Deciding Bit-Vector Formulas with mcSAT Aleksandar Zelji c Uppsala - - PowerPoint PPT Presentation

Deciding Bit-Vector Formulas with mcSAT

Aleksandar Zelji´ c Uppsala University Philipp R¨ ummer Christoph Wintersteiger Uppsala University Microsoft Research SMT Workshop July 1st, 2016

We present...

A novel decision procedure for the theory of bit-vectors

based on mcSAT[Jovanovi´ c, de Moura, VMCAI2013] avoids bit-blasting preserves word-level structure using tailor-made conflict driven learning

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 2

A trivial benchmark

(set-logic QF_BV) (declare-fun x () (_ BitVec 29980)) (declare-fun y () (_ BitVec 29980)) (assert (and (bvuge x y) (bvule (bvadd x (_ bv1 29980)) y))) One model: x = 111 . . . 111, y = 000 . . . 000

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 3

A trivial benchmark

(set-logic QF_BV) (declare-fun x () (_ BitVec 29980)) (declare-fun y () (_ BitVec 29980)) (assert (and (bvuge x y) (bvule (bvadd x (_ bv1 29980)) y))) One model: x = 111 . . . 111, y = 000 . . . 000

Challenging for bit-blasting!

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 3

Motivating example

Factorial computation in C unsigned int f a c t o r i a l = 1u ; unsigned int i , n ; for ( int i = n ; i > 0u ; i −−) { f a c t o r i a l = f a c t o r i a l ∗ i ; } a s s e r t ( n <= 1 | | f % 2u == 0u)

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 4

Motivating example

Factorial computation in C unsigned int f a c t o r i a l = 1u ; unsigned int i , n ; for ( int i = n ; i > 0u ; i −−) { f a c t o r i a l = f a c t o r i a l ∗ i ; } a s s e r t ( n <= 1 | | f % 2u == 0u)

Prove that factorial of any number greater than 2 is even.

Use BMC to generate formulas of increasing complexity

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 4

Performance

1 10 100

T/O M/O

10 20 30 50 100 150 Time [sec] Iterations mcBV × × × × × × × × × × × × × × Z3 4.4.2

• •
• Boolector 2.2.0

∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 5

Example

x = y + z ∧ y <u z ∧ ( x ≤u y + y ∨ y ⊕ z >u 1000 )

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 6

Example

x = y + z ∧ y <u z ∧ ( x ≤u y + y ∨ y ⊕ z >u 1000 )

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 6

Example

x = y + z ∧ y <u z ∧ ( x ≤u y + y ∨ y ⊕ z >u 1000 ) y → 1111

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 6

Example

x = y + z ∧ y <u z ∧ ( x ≤u y + y ∨ y ⊕ z >u 1000 ) y → 1111 z →?

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 6

Example

x = y + z ∧ y <u z ∧ ( x ≤u y + y ∨ y ⊕ z >u 1000 ) ∧ y = 1111

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 6

Example

x = y + z ∧ y <u z ∧ ( x ≤u y + y ∨ y ⊕ z >u 1000 ) ∧ y = 1111 y → 1110 z → 1111

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 6

Example

x = y + z ∧ y <u z ∧ ( x ≤u y + y ∨ y ⊕ z >u 1000 ) ∧ y = 1111 y → 1110 z → 1111 x → 1101

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 6

Example

¬(y ≥u 14) ∨ ¬(y <u z) ∨ ¬(x = z + y) ∨ ¬(x <u y + y) Valid ¬(y ≥u 0) ∨ ¬(y <u z) ∨ ¬(x = z + y) ∨ ¬(x <u y + y) (0, 1, 15) ¬(y ≥u 7) ∨ ¬(y <u z) ∨ ¬(x = z + y) ∨ ¬(x <u y + y) (0, 7, 9) ¬(y ≥u 10) ∨ ¬(y <u z) ∨ ¬(x = z + y) ∨ ¬(x <u y + y) Valid ¬(y ≥u 8) ∨ ¬(y <u z) ∨ ¬(x = z + y) ∨ ¬(x <u y + y) Valid

