Solving Linear Arithmetic with SAT-based MC Yakir Vizel Princeton University Alexander Nadel Intel Development Center Sharad Malik Princeton University FMCAD 2017

SMT Formula over a theory T SMT Solver for T SAT UNSAT

Reduce to Safety Verification LIAMC Formula over a theory T Reduce to Safety Verification Model Checker UNSAFE SAFE SMT Solver for T SAT UNSAT

Motivation Arithmetic theory, in particular Linear Arithmetic, is needed when reasoning about software/hardware* Software/hardware uses finite representation of integers Usually Integers modulo 2k Yet, BV solvers efficiency is a limiting factor An alternative is LIA solvers More efficient, but less precise as they cannot take overflow into account

QF_LIA Defined by the following grammar: Where: 𝜑∷=𝑡𝑟𝑢𝑒 𝑓𝑎𝑙𝑠𝑒 𝑝 ¬𝜑 𝜑∨𝜑 𝜑∧𝜑 𝑡𝑒𝑟𝑚⋈𝑡𝑒𝑟𝑚 𝑡𝑒𝑟𝑚∷=𝑐 𝑥 𝑡𝑒𝑟𝑚+𝑡𝑒𝑟𝑚|𝑡𝑒𝑟𝑚−𝑡𝑒𝑟𝑚|𝑐×𝑡𝑒𝑟𝑚|𝒊𝒕𝒆(𝜑,𝑡𝑒𝑟𝑚,𝑡𝑒𝑟𝑚) Where: ⋈ ∈{<,≤,>,≥,=} A term can be either in ℤ or ℤ modulo k (bit-vector)

Example Consider the following formula where x,y,z are bit-vectors of size 4: 𝜑∷=(𝑧=𝑥+𝑦)∧(𝑥>0)∧(𝑦>0)∧(𝑧<0) A traditional BV solver encodes this formula to SAT by means of bit-blasting: A full-adder: FA(a, b, s, ci, co) 𝐹𝐴( 𝑥 0 , 𝑦 0 , 𝑧 0 , 𝑐 0 𝑖 , 𝑐 0 𝑜 )∧𝐹𝐴( 𝑥 1 , 𝑦 1 , 𝑧 1 , 𝑐 0 𝑜 , 𝑐 1 𝑜 )∧𝐹𝐴( 𝑥 2 , 𝑦 2 , 𝑧 2 , 𝑐 1 𝑜 , 𝑐 2 𝑜 )∧𝐹𝐴( 𝑥 3 , 𝑦 3 , 𝑧 3 , 𝑐 2 𝑜 , 𝑐 3 𝑜 ) ((𝑥 3 =0)∧ (𝑥 0 ∨ 𝑥 1 ∨ 𝑥 2 )) ∧ ((𝑦 3 =0)∧ (𝑦 0 ∨ 𝑦 1 ∨ 𝑦 2 ))∧ (𝑧 3 =1)

Example 𝐹𝐴( 𝑥 0 , 𝑦 0 , 𝑧 0 , 𝑐 0 𝑖 , 𝑐 0 𝑜 )∧𝐹𝐴( 𝑥 1 , 𝑦 1 , 𝑧 1 , 𝑐 0 𝑜 , 𝑐 1 𝑜 )∧𝐹𝐴( 𝑥 2 , 𝑦 2 , 𝑧 2 , 𝑐 1 𝑜 , 𝑐 2 𝑜 )∧𝐹𝐴( 𝑥 3 , 𝑦 3 , 𝑧 3 , 𝑐 2 𝑜 , 𝑐 3 𝑜 ) ((𝑥 3 =0)∧ (𝑥 0 ∨ 𝑥 1 ∨ 𝑥 2 )) ∧ ((𝑦 3 =0)∧ (𝑦 0 ∨ 𝑦 1 ∨ 𝑦 2 ))∧ (𝑧 3 =1) x0 y0 x1 y1 x2 y2 x3 y3 FA FA FA FA z0 z1 z2 z3

Reduction to Safety Verification

Width ⬌ Time FA x0 y0 x1 y1 x2 y2 x3 y3 z1 z0 z2 z3

Width ⬌ Time Treat bit-vectors as streams of bits over time Starting from the LSB The i-th bit is available at the i-th clock cycle FA xi yi zi co

Comparators a = b: bits should be equal at every cycle Sequential circuit: track all bits up to this point a b x = &

Comparators a < b: the sign bit changes at each cycle Sequential circuit: unsigned comparison ULT: (¬a∧b) ⋁ [¬(a∧¬b)∧x] Combinational circuit: take care of the sign bit a b x ULT a⋁¬b a∧¬b 1 MUX

Reduction to Safety Verification A formula 𝜑 is translated to a sequential circuit C Assume 𝜑 is a DAG: For each leaf of sort bit-vector/integer create an input terminal For each leaf of sort Boolean, create an uninitialized latch x x’ = x For a leaf of a constant type use a counter The counter determines the cycle For each cycle the value is known a-priori Boolean operations are implemented using their equivalent logical gates Arithmetic operations and comparators The output of C is assigned to true when 𝜑 is satisfiable k cycles correspond to bit-vector of width k

