
Incremental bit flattening (2/4)Example
This formula is obviously unsatisfiableSince first two conjuncts are inconsistent and last two conjuncts are also inconsistent. SAT solver wants to make a decision of first two conjuncts because a and
b
are used frequently than
x
and
y
.
However, this decision isn’t good because last two conjuncts are rather easy to check
satisfiability
since relation bit-vector operation is less complicate than multiplication bit-vector operation.Slide21
Incremental bit flattening (3/4)
UNSAT
SAT
YES
: Boolean part of
: set of terms that encoded to CNF formula
: set of terms that are inconsistent with the current satisfying assignment
Pick ‘easy’ part
convert to CNFSlide22
Incremental bit flattening (4/4)Idea : add ‘easy’ parts of the formula first
Only add hard parts when needed only gets stronger - that’s why it is incrementalSlide23
ConclusionWe can compute bit-wise operations and
arithmetics using bit-vector logic.There are decision procedures which check satisfiability of given bit-vector logic formula.