1 / 65

Bit-Vector Rewriting with Automatic Rule Generation

Bit-Vector Rewriting with Automatic Rule Generation. Alexander Nadel Intel Haifa, Israel CAV 2014 Vienna, Austria July 22 th , 2014. Agenda. Introduction to Bit-Vector Solving and Rewriting Automatic Rewriting-based Preprocessing Experimental Results. Bit-Vector (BV) Language.

isaura
Download Presentation

Bit-Vector Rewriting with Automatic Rule Generation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Bit-Vector Rewriting with Automatic RuleGeneration Alexander Nadel Intel Haifa, Israel CAV 2014Vienna, Austria July 22th, 2014

  2. Agenda • Introduction to Bit-Vector Solving and Rewriting • Automatic Rewriting-based Preprocessing • Experimental Results

  3. Bit-Vector (BV) Language • Variables and constants are bit-vectors of user-defined width: • width 1 (Bool): 0 • width 8: [01011110] • width 30: [010111100100011101000011001101] • Operators: • Core: =, , if-then-else • Bit-wise: ~, &, |, ^, … • Arithmetic: +, -, *, /, … • Comparison: <, , >,  • Bit-propagating: concat, extract, <<, >>, … • Assertions: a Boolean literal must hold

  4. BV Formula Example Assertions Input DAG a = 1 op2 op2 BV solving is widely used (in SW and HW validation; scheduling; number theory; automatic configuration; …) op1 op1 e a g h i + k l << & - + = / d xnor op2 op1 -1=[1111] 0=[0000] c b f j Widths: w(a) = 1; w(v  {b,c,d,e,f,g,h,i,j,k,l}) = 4

  5. BV Solver Architecture Preprocessing Eager Lazy SAT DPLL(BV)

  6. BV Solver Architecture Preprocessing Rewriting: preprocessor’s bread and button Eager Lazy SAT DPLL(BV)

  7. Rewriting Example Assertions Input DAG a = 1 op2 op2 op1 op1 e a i g h + d l k << - / + = & xnor op2 op1 -1=[1111] 0=[0000] c b f j

  8. Rewriting Example Assertions Input DAG a = 1 op2 op2 op1 op1 e a i g h + d l k << & + / - = xnor op2 op2 op1 op1 -1=[1111] 0=[0000] c b f j

  9. Rewriting Example Assertions Input DAG a = 1 op2 op2 op1 op1 e a g h i + d k & - / + = xnor -1=[1111] c b f j

  10. Rewriting Example Assertions Input DAG a = 1 op2 op2 op1 op1 e a i h g + d k - / + & = xnor -1=[1111] j c b f

  11. Rewriting Example Assertions Input DAG a = 1 op2 op2 op1 op1 e a g h i + d + / = - xnor j c b f

  12. Next: the New Algorithm in Action

  13. Generating Input to 0-saturation Assertions Input to 0-saturation a = 1 Input DAG (potentially after rewriting) Triplets (a triplet: x = y op z) op2 a=b==c op2 d = b xnor c e = f + d op1 e d g op1 g = e + d + xnor + h i a h = f - g \ - = i = j / h c b f j w(a) = 1; w(v  {b,c,d,e,f,g,h,i,j}) = 4 w(a) = 1; w(v  {b,c,d,e,f,g,h,i,j}) = 4

  14. Evaluation Queue Bindings a=b==c 1=b==c a = 1 d = b xnor c e = f + d g = e + d h = f - g i = j / h

  15. Evaluation Queue Active Triplets Bindings Rules 1=b==c d = b xnor c • Bindings • Equivalences entailed by the formula e = f + d g = e + d • Active triplets • Evaluated non-tautological triplets become active • Any triplet one of whose variables is bound (replaced by another) is moved back to the evaluation queue • Active triplets comprise the output of 0-saturation h = f - g i = j / h • Triplets to be evaluated • Evaluation of a triplet may yield new bindings or a contradiction. • An evaluated triplet either moves to the “active” state or becomes a tautology and removed

  16. Evaluation Queue Active Triplets Bindings Rules • Rules • Automatically generated rules for evaluating triplets • Empty in the beginning • Instance-specific rules are generated on-the-fly • A rule: premise conclusion per concreteoperation and width • Premise: a condition that must hold for the triplet to apply the rule • Conclusion is either: • A set of bindings • A contradiction • Empty 1=b==c d = b xnor c e = f + d g = e + d h = f - g i = j / h

