Download presentation

Presentation is loading. Please wait.

Published byAbbie Darcey Modified over 2 years ago

1
HANDLING BIT-PROPAGATING OPERATIONS IN BIT-VECTOR REASONING Alexander Nadel, Intel, Israel SMT’13 Workshop Helsinki, Finland July 8 th, 2013

2
Outline We identify and define a class of Bit-Vector (BV) operations, called Bit-Propagating (BP) We propose an algorithm for efficiently handling BP operations during online preprocessing in eager BV solving We demonstrate a performance boost when our algorithms are applied over SMT-LIB 2.0 instances

3
Bit-Vector (BV) Reasoning Bit-vector reasoning is widely applied for HW and SW formal validation and other domains. Over 48% out of more than 93,000 benchmarks in SMT- LIB are BV-based, that is either: Plain bit-vector (QF_BV), or Bit-vectors and arrays combined (QF_ABV) Some BV Solvers: Boolector, Mathsat, STP, CVC, Z3, Intel’s new solver Hazel, …

4
BV Operations in SMT-LIB 2.0 Core =/bvcomp distinct ite Bit-wise and**/bvand or**/bvor xor**/bvxor =>** bvnot bvnand bvnor bvxnor bvneg Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right Arithmetic bvadd bvmul bvudiv bvurem bvsub bvsdiv bvsrem bvsmod bvshl* bvlshr* bvashr* Comparison bvult bvule bvugt bvuge bvslt bvsle bvsgt bvsge * Shift by a constant is bit-propagating; shift by a non-constant is arithmetic ** We consider Bool’s to be bit-vectors of width 1

5
Eager BV Solving 1. Apply word-level preprocessing (rewriting, constant propagation, …) Local/online: applied once a new operation is fed into the solver Global: applied after the whole formula is fed into the solver 2. Optionally, bit-blast to bit-level AIG and apply AIG simplifications 3. Bit-blast to CNF and solve with a SAT solver

6
(define-fun v4 () ( BitVec 2) (bvadd v3 (_ bv0 2))) Eager BV Solving Example SMT Engine (declare-fun v1 () ( BitVec 2)) v1v1 (declare-fun v2 () ( BitVec 2)) v2v2 v 3 : bvadd (define-fun v3 () ( BitVec 2) (bvadd v1 v2)) v 3,v 4 : bvadd (assert (v4 (_ bv0 2)) 0 (check-sat) SAT Engine SAT! Online Preprocessing

7
Bit-Propagating (BP) Operations We define an operation to be bit-propagating iff: Each output bit is either a bit of one of the inputs or a constant, and The mapping can be computed at the time the operation is applied. v = [v [3], v [2], v [1], v [0] ] u = bvshl(v,2) = [v [1], v [0],0,0] t = bvshl(v,s)

8
BP Operations in SMT-LIB 2.0 Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right * Shift by a constant is bit-propagating; shift by a non-constant is arithmetic

9
BP Operations in SMT-LIB 2.0 Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right v = [v [3], v [2], v [1], v [0] ] u = concat(v,y) = [v [3], v [2], v [1], v [0], y [1], y [0] ] y = [y [1], y [0] ]

10
BP Operations in SMT-LIB 2.0 Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right v = [v [3], v [2], v [1], v [0] ] u = extract(v,2,1) = [v [2], v [1] ]

11
BP Operations in SMT-LIB 2.0 Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right * Shift by a constant is bit-propagating; shift by a non-constant is arithmetic v = [v [3], v [2], v [1], v [0] ] u = bvshl(v,2) = [v [1], v [0],0,0]

12
BP Operations in SMT-LIB 2.0 Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right * Shift by a constant is bit-propagating; shift by a non-constant is arithmetic v = [v [3], v [2], v [1], v [0] ] u = bvlshr(v,2) = [0,0,v [3], v [2] ]

13
BP Operations in SMT-LIB 2.0 Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right * Shift by a constant is bit-propagating; shift by a non-constant is arithmetic v = [v [3], v [2], v [1], v [0] ] u = bvashr(v,2) = [v [3],v [3],v [3], v [2] ]

14
BP Operations in SMT-LIB 2.0 Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right v = [v [3], v [2], v [1], v [0] ] u = repeat(v,2) = [v [3],v [2],v [1], v [0], v [3],v [2],v [1], v [0] ]

15
BP Operations in SMT-LIB 2.0 Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right v = [v [3], v [2], v [1], v [0] ] u = zero_extend(v,2) = [0,0,v [3],v [2],v [1], v [0] ]

16
BP Operations in SMT-LIB 2.0 Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right v = [v [3], v [2], v [1], v [0] ] u = sign_extend(v,2) = [v [3], v [3],v [3],v [2],v [1], v [0] ]

