650 likes | 805 Views
Bit-Vector Rewriting with Automatic Rule Generation. Alexander Nadel Intel Haifa, Israel CAV 2014 Vienna, Austria July 22 th , 2014. Agenda. Introduction to Bit-Vector Solving and Rewriting Automatic Rewriting-based Preprocessing Experimental Results. Bit-Vector (BV) Language.
E N D
Bit-Vector Rewriting with Automatic RuleGeneration Alexander Nadel Intel Haifa, Israel CAV 2014Vienna, Austria July 22th, 2014
Agenda • Introduction to Bit-Vector Solving and Rewriting • Automatic Rewriting-based Preprocessing • Experimental Results
Bit-Vector (BV) Language • Variables and constants are bit-vectors of user-defined width: • width 1 (Bool): 0 • width 8: [01011110] • width 30: [010111100100011101000011001101] • Operators: • Core: =, , if-then-else • Bit-wise: ~, &, |, ^, … • Arithmetic: +, -, *, /, … • Comparison: <, , >, • Bit-propagating: concat, extract, <<, >>, … • Assertions: a Boolean literal must hold
BV Formula Example Assertions Input DAG a = 1 op2 op2 BV solving is widely used (in SW and HW validation; scheduling; number theory; automatic configuration; …) op1 op1 e a g h i + k l << & - + = / d xnor op2 op1 -1=[1111] 0=[0000] c b f j Widths: w(a) = 1; w(v {b,c,d,e,f,g,h,i,j,k,l}) = 4
BV Solver Architecture Preprocessing Eager Lazy SAT DPLL(BV)
BV Solver Architecture Preprocessing Rewriting: preprocessor’s bread and button Eager Lazy SAT DPLL(BV)
Rewriting Example Assertions Input DAG a = 1 op2 op2 op1 op1 e a i g h + d l k << - / + = & xnor op2 op1 -1=[1111] 0=[0000] c b f j
Rewriting Example Assertions Input DAG a = 1 op2 op2 op1 op1 e a i g h + d l k << & + / - = xnor op2 op2 op1 op1 -1=[1111] 0=[0000] c b f j
Rewriting Example Assertions Input DAG a = 1 op2 op2 op1 op1 e a g h i + d k & - / + = xnor -1=[1111] c b f j
Rewriting Example Assertions Input DAG a = 1 op2 op2 op1 op1 e a i h g + d k - / + & = xnor -1=[1111] j c b f
Rewriting Example Assertions Input DAG a = 1 op2 op2 op1 op1 e a g h i + d + / = - xnor j c b f
Generating Input to 0-saturation Assertions Input to 0-saturation a = 1 Input DAG (potentially after rewriting) Triplets (a triplet: x = y op z) op2 a=b==c op2 d = b xnor c e = f + d op1 e d g op1 g = e + d + xnor + h i a h = f - g \ - = i = j / h c b f j w(a) = 1; w(v {b,c,d,e,f,g,h,i,j}) = 4 w(a) = 1; w(v {b,c,d,e,f,g,h,i,j}) = 4
Evaluation Queue Bindings a=b==c 1=b==c a = 1 d = b xnor c e = f + d g = e + d h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules 1=b==c d = b xnor c • Bindings • Equivalences entailed by the formula e = f + d g = e + d • Active triplets • Evaluated non-tautological triplets become active • Any triplet one of whose variables is bound (replaced by another) is moved back to the evaluation queue • Active triplets comprise the output of 0-saturation h = f - g i = j / h • Triplets to be evaluated • Evaluation of a triplet may yield new bindings or a contradiction. • An evaluated triplet either moves to the “active” state or becomes a tautology and removed
Evaluation Queue Active Triplets Bindings Rules • Rules • Automatically generated rules for evaluating triplets • Empty in the beginning • Instance-specific rules are generated on-the-fly • A rule: premise conclusion per concreteoperation and width • Premise: a condition that must hold for the triplet to apply the rule • Conclusion is either: • A set of bindings • A contradiction • Empty 1=b==c d = b xnor c e = f + d g = e + d h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules 1=b==c d = b xnor c e = f + d g = e + d h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules 1=b==c d = b xnor c e = f + d g = e + d h = f - g i = j / h