Reduction to Safety Verification Find the maximal number of bits required to represent constants in 𝜑 - kmin 𝜑 is not well defined for k < kmin When creating the property, add a guard wmin wmin is initialized to false and becomes true after kmin cycles The property Bad := wmin∧C.output()

Reduction to Safety Verification A formula 𝜑 is translated to a sequential circuit C Assume 𝜑 is a DAG

Using a Model Checker

Safety Verification A transition system T=(V, INIT, Tr, Bad) T is UNSAFE if and only if there exists a path in T from a state in INIT to a state in Bad, or if T is SAFE if and only if there exists a safe inductive invariant Inv s.t. 𝜇 𝑇,𝑁 :=𝐼𝑁𝐼𝑇( 𝑉 0 )∧ 𝑖=0 𝑁−1 𝑇𝑟 𝑉 𝑖 , 𝑉 𝑖+1 ∧𝐵𝑎𝑑( 𝑉 𝑁 )↛⊥ 𝐼𝑁𝐼𝑇⟶𝐼𝑛𝑣 𝐼𝑛𝑣 𝑉 ∧𝑇𝑟 𝑉, 𝑉 ′ →𝐼𝑛𝑣 𝑉 ′ 𝐼𝑛𝑣→¬𝐵𝑎𝑑

SAT-based Model Checking (SATMC) Search for a counterexample for a specific length Bounded Model Checking (BMC) Checking satisfiability of 𝜇(T,N) If a counterexample does not exist, generalize the bounded proof into a candidate Inv Check if Inv is a safe inductive invariant

BMC and Traditional BV Solvers Time correlates to width Unrolling depth therefore correlates to width FA x y z co

BMC and Traditional BV Solvers Time correlates to width Unrolling depth therefore correlates to width FA x0 y0 x1 y1 x2 y2 x3 y3 z1 z0 z2 z3

BMC and Traditional BV Solvers Time correlates to width Unrolling depth therefore correlates to width Similar to bit-blasting BMC ⋍ Eager BV Solver

Generalization - UNSAT If 𝜑 is UNSAT when interpreted over bit-vectors of width k Can we generalize this result for bit-vectors of width N > k?

Generalization - UNSAT If 𝜑 is UNSAT when interpreted over bit-vectors of width k Can we generalize this result for bit-vectors of width N > k? Use the ability of a MC to generalize a bounded proof to an unbounded proof When finding an inductive invariant at depth k: 𝜑 is UNSAT for all N > k 𝜑 is UNSAT over the integers

“Generalization” - SAT If 𝜑 is SAT when interpreted over bit-vectors of width k Can we generalize this result for bit-vectors of width N > k?

“Generalization” - SAT 𝜑∷=(𝑧=𝑥+𝑦)∧(𝑥>0)∧(𝑦>0)∧(𝑧<0) For k=2, a satisfying assignment: x=1, y=1, z=-2 x=01, y=01, z=10 For k=3, a satisfying assignment: x=3, y=3, z=-2 x=011, y=011, z=110 For k=4, a satisfying assignment: x=7, y=7, z=-2 x=0111, y=0111, z=1110

Extending a satisfying assignment If 𝜑 is SAT when interpreted over bit-vectors of width k Then, 𝜇(T,k) is satisfiable There exists a counterexample of length N Satisfying assignment 𝜋 Satisfying assignment 𝜋 constraint the first k bits

Extending a satisfying assignment Satisfying assignment 𝜋 constraint the first k bits In the case of Bit-Vectors, try to extend it incrementally 𝜇(T,k+1) ∧ 𝜋 Pay attention to the sign bit In the case of Integers, add the following constraint: Solve with LIA solver 𝑣∈𝜑 𝑣= 𝑣 ∗ × 2 𝑘 + 𝑐 𝑣 ∨ −𝑣= 𝑣 ∗ × 2 𝑘 + 𝑐 𝑣

Extending a satisfying assignment 𝜋 a counterexample of length k

Experiments

Implementation and Benchmark Prototype supports all bit-wise operation and the LIA subset of QF_BV Experiments of LIAMC focus on LIA over integers and bit-vectors Implemented on top of ABC and open source SMT-LIB parser Benchmarks – translated all the LIA benchmaks to QF_BV Using varying bit-vector widths: 32, 64, and 128

Integers modulo 2k Integers

Extending Support to QF_BV Sign/zero extension and extraction can be added (fairly easily) The sequential representation of complex operators depend on the width Multiplication, division, shl, shr Can also be viewed as if one of the operands should be known a-priori Parametrized system Possible solutions Abstraction refinement Hybrid solutions

Conclusions A novel decision procedure for an important subset of QF_BV Supiror to state-of-the-art BV solvers on satisfiable instances In theory, can be as good as BV solvers for unsatisfiable instances Currently working on extending the support for QF_BV