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 6

Example

x = y + z ∧ y <u z ∧ ( x ≤u y + y ∨ y ⊕ z >u 1000 ) ∧ y = 1111 ∧ x = y + z ( ∨ y u z ∨ x u y + y ∨ y u 1000 )

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 6

Example

x = y + z ∧ y <u z ∧ ( x ≤u y + y ∨ y ⊕ z >u 1000 ) ∧ y = 1111 ∧ x = y + z ( ∨ y u z ∨ x u y + y ∨ y u 1000 )

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 6

Example

x = y + z ∧ y <u z ∧ ( x ≤u y + y ∨ y ⊕ z >u 1000 ) ∧ y = 1111 ∧ x = y + z ( ∨ y u z ∨ x u y + y ∨ y u 1000 ) y → 0111 z → 1111 x → 0110

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 6

Existing methods

Bit-blasting encoding of BVA into propositional logic leverages the efficiency of SAT solvers scales poorly destroys word-level structure Other approaches: preprocessing combining lazy and eager solvers encoding into arithmetic

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 7

About mcSAT

Allows concrete variable assignments Flexible learning (not only in terms of literals on the trail) Model is readily available The partial model philosophy Literals on the trail are justified by model assignments

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 8

mcSAT

The problem is a collection of clauses C to be satisfied. Trail represents the model M being constructed. Abstract transition system a search state — M, C. a conflict state — M, C | = c

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 9

Propositional Search Rules

Propagate M, C − → [M, c → l], c if c = (l1 ∨ . . . ∨ lm ∨ l) ∈ C ∀i : value(li, M) = false value(l, M) = undef Decide M, C − → [M, l], C if l ∈ B, value(l, M) = undef Conflict M, C − → M, C ⊢ e if c ∈ C, value(c, M) = false Sat M, C − → sat if M is complete value(c, M) = true for all c ∈ C Forget M, C − → M, C\{c} if c ∈ C is a learned clause

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 10

Propositional Conflict Analysis Rules

Resolve [M, d → l], C ⊢ c − → M, C ⊢ r if ¬l ∈ c r = resolve(c, d, l) Consume [M, d → l], C ⊢ c − → M, C ⊢ c if ¬l ∈ c [M, l], C ⊢ c − → M, C ⊢ c if ¬l ∈ c Backjump [M, N], C ⊢ c − → [M, c → l], C if c = l1 ∨ . . . ∨ lm ∨ l ∀i : value(Li, M) = false value(l, M) = undef N starts with a decision Unsat M, C ⊢ false − → unsat Learn M, C ⊢ c − → M, C ∪ {c} ⊢ c if c / ∈ C

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 11

Theory Rules

T-Propagate M, C − → [M, e → l], C if l ∈ B, value(l, M) = undef [M, ¬l] is infeasible e = explain([M, ¬l]) T-Decide M, C − → [M, π(x) → α], C if x is a (theory) variable v[M](x) = undef [M, x → α] is consistent T-Conflict M, C − → M, C ⊢ e if M is infeasible e = explain(M) T-Consume [M, x → α], C ⊢ e − → M, C ⊢ e if M is infeasible e = explain(M) T-Backjump-Decide [M, x → α, N], C ⊢ e − → [M, l], C if c = l1 ∨ . . . ∨ lm ∨ l ∃i : value(li, M) = undef value(l, M) = undef

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 12

Ingredients to instantiate mcSAT

a finite basis of literals, B

required for termination

explain function

returns a valid clause which evaluates to false under the trail literals are not necessarily on the trail, but must be from B

value function

used to evaluate literals under a trail affects strength of propagation

propagation

cheap infeasability detection detect model propagations bit-pattern-based interval-based

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 13

Model assignments for Bit-Vectors

Partial assignments π(x) → α mutually consistent Projection functions π complete extractn

m are a natural choice for bit-vectors

Finite basis B remains finite.

