Results 11  20
of
36
A lazy and layered SMT(BV) solver for hard industrial verification problems
 In Computer Aided Verification (CAV), LNCS
, 2007
"... Abstract. Rarely verification problems originate from bitlevel descriptions. Yet, most of the verification technologies are based on bit blasting, i.e., reduction to boolean reasoning. In this paper we advocate reasoning at higher level of abstraction, within the theory of bit vectors (BV), where s ..."
Abstract

Cited by 17 (6 self)
 Add to MetaCart
Abstract. Rarely verification problems originate from bitlevel descriptions. Yet, most of the verification technologies are based on bit blasting, i.e., reduction to boolean reasoning. In this paper we advocate reasoning at higher level of abstraction, within the theory of bit vectors (BV), where structural information (e.g. equalities, arithmetic functions) is not blasted into bits. Our approach relies on the lazy Satisfiability Modulo Theories (SMT) paradigm. We developed a satisfiability procedure for reasoning about bit vectors that carefully leverages on the power of boolean SAT solver to deal with components that are more naturally “boolean”, and activates bitvector reasoning whenever possible. The procedure has two distinguishing features. First, it relies on the online integration of a SAT solver with an incremental and backtrackable solver for BV that enables dynamical optimization of the reasoning about bit vectors; for instance, this is an improvement over static encoding methods which may generate smaller slices of bitvector variables. Second, the solver for BV is layered (i.e., it privileges cheaper forms of reasoning), and it is based on a flexible use of term rewriting techniques. We evaluate our approach on a set of realistic industrial benchmarks, and demonstrate substantial improvements with respect to stateoftheart boolean satisfiability solvers, as well as other decision procedures for SMT(BV). 1
Refinement Maps for Efficient Verification of Processor Models
 In Design Automation and Test in Europe, DATE’05
, 2005
"... While most of the effort in improving verification times for pipeline machine verification has focused on faster decision procedures, we show that the refinement maps used also have a drastic impact on verification times. We introduce a new class of refinement maps for pipelined machine verification ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
While most of the effort in improving verification times for pipeline machine verification has focused on faster decision procedures, we show that the refinement maps used also have a drastic impact on verification times. We introduce a new class of refinement maps for pipelined machine verification, and using the stateoftheart verification tools UCLID and Siege we show that one can attain several orders of magnitude improvements in verification times over the standard flushingbased refinement maps, even enabling the verification of machines that are too complex to otherwise automatically verify. 1.
Optimizations for compiling declarative models into Boolean formulas
 In 8th International Conference on Theory and Applications of Satisfiability Testing (SAT 2005), St.Andrews
, 2005
"... Abstract. Advances in SAT solver technology have enabled many automated analysis and reasoning tools to reduce their input problem to a SAT problem, and then to use an efficient SAT solver to solve the underlying analysis or reasoning problem. The solving time for SAT solvers can vary substantially ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
Abstract. Advances in SAT solver technology have enabled many automated analysis and reasoning tools to reduce their input problem to a SAT problem, and then to use an efficient SAT solver to solve the underlying analysis or reasoning problem. The solving time for SAT solvers can vary substantially for semantically identical SAT problems depending on how the problem is expressed. This property motivates the development of new optimization techniques whose goal is to produce more efficiently solvable SAT problems, thereby improving the overall performance of the analysis or reasoning tool. This paper presents our experience using several mechanical techniques that enable the Alloy Analyzer to generate optimized SAT formulas from firstorder logic formulas. These techniques are inspired by similar techniques from the field of optimizing compilers, suggesting the potential presence of underlying connections between optimization problems from two very different domains. Our experimental results show that our techniques can deliver substantial performance improvement results—in some cases, they reduce the solving time by an order of magnitude. 1
SWORD: a SAT like prover using word level information
 in Int’l Conference on Very Large Scale Integration, 2007
"... Abstract — Solvers for Boolean Satisfiability (SAT) are stateoftheart to solve verification problems. But when arithmetic operations are considered, the verification performance degrades with increasing datapath width. Therefore, several approaches that handle a higher level of abstraction have ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
Abstract — Solvers for Boolean Satisfiability (SAT) are stateoftheart to solve verification problems. But when arithmetic operations are considered, the verification performance degrades with increasing datapath width. Therefore, several approaches that handle a higher level of abstraction have been studied in the past. But the resulting solvers are still not robust enough to handle problems that mix word level structures with bit level descriptions. In this paper, we present the satisfiability solver SWORD – a SAT like solver that facilitates word level information. SWORD represents the problem in terms of modules that define operations over bit vectors. Thus, word level information and structural knowledge become available in the search process. The experimental results show that on our benchmarks SWORD is more robust than Boolean SAT, K*BMDs or SMT. I.
