on intervals and bounds in bit-vector arithmetic Mikol Janota and - - PowerPoint PPT Presentation

• n intervals and bounds in bit-vector

arithmetic

Mikoláš Janota and Christoph M. Wintersteiger

Microsoft Research, Cambridge, UK

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 1 / 10

what are bit vectors?

• numbers as in computer (roughly)
• fixed bit-width
• ,

wraps around

• negative numbers via 2’s complement
• Example: x8

8 18 s 8 y8 8 38

• x8

0x7f y8 0x80

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 2 / 10

what are bit vectors?

• numbers as in computer (roughly)
• fixed bit-width
• ,

wraps around

• negative numbers via 2’s complement
• Example: x8

8 18 s 8 y8 8 38

• x8

0x7f y8 0x80

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 2 / 10

what are bit vectors?

• numbers as in computer (roughly)
• fixed bit-width
• + , × wraps around
• negative numbers via 2’s complement
• Example: x8

8 18 s 8 y8 8 38

• x8

0x7f y8 0x80

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 2 / 10

what are bit vectors?

• numbers as in computer (roughly)
• fixed bit-width
• + , × wraps around
• negative numbers via 2’s complement
• Example: x8

8 18 s 8 y8 8 38

• x8

0x7f y8 0x80

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 2 / 10

what are bit vectors?

• numbers as in computer (roughly)
• fixed bit-width
• + , × wraps around
• negative numbers via 2’s complement
• Example: (x8 +8 18) ≤s

8 (y8 ×8 38)

• x8

0x7f y8 0x80

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 2 / 10

what are bit vectors?

• numbers as in computer (roughly)
• fixed bit-width
• + , × wraps around
• negative numbers via 2’s complement
• Example: (x8 +8 18) ≤s

8 (y8 ×8 38)

• x8 = 0x7f, y8 = 0x80

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 2 / 10

how do we solve bit-vectors?

• Bit-blasting — convert everything to propositional form

(SAT).

• Exponential in bit-width and losing “domain” knowledge.
• It is important to apply preprocessing before sending to

SAT.

• Example: xm

0m xm

• Example: xm

4m x m 3 02

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 3 / 10

how do we solve bit-vectors?

• Bit-blasting — convert everything to propositional form

(SAT).

• Exponential in bit-width and losing “domain” knowledge.
• It is important to apply preprocessing before sending to

SAT.

• Example: xm

0m xm

• Example: xm

4m x m 3 02

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 3 / 10

how do we solve bit-vectors?

• Bit-blasting — convert everything to propositional form

(SAT).

• Exponential in bit-width and losing “domain” knowledge.
• It is important to apply preprocessing before sending to

SAT.

• Example: xm

0m xm

• Example: xm

4m x m 3 02

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 3 / 10

how do we solve bit-vectors?

• Bit-blasting — convert everything to propositional form

(SAT).

• Exponential in bit-width and losing “domain” knowledge.
• It is important to apply preprocessing before sending to

SAT.

• Example: (xm + 0m) = xm
• Example: xm

4m x m 3 02

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 3 / 10

how do we solve bit-vectors?

• Bit-blasting — convert everything to propositional form

(SAT).

• Exponential in bit-width and losing “domain” knowledge.
• It is important to apply preprocessing before sending to

SAT.

• Example: (xm + 0m) = xm
• Example: (xm × 4m) = x[m − 3 : 0] +

+ 02

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 3 / 10

problem

• inequalities with multiple variables and addition are

NP-complete

• conjunction

Ci Ci, where Ci is one of the following with x a bit-vector variable and c1 c2 constants.

1. c1

w x u c2 w x

• 2. c1

u c2 w x

3. c1

w x u c2

• 4. x

s c1

• 5. c1

s x

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 4 / 10

problem

• inequalities with multiple variables and addition are

NP-complete

• conjunction ∧ ¬Ci ∧ ∧ Ci, where Ci is one of the following

with x a bit-vector variable and c1, c2 constants.

1. c1

w x u c2 w x

• 2. c1

u c2 w x

3. c1

w x u c2

• 4. x

s c1

• 5. c1

s x

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 4 / 10

problem

• inequalities with multiple variables and addition are

NP-complete

• conjunction ∧ ¬Ci ∧ ∧ Ci, where Ci is one of the following

with x a bit-vector variable and c1, c2 constants.

• 1. (c1 +w x) ≤u(c2 +w x)
• 2. c1

u c2 w x

3. c1

w x u c2

• 4. x

s c1

• 5. c1

s x

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 4 / 10

problem

• inequalities with multiple variables and addition are

NP-complete

• conjunction ∧ ¬Ci ∧ ∧ Ci, where Ci is one of the following

with x a bit-vector variable and c1, c2 constants.

• 1. (c1 +w x) ≤u(c2 +w x)
• 2. c1 ≤u(c2 +w x)

3. c1

w x u c2

• 4. x

s c1

• 5. c1

s x

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 4 / 10

problem

• inequalities with multiple variables and addition are

NP-complete

• conjunction ∧ ¬Ci ∧ ∧ Ci, where Ci is one of the following

with x a bit-vector variable and c1, c2 constants.