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 14

Modifying the Calculus

T-Decide M, C − → [M, π(x) → α], C if x is a (theory) variable in C Domain(x, [M, π(x) → α]) = Domain(x, M) [M, π(x) → α] is consistent

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 15

Representing partial assignments

Bit-patterns strings over a 3-letter alphabet {0, 1, u} u stands for 0-or-1 represents sets of values s.t. matches(x, p) =

• 0≤i<k

pi=u

xi = pi Partial assignments with bit-patterns extract2

2(x) → 11

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 16

Representing partial assignments

Bit-patterns strings over a 3-letter alphabet {0, 1, u} u stands for 0-or-1 represents sets of values s.t. matches(x, p) =

• 0≤i<k

pi=u

xi = pi Partial assignments with bit-patterns x → uu11uuuu

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 16

Representing partial assignments

Bit-patterns strings over a 3-letter alphabet {0, 1, u} u stands for 0-or-1 represents sets of values s.t. matches(x, p) =

• 0≤i<k

pi=u

xi = pi Partial assignments with bit-patterns x → u212u4

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 16

Run-length encoding

x 03 u2 13 12 y 13 02 03 u2 x ⊕ y 13 u2 13 u2 Properties: Instantiates only relevant bits Can represent long bit-vectors Allows BCP-like propagation Complexity depends on the value representation

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 17

How do we capture arithmetic properties?

Interval over-approximation Every variable x is associated with an interval: x ∈ [xl, xu] Relies on interval constraint propagation Bit-patterns and intervals Longest common prefix of lower and upper bound induces a bit-pattern x ∈ [01000, 01010] → match(x, 010uu) Bit-patterns induce intervals match(x, 010uu) → x ∈ [01000, 01011]

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 18

Explanations

explain(M) function returns: a valid clause false under the trail M each literal belongs to the B Generalizing explanations Start from the conflict clause Weaken literals using a binary search over a lattice of literals Verify validity using a heuristic procedure hsat

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 19

Bit-wise generalisation example

M = [. . . , y → 04, x → 1101, extract2

2(y) = x]

¬matches(y, 0000) ∨ ¬matches(x, 10) ∨ ¬extract2

2(y) = x

Valid ¬matches(y, u000) ∨ ¬matches(x, 10) ∨ ¬extract2

2(y) = x

Valid ¬matches(y, uuu0) ∨ ¬matches(x, 10) ∨ ¬extract2

2(y) = x (0010, 10)

¬matches(y, uu00) ∨ ¬matches(x, 10) ∨ ¬extract2

2(y) = x

Valid ¬matches(y, uu0u) ∨ ¬matches(x, 10) ∨ ¬extract2

2(y) = x

Valid ¬matches(y, uu0u) ∨ ¬matches(x, u0) ∨ ¬extract2

2(y) = x (0000, 00)

¬matches(y, uu0u) ∨ ¬matches(x, 1u) ∨ ¬extract2

2(y) = x

Valid

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 20

Evaluation 0.1 1 10 100

T/O M/O

0.1 1 10 100

T/O M/O

mcBV [sec] Boolector 2.2.0 [sec]

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 21

Evaluation by benchmark sets

Set Z3 Boolector mcBV # < 4.4.2 2.2.0 QF BV SAT 16260 16793 6679 35 UNSAT 30748 31534 17025 58 brummayer- SAT 10 10 biere4 UNSAT pspace SAT 21 21 21 UNSAT 15 60 sage SAT 8077 8077 6069 UNSAT 18530 18530 16152 29 Sage2 SAT 5104 5649 16 14 UNSAT 9961 10612 176 29

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 22

Conclusions and Future work

proof of concept for mcSAT prototype implementation promising results on certain types of problems Future work: implement missing standard techniques fine tune the generalization parameters look into other approaches to generalization Implementation available at: https://github.com/Microsoft/mcBV

Deciding Bit-Vector Formulas with MCSAT - Zelji´ c, Wintersteiger, R¨ ummer 23

Questions?

Thanks for your attention!