1 / 23

Bit Vector

Bit Vector. Daniel Kroening and Ofer Strichman Decision Procedure. Decision procedures. Decision procedures which we learnt.. SAT Solver BDDs Decision procedure for equality logic … However, what kind of logic do we need to express bit-wise operations and bit-wise arithmetic?

samuru
Download Presentation

Bit Vector

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Bit Vector Daniel Kroening and OferStrichman Decision Procedure

  2. Decision procedures • Decision procedures which we learnt.. • SAT Solver • BDDs • Decision procedure for equality logic • … • However, what kind of logic do we need to express bit-wise operations and bit-wise arithmetic? • Logics which we covered can not express those kind of operations. • We need bit-vector logic.

  3. We need bit-vector logic • We need bit-vector logic • Bit-wise operators : bit-wise AND, shift … • Bit-wise arithmetic : bit addition, bit multiplication … • Since bit-vector has finite domain, so we need to consider overflow problem which can not be happened in unbounded type operations, such as integer domain. • We want to verify large formulas • Program analysis tools that generate bit-vector formulas: • CBMC • SATABS • F-Soft • …

  4. Contents • Introduction to bit-vector logic • Syntax • Semantics • Decision procedures for bit-vector logic • Flattening bit-vector logic • Incremental flattening • Conclusion

  5. Bit-vector logic syntax • Bit-vector logic syntax

  6. Semantics • Following formula obviously holds over the integer domain: • However, this equivalence no longer holds over the bit-vectors. • Subtraction operation may generate an overflow. • Example

  7. Width and Encoding • The meaning of a bit-vector formula obviously depends on • the width of the expression in bits • the encoding - whether it is signed or unsigned • Typical encodings: • Binary encoding - unsigned • Two’s complement - signed

  8. Examples • The width of the expression in bits • unsatisfiable for one bit wide bit vectors, but satisfiable for larger widths. • The encoding • means different with respect to each encoding schemes. • Notation to clarify width and encoding U: unsigned binary encoding S : signed two’s complement width in bits

  9. Definition of bit-vector • Definition. A bit vector b is a vector of bits with a given length l (or dimension) : • The i-th bit of the bit vector is denoted by … bits

  10. λ- Notation for bit-vectors • A lambda expression for a bit vector with bits has the form • is an expression that denotes the value of the i-th bit. • Example • The expression above denotes the bit vector 10101010.

  11. Examples (cond.) • The vector of length l that consists of zeros: • A function that inverts a bit vector: • A bit-wise OR:

  12. Semantics for arithmetic operators (1/3) • What is the answer for the below C program ? • On 8 bits architectures, this is 44 which is not 300. • Therefore, Bit vector arithmetic uses modular arithmetic.

  13. Semantics for arithmetic operators (2/3) • Semantics for addition and subtraction: • Semantics for relational operators:

  14. Semantics for arithmetic operators (3/3) • Semantics for shift : • logical left shift • logical right shift • arithmetic right shift - the sign bit of a is replicated

  15. Decision procedure for bit-vector • Bit-vector flattening • Most commonly used decision procedure • Transform bit-vector logic to propositional logic, which is then passed to SAT solver. • Algorithm Input : A formula in bit-vector arithmetic Output : An equisatisfiable Boolean formula Convert each term into new Boolean variable Set each bit of each term to a new Boolean variable Add constraint for each atom Add constraint for each term

  16. Example • Bit-vector formula • Convert each term into new Boolean variable • Set each bit of each term to a new Boolean variable • Add constraint for each atom • Add constraint for each term

  17. Example (l-bit Adder) • 1-bit adder can be defined as follows: • Carry bit can be defined as follows:

  18. Example (l-bit Adder) • l-bit Adder can be defined as follows: • The constraints generated by algorithm for the formula is following:

  19. Incremental bit flattening (1/4) • Some arithmetic operation result in very hard formulas • Multiplication • Multiplier is defined recursively for , where denotes the width of the second operand: • Therefore, we want to check satisfiability of a given formula without checking satisfiability of sub-formulas which have complicated arithmetic operations such as multiplication.

  20. Incremental bit flattening (2/4) • Example • This formula is obviously unsatisfiable • Since first two conjuncts are inconsistent and last two conjuncts are also inconsistent. • SAT solver wants to make a decision of first two conjuncts because a and b are used frequently than x and y. • However, this decision isn’t good because last two conjuncts are rather easy to check satisfiability since relation bit-vector operation is less complicate than multiplication bit-vector operation.

  21. Incremental bit flattening (3/4) Pick ‘easy’ part convert to CNF YES : Boolean part of : set of terms that encoded to CNF formula : set of terms that are inconsistent with the current satisfying assignment SAT UNSAT

  22. Incremental bit flattening (4/4) • Idea : add ‘easy’ parts of the formula first • Only add hard parts when needed • only gets stronger - that’s why it is incremental

  23. Conclusion • We can compute bit-wise operations and arithmetics using bit-vector logic. • There are decision procedures which check satisfiability of given bit-vector logic formula.

More Related