17
BP Operations in SMT-LIB 2.0 Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right v = [v [3], v [2], v [1], v [0] ] u = rotate_left(v,1) = [v [2],v [1],v [0],v [3] ]

18
BP Operations in SMT-LIB 2.0 Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right v = [v [3], v [2], v [1], v [0] ] u = rotate_right(v,1) = [v [0],v [3],v [2],v [1] ]

19
Family Bench’s BP Ops in % uclid/tcas261 calypto2356 sage/app1161150 bruttomesso/core67249 bench_ab28544 sage/app105142 bruttomesso/lfsr24038 brummayerbiere26537 uum836 check535 crafted2135 sage/app624534 sage/app12578429 Pipe125 wienand-cav2008/Booth 625 stp_samples42624 sage/app2141722 check2621 sage/app7866319 brummayerbiere52 17 sage/app51103 16 sage/app82756 16 sage/app93301 16 Family Bench’s BP Ops in % galois414 spear/openldap_v2.3.35814 sage/app1267614 bruttomesso/simple_processor6413 uclid_contrib_smtcomp09713 spear/inn_v2.4.32198 spear/samba_v3.0.2413868 spear/wget_v1.10.2428 wienand-cav2008/Commute68 uclid4167 wienand-cav2008/Distrib67 spear/xinetd_v2.3.1426 brummayerbiere3795 spear/zebra_v0.95a95 stp15 rubik74 spear/cvs_v1.11.22293 brummayerbiere4102 dwp_formulas3321 asp5010 gulwani-pldi0860 tacas0750 VS3110 The Portion of BP Operations in SMT-LIB 2.0 Families in QF_BV Logic

20
Our Approach to Handling BP Ops Handle BP Operations explicitly during online preprocessing using Bit-Propagating Normal Form (BPNF)- based reasoning Each variable is associated with a BPNF: a sequence of segments, where each segment is either: A constant, or A bit-range over a non-propagating variable Goals: Word-level hashing: one word-level variable per BPNF CNF minimization: CNF variables are created only for non-BP ops

21
BPNF Usage Example u 1 ={u 1 [3:0] }, where |u 1 |=4 v 1 = bvadd(u 1, u 2 )={v 1 [3:0] } u 2 ={u 2 [3:0] }, where |u 2 |=4 v 3 = extract(v 2, 2, 1)={v 1 [1-0] } v 4 = repeat(v 1, 2)={v 1 [3-0], v 1 [3-0] } v 5 = extract(v 4, 5, 4)={v 1 [1-0] } Online Preprocessing v 2 = bvshl(v 1,1)={v 1 [2-0],0} v 6 = extract(v 4, 6, 5)={v 1 [2-1] } v 7 = concat(v 6, v 5 )={v 1 [2-1],v 1 [1-0] } Not a BPNF, mergeable! v 7 = concat(v 6, v 5 )={v 1 [2-0] } v 8 = extract(v 2, 3, 1)={v 1 [2-0] } v 8 = v 7 = concat(v 6, v 5 )={v 1 [2-0] } Merging was essential for proper hashing! (assert (v 8 (_ bv0 3)) (check-sat) The CNF: v 1 [0] v 1 [1] v 1 [2] No CNF clauses/vars required! v 5 = v 3 =extract(v 2, 2, 1)={v 1 [1-0] } Bit-blasted addition Segments s 2 and s 1 (in the specified order) are mergeable if Both s 2 and s 1 are constants, or Both s 2 and s 1 are bit-ranges, such that s 2 = v [k:j+1] and s 1 = v [j:i] BPNF: a sequence of non-mergeable segments The new neighbor pair of segments was merged!

22
Implementation Tips: Segment Threshold Maintaining too many segments might inflate the memory and lead to a performance degradation Solution: impose a user-given threshold T on a number of segments in BPNF A variable with too many segments in BPNF is considered non-BP. New CNF variables are created to represent it in the SAT solver

23
Implementation Tips: Rewriting assert- based Definitions Using assert to define new variables is incompatible with BPNF reasoning

24
Rewriting assert-based Definitions: Problem Example SMT Engine (declare-fun u () ( BitVec 32)) u = {u [31-0] } (declare-fun v () ( BitVec 64)) v = {v [63-0] } (assert (= v (repeat u 2)) t = repeat(u,2)={u [31-0],u [31-0] }z = (v=t)={z [0-0] } 0 v = repeat(u,2)={u [31-0],u [31-0] } u = {u [31-0] }