Premise Detection: Evaluation Queue Active Triplets Bindings Rules 1=b==c Rewriting constants 0 = [00…000] -1 = [11…111] 1 = [00…001] -2 = [11…110] 2 = [00…010] Given a triplet x = y op z, look for a rule if: any v {x,y,z}is a rewriting constant ora rewriting function of u v {x,y,z} d = b xnor c e = f + d g = e + d Rewriting functions Equivalence: f1(v) = v Unary minus: f6(v) = −v Negation: f7(v) = −v − 1 = ∼v Neighbors: f2(v) = v − 1 = ∼−v f3(v) = v − 2 = ∼−∼−v f4(v) = v + 1 = −∼v f5(v) = v + 2 = −∼−∼v Unary minus neighbors: f8(v) = −v − 2 = ∼−∼v f9(v) = −v + 1 = −∼−v f10(v) = −v + 2 = −∼−∼−v h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules 1=b==c • Premise detection is successful: x is the rewriting constant 1! • Do any rules with this premise exist? • Yes apply the rule • No generate a conclusion d = b xnor c e = f + d g = e + d h = f - g i = j / h
Conclusion Generation Example 1=y==z w(x) = 1; w(y)=w(z)=4 Check if at least one of v {x,y,z}is a rewriting constant ora rewriting function of u v {x,y,z}and generate the corresponding bindings Generate a CNF corresponding to the formula: y=0? Add clauses for y 0 with a selector s Solve all the clauses under the assumption swith incremental SAT Satisfiable: no rule can be learnt
Conclusion Generation Example 1=y==z w(x) = 1; w(y)=w(z)=4 Check if at least one of v {x,y,z}is a rewriting constant ora rewriting function of u v {x,y,z}and generate the corresponding bindings Generate a CNF corresponding to the formula: y=z? Add clauses for y z with a selector: Solve all the clauses under the assumption s with incremental SAT Unsatisfiable; rule learnt: x=1 y=z for operation ==; width 4
Evaluation Queue Active Triplets Bindings Rules b = c 1=b==c d = b xnor c e = f + d g = e + d h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d = b xnorb e = f + d g = e + d h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d = b xnorb e = f + d g = e + d h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d = b xnorb e = f + d • Premise detection is successful: y is the rewriting function f1(v)=v of z! • Do any rules with this premise exist? • No generate a conclusion with incremental SAT g = e + d h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 d = b xnorb e = f + d g = e + d h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 e = f - 1 g = e - 1 h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 e = f - 1 g = e - 1 h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 e = f - 1 • Premise detection is successful: z is the rewriting constant 1 • Do any rules with this premise exist? • No generate a conclusion with incremental SAT g = e - 1 h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f e = f - 1 g = e - 1 h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f g = e - 1 h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f g = e - 1 h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f g = e - 1 h = f - g i = j / h • Premise detection is successful: z is the rewriting constant 1 • Do any rules with this premise exist? • Yes apply the rule
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e g = e - 1 h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h = f - g i = j / h • Premise detection is successful: -~-~g = -~-(-e) = -~e = -(-f) = f,thus g = ~-~-f = f-2 • Discovered in O(1) based on bindings • Do any rules with this premise exist? • No generate a conclusion with incremental SAT
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h=2 h = f - g i = j / h
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h=2 i = j / 2
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h=2 i = j / 2
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h=2 i = j / 2 • Premise detection is successful: z=2 • Do any rules with this premise exist? • No generate a conclusion using incremental SAT solving
Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h=2 i = j / 2 • Premise detection is successful: z=2 • Do any rules with this premise exist? • No generate a conclusion with incremental SAT
Evaluation Queue Active Triplets Bindings Rules b = c i = j / 2 d=-1 ~e=-f ~g=-e h=2 • 0-saturation is completed • In eager BV solving, the active triplets are bit-blasted to CNF and solved with SAT