From Propositional Satisfiability to Satisfiability Modulo Theories
 In Theory and Applications of Satisfiability Testing (SAT
, 2006
"... Abstract. In this paper we present a review of SATbased approaches for building scalable and efficient decision procedures for quantifierfree firstorder logic formulas in one or more decidable theories, known as Satisfiability Modulo Theories (SMT) problems. As applied to different system verific ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
Abstract. In this paper we present a review of SATbased approaches for building scalable and efficient decision procedures for quantifierfree firstorder logic formulas in one or more decidable theories, known as Satisfiability Modulo Theories (SMT) problems. As applied to different system verification problems, SMT problems comprise of different theories including fragments of elementary theory of numbers, the theory of arrays, the theory of list structures, etc. In this paper we focus on different DPLLstyle satisfiability procedures for decidable fragments of the theory of integers. Leveraging the advances made in SAT solvers in the past decade, we introduce several SATbased SMT solving methods that in many applications have outperformed classical decision methods. Aside from the classical method of translating the SMT formula to a purely Boolean problem, in recent methods, a SAT solver is utilized to serve as the “glue ” that ties together the different theory atoms and forms the basis for reasoning and learning within and across them. Several methods have been developed to provide a combination framework for implications to flow through the theory solvers and to possibly activate other theory atoms based on the current assignments. Similarly, conflictbased learning is also extended to enable the creation of learned clauses comprising of the combination of theory atoms. Additional methods unique to one or more types of theory atoms have also been proposed that learn more expressive constraints and significantly increase the pruning power of these combination schemes. We will describe several combination strategies and their impact on scalability and performance of the overall solver in different settings and applications. 1
Verification of executable pipelined machines with bitlevel interfaces
 In ICCAD2005, International Conference on ComputerAided Design
, 2005
"... Abstract — We show how to verify pipelined machine models with bitlevel interfaces by using a combination of deductive reasoning and decision procedures. While decision procedures such as those implemented in UCLID can be used to verify away the datapath, require the use of numerous abstractions, i ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
Abstract — We show how to verify pipelined machine models with bitlevel interfaces by using a combination of deductive reasoning and decision procedures. While decision procedures such as those implemented in UCLID can be used to verify away the datapath, require the use of numerous abstractions, implement a small subset of the instruction set, and are far from executable. In contrast, we focus on verifying executable machines with bitlevel interfaces. Such proofs have previously required substantial expert guidance and the use of deductive reasoning engines. We show that by integrating UCLID with the ACL2 theorem proving system, we can use ACL2 to reduce the proof that an executable, bitlevel machine refines its instruction set architecture to a proof that a term level abstraction of the bitlevel machine refines the instruction set architecture, which is then handled automatically by UCLID. In this way, we exploit the strengths of ACL2 and UCLID to prove theorems that are not possible to even state using UCLID and that would require prohibitively more effort using just ACL2. I.