• 1. (c1 +w x) ≤u(c2 +w x)
• 2. c1 ≤u(c2 +w x)
• 3. (c1 +w x) ≤u c2
• 4. x

s c1

• 5. c1

s x

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 4 / 10

problem

• inequalities with multiple variables and addition are

NP-complete

• conjunction ∧ ¬Ci ∧ ∧ Ci, where Ci is one of the following

with x a bit-vector variable and c1, c2 constants.

• 1. (c1 +w x) ≤u(c2 +w x)
• 2. c1 ≤u(c2 +w x)
• 3. (c1 +w x) ≤u c2
• 4. x ≤s c1
• 5. c1

s x

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 4 / 10

problem

• inequalities with multiple variables and addition are

NP-complete

• conjunction ∧ ¬Ci ∧ ∧ Ci, where Ci is one of the following

with x a bit-vector variable and c1, c2 constants.

• 1. (c1 +w x) ≤u(c2 +w x)
• 2. c1 ≤u(c2 +w x)
• 3. (c1 +w x) ≤u c2
• 4. x ≤s c1
• 5. c1 ≤s x

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 4 / 10

inequalities

• (0 <s

8 x) ∧ (200 <u 8 x) ... UNSAT

128 200 0/256

0 <s

8 x

200 <u

8 x

• x

100

u 8 x

200 56 156 0/256

true false true

• x

200

u 8 x

100 56 156 0/256

false true false Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 5 / 10

inequalities

• (0 <s

8 x) ∧ (200 <u 8 x) ... UNSAT

128 200 0/256

0 <s

8 x

200 <u

8 x

• (x + 100 <u

8 x + 200)

56 156 0/256

true false true

• x

200

u 8 x

100 56 156 0/256

false true false Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 5 / 10

inequalities

• (0 <s

8 x) ∧ (200 <u 8 x) ... UNSAT

128 200 0/256

0 <s

8 x

200 <u

8 x

• (x + 100 <u

8 x + 200)

56 156 0/256

true false true

• (x + 200 <u

8 x + 100)

56 156 0/256

false true false Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 5 / 10

translation

Expression Condition Interval c1 +w x ≤u c2 +w x c1 ≤ c2 ∽[−c2 ; − c1 − 1] c1 +w x ≤u c2 +w x c1 > c2 [−c1 ; − c2 − 1] c1 ≤u c2 +w x c1 < c2 ∽[−c2 ; c1 − c2 − 1] c1 ≤u c2 +w x c1 ≥ c2 [c1 − c2 ; − c2 − 1] c1 +w x ≤u c2 c1 ≤ c2 ∽[c2 − c1 + 1 ; − c1 − 1] c1 +w x ≤u c2 c1 > c2 [−c1 ; − c1 + c2] x ≤s c1 c1 < 2w−1 ∽[c1 + 1 ; 2w−1 − 1] x ≤s c1 c1 ≥ 2w−1 [2w−1 ; c1] c1 ≤s x c1 < 2w−1 [c1 ; 2w−1 − 1] c1 ≤s x c1 ≥ 2w−1 ∽[2w−1 ; c1 − 1]

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 6 / 10

computing the envelope

1 P ← {[a ; b] | [a ; b] ∈ I};

// positive intervals

2 l ← P = ∅ ? 0 : min {a | [a ; b] ∈ P};

// lower bound

3 h ← P = ∅ ? 2w − 1 : max {b | [a ; b] ∈ P};

// upper bound

4 N ← {∽[a ; b] | ∽[a ; b] ∈ I};

// negative intervals

5 N ← sort N by first element; 6 p, l′, h′ ← l, l, l − 1; 7 for ∽[a ; b] ∈ N ∪ ∽[2w ; 2w] do 8

if p > h then break; // space exhausted

9

if b < p then continue; // redundant interval

10

if p < a then // satisfiable portion

11

if h′ > l′ then l′ ← p; // first satisfiable point

12

h′ ← a − 1; // update upper bound

13

p ← b + 1; // move onto next portion

14 return [l′ ; h′]

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 7 / 10

evaluation

Table 1: Conflict count.

Example Avg. Med Min Max (1) unsat 26 36 3 100 (2) redundant 31 25 7 89 (2) reduced 29 37 3 92 (3) unique 21 40 123

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 8 / 10

remarks

• Single-variable inequalities appear in tests for overflows.
• As simple preprocessing do not seem to be very effective.
• Context sensitive? During search?

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 9 / 10

remarks

• Single-variable inequalities appear in tests for overflows.
• As simple preprocessing do not seem to be very effective.
• Context sensitive? During search?

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 9 / 10

remarks

• Single-variable inequalities appear in tests for overflows.
• As simple preprocessing do not seem to be very effective.
• Context sensitive? During search?

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 9 / 10

Thank You for Your Attention! Questions?

Janota, Wintersteiger On Intervals and Bounds in Bit-vector Arithmetic 10 / 10