25
Implementation Tips: Rewriting Assert- based Definitions Using assert to define new variables is incomparable with BPNF reasoning Solution: rewrite assert-based definitions into define-fun- based definitions (using look-ahead): Our example: (declare-fun u () Type) (declare-fun v () Type) (assert (= (v (f u)))) (declare-fun u () Type) (define-fun v (f u)) (declare-fun u () ( BitVec 32)) (declare-fun v () ( BitVec 64)) (assert (= (v (repeat u 2)))) (declare-fun u () ( BitVec 32)) (define-fun v (repeat u 2))

26
Implementation Tips: Apply Constant Propagation Constant propagation is a commonly applied preprocessing technique Essential in our setting in order not to miss shifts by constants Example: (declare-fun u () ( BitVec 32)) (define-fun x () ( BitVec 32)) (assert (= x (bvadd (_ bv3 32) (_ bv2 32)))) (define-fun v (bvshl u x)) (declare-fun u () ( BitVec 32)) (define-fun v (bvshl u (_ bv5 32)))

27
Experimental Results We implemented BPNF reasoning on top of a new Intel’s eager SMT solver Hazel Main experiment: show the impact of BPNF reasoning on Hazel performance We used 37 SMT-LIB families having at least 5% BP operations Families solved in less than 1 sec. and most of the (huge) sage sub-families were dismissed We used different values for the segments threshold in BPNF The base version creates a new CNF variable for every word-level variable Secondary experiment: demonstrate that Hazel can compete with state- of-the-art solvers over families where BPNF reasoning is the most helpful Environment: machines with Intel® Xeon® processors, 3Ghz CPU frequency, 32Gb of memory. Time-out: 600 sec.

28
Family Run-timeTime RatioSolved BaseThr. 10Thr. 1000 10 to Base 1000 to BaseBaseThr. 10Thr. 1000 spear/openldap_v2.3.351800600193.00096.774578 pipe6001556003.8721.000010 brummayerbiere16497097112.3262.3214041 wienand-cav2008/Booth4326 1.6431.626222 uum1812 1.5351.534222 brutomesso/simple_proces sor374266 1.4041.40564 uclid_contrib_smtcomp092262001691.1301.340777 uclid/catchconv9871.1151.312414 brummayerbiere32921260028851.1231.01242 brutomesso/lfsr8039743574391.081 230227 spear/samba_v3.0.243516335934331.0471.0241386 spear/inn_v2.4.36246077081.0270.880219 stp1110111.0231.000111 spear/wget_v1.10.23083193060.9661.00642 brummayerbiere27198017990.8990.9013233 calypto2132542530.8380.84311 brutomesso/core1935524307 0.796 933925

29
Family Run-timeTime RatioSolved BaseThr. 10Thr. 1000 10 to Base 1000 to BaseBaseThr. 10Thr. 1000 spear/openldap_v2.3.351800600193.00096.774578 pipe6001556003.8721.000010 brummayerbiere16497097112.3262.3214041 wienand-cav2008/Booth4326 1.6431.626222 uum1812 1.5351.534222 brutomesso/simple_proces sor374266 1.4041.40564 uclid_contrib_smtcomp092262001691.1301.340777 uclid/catchconv9871.1151.312414 brummayerbiere32921260028851.1231.01242 brutomesso/lfsr8039743574391.081 230227 spear/samba_v3.0.243516335934331.0471.0241386 spear/inn_v2.4.36246077081.0270.880219 stp1110111.0231.000111 spear/wget_v1.10.23083193060.9661.00642 brummayerbiere27198017990.8990.9013233 calypto2132542530.8380.84311 brutomesso/core1935524307 0.796 933925 8 families with at least 30% speed-up

30
Family Base Segment Thr. 10Segment Thr. 1000 SMT Ops CNF Clss CNF Vars Opt Ratio Clss Ratio Vars RatioOpt Ratio Clss Ratio Vars Ratio spear/openldap_v2.3.35124693.86M0.93M1.02361.09861.25931.02361.10121.2661 pipe10480.19M924781.00292.73502.97641.06403.29863.6959 brummayerbiere3535114.5M6.86M1.00121.23731.29941.00121.23811.3004 wienand-cav2008/Booth5421347133931.00001.51581.32181.00001.51991.3280 uum10761260559321.00001.38121.38731.00001.38121.3873 brutomesso/simple_processor417361.66M0.58M1.00001.37261.63261.00001.37261.6326 uclid_contrib_smtcomp09461561.84M0.61M1.00571.05841.09061.00681.07201.1125 uclid/catchconv5.03M63.5M34.8M1.00021.07111.06191.00021.07481.0631 brummayerbiere3242892.46M0.83M1.00001.01441.01371.00001.01691.0175 brutomesso/lfsr0.8M71.9M28.7M1.00001.23671.31531.00381.23991.3188 spear/samba_v3.0.249.4M993M338M1.00001.03221.04801.00001.03801.0568 spear/inn_v2.4.30.11M216M46.4M1.00481.00241.00551.00671.00401.0071 stp0.32M5.2M3.39M1.00001.00251.00211.00001.00251.0021 spear/wget_v1.10.21536485.8M19.6M1.00001.00061.00131.00171.00531.0019 brummayerbiere26256471.9M12.8M1.00001.36391.00381.00001.36391.0038 calypto117860.74M0.29M1.04481.38391.43211.04481.39631.4375 brutomesso/core6.49M106M40.9M1.01111.34421.49201.03701.37881.5262 -Significant reduction in CNF size -Marginal reduction in the ops num. => hints that word-level hashing may not be critical -Correlation between the CNF size and performance is not absolute