SDSAT: Tight Integration of Small Domain Encoding and Lazy Approaches in a Separation Logic Solver
 In Proc. TACAS’06, volume 3920 of LNCS
, 2006
"... Existing difference logic (DL) solvers can be broadly classified as eager or lazy, each with its own merits and demerits. We propose a novel difference logic solver SDSAT that combines the strengths of both these approaches and provides a robust performance over a wide set of benchmarks. The solver ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
Existing difference logic (DL) solvers can be broadly classified as eager or lazy, each with its own merits and demerits. We propose a novel difference logic solver SDSAT that combines the strengths of both these approaches and provides a robust performance over a wide set of benchmarks. The solver SDSAT works in two phases: allocation and solve. In the allocation phase, it allocates nonuniform adequate ranges for variables appearing in difference predicates. This phase is similar to previous small domain encoding approaches, but uses a novel algorithm NuSMOD with 12 orders of magnitude improvement in performance and smaller ranges for variables. Furthermore, the difference logic formula is not transformed into an equisatisfiable Boolean formula in a single step, but rather done lazily in the following phase. In the solve phase, SDSAT uses a lazy refinement approach to search for a satisfying model within the allocated ranges. Thus, any partially DLtheory consistent model can be discarded if it cannot be satisfied within the allocated ranges. Note the crucial difference: in eager approaches, such a partially consistent model is not allowed in the first place, while in lazy approaches such a model is never discarded. Moreover, we dynamically refine the allocated ranges and search for a feasible solution within the updated ranges. This combined approach benefits from both the smaller search space (as in eager approaches) and also from the theoryspecific graphbased algorithms (characteristic of lazy approaches). Experimental results show that our method is robust and always better than or comparable to stateofthe art solvers using similar eager or lazy techniques.
Adaptive Eager Boolean Encoding for Arithmetic Reasoning in Verification
, 2005
"... senting the official policies, either expressed or implied, of any sponsoring institution, the U.S. Government, or any other entity. ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
senting the official policies, either expressed or implied, of any sponsoring institution, the U.S. Government, or any other entity.
Theory decision by decomposition
, 2008
"... The topic of this article is decision procedures for satisfiability modulo theories (SMT) of arbitrary quantifierfree formulæ. We propose an approach that decomposes the formula in such a way that its definitional part, including the theory, can be compiled by a rewritebased firstorder theorem pro ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
The topic of this article is decision procedures for satisfiability modulo theories (SMT) of arbitrary quantifierfree formulæ. We propose an approach that decomposes the formula in such a way that its definitional part, including the theory, can be compiled by a rewritebased firstorder theorem prover, and the residual problem can be decided by an SMTsolver, based on the DavisPutnamLogemannLoveland procedure. The resulting decision by stages mechanism may unite the complementary strengths of firstorder provers and SMTsolvers. We demonstrate its practicality by giving decision procedures for the theories of records, integer offsets and arrays, with or without extensionality, and for combinations including such theories.
A Framework for Verifying BitLevel Pipelined Machines Based on Automated Deduction and Decision Procedures
 Journal of Automated Reasoning
, 2006
"... Abstract. We describe an approach to verifying bitlevel pipelined machine models using a combination of deductive reasoning and decision procedures. While theorem proving systems such as ACL2 have been used to verify bitlevel designs, they typically require extensive expert user support. Decision ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. We describe an approach to verifying bitlevel pipelined machine models using a combination of deductive reasoning and decision procedures. While theorem proving systems such as ACL2 have been used to verify bitlevel designs, they typically require extensive expert user support. Decision procedures such as those implemented in UCLID can be used to automatically and efficiently verify termlevel pipelined machine models, but these models use numerous abstractions, implement a subset of the instruction set, and are far from executable. We show that by integrating UCLID with the ACL2 theorem proving system, we can use ACL2 to reduce the proof that an executable, bitlevel machine refines its instruction set architecture to a proof that a termlevel abstraction of the bitlevel machine refines the instruction set architecture, which is then handled automatically by UCLID. We demonstrate the efficiency of our approach by applying it to verify a complex seven stage bitlevel interface pipelined machine model that implements 593 instructions and has features such as branch prediction, exceptions, and predicated instruction execution. Such a proof is not possible using UCLID and would require prohibitively more effort using just ACL2.