  17. Evaluation Queue Active Triplets Bindings Rules 1=b==c d = b xnor c e = f + d g = e + d h = f - g i = j / h

  18. Evaluation Queue Active Triplets Bindings Rules 1=b==c d = b xnor c e = f + d g = e + d h = f - g i = j / h

  19. Premise Detection: Evaluation Queue Active Triplets Bindings Rules 1=b==c Rewriting constants 0 = [00…000] -1 = [11…111] 1 = [00…001] -2 = [11…110] 2 = [00…010] Given a triplet x = y op z, look for a rule if: any v {x,y,z}is a rewriting constant ora rewriting function of u  v {x,y,z} d = b xnor c e = f + d g = e + d Rewriting functions Equivalence: f1(v) = v Unary minus: f6(v) = −v Negation: f7(v) = −v − 1 = ∼v Neighbors: f2(v) = v − 1 = ∼−v f3(v) = v − 2 = ∼−∼−v f4(v) = v + 1 = −∼v f5(v) = v + 2 = −∼−∼v Unary minus neighbors: f8(v) = −v − 2 = ∼−∼v f9(v) = −v + 1 = −∼−v f10(v) = −v + 2 = −∼−∼−v h = f - g i = j / h

  20. Evaluation Queue Active Triplets Bindings Rules 1=b==c • Premise detection is successful: x is the rewriting constant 1! • Do any rules with this premise exist? • Yes  apply the rule • No  generate a conclusion d = b xnor c e = f + d g = e + d h = f - g i = j / h

  21. Conclusion Generation Example 1=y==z w(x) = 1; w(y)=w(z)=4 Check if at least one of v {x,y,z}is a rewriting constant ora rewriting function of u  v {x,y,z}and generate the corresponding bindings Generate a CNF corresponding to the formula: y=0? Add clauses for y  0 with a selector s Solve all the clauses under the assumption swith incremental SAT Satisfiable: no rule can be learnt

  22. Conclusion Generation Example 1=y==z w(x) = 1; w(y)=w(z)=4 Check if at least one of v {x,y,z}is a rewriting constant ora rewriting function of u  v {x,y,z}and generate the corresponding bindings Generate a CNF corresponding to the formula: y=z? Add clauses for y  z with a selector: Solve all the clauses under the assumption s with incremental SAT Unsatisfiable; rule learnt: x=1  y=z for operation ==; width 4

  23. Evaluation Queue Active Triplets Bindings Rules b = c 1=b==c d = b xnor c e = f + d g = e + d h = f - g i = j / h

  24. Evaluation Queue Active Triplets Bindings Rules b = c d = b xnorb e = f + d g = e + d h = f - g i = j / h

  25. Evaluation Queue Active Triplets Bindings Rules b = c d = b xnorb e = f + d g = e + d h = f - g i = j / h

  26. Evaluation Queue Active Triplets Bindings Rules b = c d = b xnorb e = f + d • Premise detection is successful: y is the rewriting function f1(v)=v of z! • Do any rules with this premise exist? • No  generate a conclusion with incremental SAT g = e + d h = f - g i = j / h

  27. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 d = b xnorb e = f + d g = e + d h = f - g i = j / h

  28. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 e = f - 1 g = e - 1 h = f - g i = j / h

  29. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 e = f - 1 g = e - 1 h = f - g i = j / h

  30. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 e = f - 1 • Premise detection is successful: z is the rewriting constant 1 • Do any rules with this premise exist? • No  generate a conclusion with incremental SAT g = e - 1 h = f - g i = j / h

  31. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f e = f - 1 g = e - 1 h = f - g i = j / h

  32. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f g = e - 1 h = f - g i = j / h

  33. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f g = e - 1 h = f - g i = j / h

  34. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f g = e - 1 h = f - g i = j / h • Premise detection is successful: z is the rewriting constant 1 • Do any rules with this premise exist? • Yes  apply the rule

  35. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e g = e - 1 h = f - g i = j / h

  36. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h = f - g i = j / h

  37. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h = f - g i = j / h

  38. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h = f - g i = j / h • Premise detection is successful: -~-~g = -~-(-e) = -~e = -(-f) = f,thus g = ~-~-f = f-2 • Discovered in O(1) based on bindings • Do any rules with this premise exist? • No  generate a conclusion with incremental SAT

  39. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h=2 h = f - g i = j / h

  40. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h=2 i = j / 2

  41. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h=2 i = j / 2

  42. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h=2 i = j / 2 • Premise detection is successful: z=2 • Do any rules with this premise exist? • No  generate a conclusion using incremental SAT solving

  43. Evaluation Queue Active Triplets Bindings Rules b = c d=-1 ~e=-f ~g=-e h=2 i = j / 2 • Premise detection is successful: z=2 • Do any rules with this premise exist? • No  generate a conclusion with incremental SAT

  44. Evaluation Queue Active Triplets Bindings Rules b = c i = j / 2 d=-1 ~e=-f ~g=-e h=2 • 0-saturation is completed • In eager BV solving, the active triplets are bit-blasted to CNF and solved with SAT

More Related