31
Family Run-time in secondsSolved Instances BoolectorMathsatSTPHazel 10 Hazel 1000 BoolectorMathsatSTPHazel 10 Hazel 1000 spear/openldap_v 2.3.351924120012046001956678 pipe325600 15560010010 brummayerbiere907499473670971141364041 wienand- cav2008/Booth21194526 22222 uum16291512 22222 brutomesso/simpl e_processor1908224885156266 64295964 uclid_contrib_smt comp0978326877020016977777 uclid/catchconv90152011987414

32
Related Work Normal forms for concat/extract are well-known (see ref’s in the paper) Our work identifies and defines the class of BP operations; our approach is integrated into a modern eager SMT solver A DPLL(T) theory solver for extract, concat and equality applied within lazy SMT solving was proposed in ICCAD’09, Brottomesso&Sharygina Our algorithms are integrated into an eager SMT solver; we define and handle 10 BP ops, but not equalities. Bit-level sharing of CNF variables for concat/extract is known in the community and applied by various solvers, but AFAIK not published Any bit-level solution lacks the word-level hashing ability Essential algorithms used in BV preprocessing are often unpublished

33
Conclusion We identified and defined a class of Bit-Vector (BV) operations, called Bit-Propagating (BP) We proposed an algorithm for handling BP operations efficiently during online preprocessing in eager BV solving We demonstrated a performance boost across various SMT-LIB families

35
Bit-Propagating Normal Form (BPNF) A variable is bit-propagating iff it was created by a bit- propagating operation, otherwise it’s non-bit-propagating A segment is either A constant, e.g., 0100100, or A bit-range, that is a sequence of consecutive bits of a non-bit- propagating variable, e.g., v [3:1] =[v [3], v [2], v [1] ] Segments s 2 and s 1 (in the specified order) are mergeable if Both s 2 and s 1 are constants, or Both s 2 and s 1 are bit-ranges, such that s 2 = v [k:j+1] and s 1 = v [j:i] BPNF(v) is a sequence of segments, where each pair of neighbor segments is non-mergeable

36
Calculating a BPNF for BP Operations Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right u=concat(v,y)={v s(v),…,v 1,M(v 0,y s(y) ), y s(y)-1 …,y 1, y 0 } y = {y s(y),…,y 1, y 0 }v = {v s(v),…,v 1, v 0 } Merge operation M(s,t) = s,t for non-mergeable s,t M(c 1, c 2 ) = concat(c 1, c 2 ) if c 1,c 2 are constants e.g., M(10,01) = 1001 M(v [k:j+1], v [j:i] ) = v [k,i]

37
Calculating a BPNF for BP Operations Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right v = {v s(v),…,v 1, v 0 } u=extract(v,j,i)={v sn(j) [sb(j):0],v sn(j)-1,…,v sn(i)+1,v sn(i) [end:sb(i)] } The segment number of bit i The number of bit i in its segment The last defined bit in v sn(i)

38
Calculating a BPNF for BP Operations Bit-prop. concat extract bvshl* bvlshr* bvashr* repeat zero_extend sign_extend rotate_left rotate_right The remaining operations can be reduced to concat/extract (see the paper for details) * Shift by a constant is bit-propagating; shift by a non-constant is arithmetic

Similar presentations

Presentation is loading. Please wait....

OK

Copyright © 2013 Elsevier Inc. All rights reserved.

Copyright © 2013 Elsevier Inc. All rights reserved.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on tri gate transistor.pdf Download ppt on water conservation in india Ppt on body language training Ppt on business plan in india Free ppt on loch ness monster Ppt on shell structures Ppt on save water save energy Ppt on power sharing in india downloads Ppt on magnets and electromagnets Ppt on social contract theory john