Solving linear arithmetic with SAT-based model checking

2017 Formal Methods in Computer Aided Design (FMCAD) Pub Date : 2017-10-01 DOI:10.23919/FMCAD.2017.8102240

Y. Vizel, Alexander Nadel, S. Malik

{"title":"Solving linear arithmetic with SAT-based model checking","authors":"Y. Vizel, Alexander Nadel, S. Malik","doi":"10.23919/FMCAD.2017.8102240","DOIUrl":null,"url":null,"abstract":"We present LIAMC, a novel decision procedure for (quantifier-free) linear arithmetic over both integers modulo 2N (LIAn) and integers (LIA). There is no need to explain our motivation to design a new efficient decision procedure for the widely used LIA logic. A LIAn decision procedure can be extremely useful in the context of software (SW) verification. SW verification usually requires to reason about arithmetic constraints over finite integers. To that end, modern SW verification tools commonly use fixed-width bit-vector (BV) solvers. However, BV solvers' efficiency drops dramatically as the width increases. To solve the performance problem, LIA solvers are applied, but they are imprecise as they cannot handle integer overflow. An efficient LIAN solver would be the ideal solution in this context. Our decision procedure LIAMC is based on a transformation of linear arithmetic into safety verification. We treat integers as unbounded streams of bits over time. More precisely, for each input integer, the least significant bit (LSB) corresponds to time 0 in the corresponding stream, and the k-th bit corresponds to the bit received at time k. LIAMC then uses SAT-based model checking (SATMC) to solve the resulting problem. In order to achieve efficiency, LIAMC uses two forms of generalization. First, if it finds a formula to be unsatisfiable for width N, it tries to generalize this result for all the widths. Second, if LIAMC finds a formula to be satisfiable for width N, it tries to “extend” and thus generalize the assignment to a wider target width. To evaluate LIAMC we used the QF_LIA subset of SMT-COMP'16, and ran two sets of experiments. First, we reinterpreted the QF_LIA over fixed-width bit-vectors of varying widths and compared LIAMC in LIAn mode to both Boolector and Z3. LIAMC solved the most satisfiable instances out of the three even for the shortest width 32. Second, we compared LIAMC to CVC4 and Z3 on the original QF_LIA benchmarks. LIAMC was able to solve many instances that had not been solved by the other solvers.","PeriodicalId":405292,"journal":{"name":"2017 Formal Methods in Computer Aided Design (FMCAD)","volume":"72 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 Formal Methods in Computer Aided Design (FMCAD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/FMCAD.2017.8102240","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

We present LIAMC, a novel decision procedure for (quantifier-free) linear arithmetic over both integers modulo 2N (LIAn) and integers (LIA). There is no need to explain our motivation to design a new efficient decision procedure for the widely used LIA logic. A LIAn decision procedure can be extremely useful in the context of software (SW) verification. SW verification usually requires to reason about arithmetic constraints over finite integers. To that end, modern SW verification tools commonly use fixed-width bit-vector (BV) solvers. However, BV solvers' efficiency drops dramatically as the width increases. To solve the performance problem, LIA solvers are applied, but they are imprecise as they cannot handle integer overflow. An efficient LIAN solver would be the ideal solution in this context. Our decision procedure LIAMC is based on a transformation of linear arithmetic into safety verification. We treat integers as unbounded streams of bits over time. More precisely, for each input integer, the least significant bit (LSB) corresponds to time 0 in the corresponding stream, and the k-th bit corresponds to the bit received at time k. LIAMC then uses SAT-based model checking (SATMC) to solve the resulting problem. In order to achieve efficiency, LIAMC uses two forms of generalization. First, if it finds a formula to be unsatisfiable for width N, it tries to generalize this result for all the widths. Second, if LIAMC finds a formula to be satisfiable for width N, it tries to “extend” and thus generalize the assignment to a wider target width. To evaluate LIAMC we used the QF_LIA subset of SMT-COMP'16, and ran two sets of experiments. First, we reinterpreted the QF_LIA over fixed-width bit-vectors of varying widths and compared LIAMC in LIAn mode to both Boolector and Z3. LIAMC solved the most satisfiable instances out of the three even for the shortest width 32. Second, we compared LIAMC to CVC4 and Z3 on the original QF_LIA benchmarks. LIAMC was able to solve many instances that had not been solved by the other solvers.

查看原文本刊更多论文

基于sat的模型检验求解线性算法

本文提出了一种新的(无量子的)线性算法的决策过程，该算法适用于模2N (LIAn)和整数(LIA)。无需解释我们为广泛使用的LIA逻辑设计一种新的高效决策过程的动机。LIAn决策过程在软件(SW)验证的上下文中非常有用。软件验证通常需要对有限整数的算术约束进行推理。为此，现代软件验证工具通常使用固定宽度的位向量(BV)求解器。然而，随着宽度的增加，BV求解器的效率急剧下降。为了解决性能问题，应用了LIA求解器，但是它们不精确，因为它们不能处理整数溢出。在这种情况下，一个高效的LIAN求解器将是理想的解决方案。我们的决策过程是基于线性算法到安全验证的转换。我们将整数视为无界的比特流。更准确地说，对于每个输入整数，最低有效位(LSB)对应于相应流中的时间0，第k位对应于时间k接收的位。LIAMC然后使用基于sat的模型检查(SATMC)来解决由此产生的问题。为了提高效率，LIAMC使用了两种形式的泛化。首先，如果它发现一个公式对于宽度N是不满足的，它会尝试将这个结果推广到所有宽度。其次，如果LIAMC发现一个公式对于宽度N是可满足的，它会尝试“扩展”，从而将分配推广到更宽的目标宽度。为了评估LIAMC，我们使用SMT-COMP'16的QF_LIA子集，并进行了两组实验。首先，我们在可变宽度的固定宽度位向量上重新解释了QF_LIA，并将LIAn模式下的LIAMC与Boolector和Z3进行了比较。LIAMC解决了三个实例中最满意的实例，即使对于最短的宽度32。其次，我们将LIAMC与原始QF_LIA基准上的CVC4和Z3进行了比较。LIAMC能够解决许多其他求解器无法解决的实例。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 Formal Methods in Computer Aided Design (FMCAD)

自引率

0.00%

发文量