ebook img

DECISION PROCEDURES FOR BIT-VECTORS, ARRAYS AND PDF

125 Pages·2007·0.64 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview DECISION PROCEDURES FOR BIT-VECTORS, ARRAYS AND

DECISION PROCEDURES FOR BIT-VECTORS, ARRAYS AND INTEGERS A DISSERTATION SUBMITTED TO THE DEPARTMENT OF COMPUTER SCIENCE AND THE COMMITTEE ON GRADUATE STUDIES OF STANFORD UNIVERSITY IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY VijayGanesh September2007 (cid:13)c Copyright by Vijay Ganesh 2007 All Rights Reserved ii I certify that I have read this dissertation and that, in my opinion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy. (ProfessorDavidL.Dill) PrincipalAdviser I certify that I have read this dissertation and that, in my opinion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy. (ProfessorDawsonEngler) I certify that I have read this dissertation and that, in my opinion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy. (Dr. NatarajanShankar) ApprovedfortheUniversityCommitteeonGraduateStudies. iii iv Abstract Decision procedures, also referred to as satisfiability procedures or constraint solvers, that can check satisfiability of formulas over mathematical theories such as Boolean logic, real and integer arithmetic are increasingly being used in varied areas of computer science like formalverification,programanalysis,andartificialintelligence. Therearetwoprimaryrea- sonsforthistrend. First,manydecisionproblemsincomputerscienceareeasilytranslated intosatisfiabilityproblemsinsomemathematicaltheory. Second,inthelastdecadeconsid- erable progress has been made in the design and implementation of practical and efficient decisionprocedures. Theimprovementhasbeensodramaticthatformanyproblems,trans- lation to the satisfiability problem over some logic, followed by invocation of a decision procedure for that logic is often better than special-purpose algorithms. Also, for certain applications, decision procedures have proved to be an enabling technology. For example, therecentrapidadoptionofdecisionproceduresinautomatedbug-findingtoolshasenabled thesetoolstofindmanyhardtodetectbugsinreal-worldsoftware,deemedinfeasibleafew years ago. As applications cover new ground, they generate larger, more complex formu- las, and demand greater efficiency from the decision procedures they employ in deciding these formulas. This constant demand for more efficient, robust and practical decision proceduresformsthemotivation fortheworkpresentedhere. This dissertation discusses the design and implementation of novel, practical, robust andefficientdecisionproceduresforthesatisfiabilityproblemofthetheoriesofbit-vectors, arrays, and mixed real and integer linear arithmetic. The algorithms discussed here can demonstrably handleverylargeformulas obtainedfromreal-worldapplications. More specifically, this thesis makes three contributions. First, a new efficient decision v procedure for the theory of bit-vectors and arrays, called STP, is presented. The architec- ture of the STP tool is SAT-based, i.e., the input formula is efficiently translated into a Boolean formula after significant preprocessing, and this Boolean formula is then fed to a decision procedure for Boolean logic, often known as a SAT solver. The preprocessing steps consist of a solver for linear bit-vector arithmetic, and two algorithms based on the abstraction-refinement paradigm to handle very large arrays. The solver algorithm is on- line, based on a solve-and-substitute method, and can solve for whole bit-vectors or parts thereof. Online means that the solver can accept and process new input in an incremental fashion, without having to re-process all the previously received inputs. Algorithms em- ploying the abstraction-refinement paradigm abstract away parts of the input in the hope that the resulting abstracted formula will be easier to decide, and that the answer will be correct. In the event the resulting answer is not correct, the algorithm suitably refines the abstractedformulatoobtainalessabstractformula,andthentriestodecideit. Thisprocess of refinement is repeated until the correct answer is obtained. The mix of aforementioned algorithms and the SAT-based approach used in STP has proved very effective in deciding extremelylargeformulasoverthetheoryofbit-vectorandarraysgeneratedfromreal-world applicationslikebug-finding, formal verification,program analysis,andsecurityanalysis. Second,amixedrealandintegerlineararithmeticdecisionprocedureispresented,that has been implemented as part of the CVC tool [SBD02]. The decision procedure is online and proof-producing. A decision procedure is called proof-producing if it can generate a mathematical proof of its work. Proof-producing decision procedures have the advantage that their work can be checked by external proof checkers. Also, these characteristics are very important in making the decision procedure efficient in the context of combining decisionproceduresofvariousmathematicaltheoriestoobtainadecisionprocedureforthe unionofthesetheories. Third, a new decision procedure for the quantifier-free fragment of Presburger arith- meticispresented. Thedecisionprocedureisbasedontranslatingthesatisfiabilityproblem of this fragment into the language emptiness problem of a finite state automaton, which in turn is translated into a model-checking problem. This approach takes advantage of ef- ficient Binary Decision Diagram (or BDD) implementations in modern symbolic model vi checkers. BDDs are data structures that can efficiently represent finite state automata. Fi- nally, various decision procedures for quantifier-free Presburger arithmetic are compared inasystematicfashion. vii Acknowledgments I am indebted to a great many people, without whose support I could not have completed this dissertation. First and foremost, I would like to thank my adviser, Professor David L. Dill. Besides being an excellent mentor and adviser, he supported me through some very difficultperiodsduring mystayatStanford. Dave’sapproachtosolvingproblems,withan insistence on simplicity, elegance and effectiveness has had a lasting impact on me. Even when things seemed very difficult to me, he encouraged me to soldier on, and provided perspectivebasedonhisexperience. I would next like to thank Professor Dawson Engler. The EXE project, lead by Prof. Engler, provided the context in which a large portion of my thesis work was developed. I also learnt many a good lesson by simply observing Dawson go about solving hard prob- lems in a practical way. Dr. Sergey Berezin is another person who helped make my stay at Stanford an excellent learning experience, for which I am very thankful to him. Also, I had a fantastic time engaging Sergey in discussions about all kinds of topics outside of work. I am grateful to Dr. Natarajan Shankar, with whom my interactions have always been pleasant and a great source of inspiration. I am continually impressed by the ease with which he navigates both theoretical and practical aspects of various problems from different domains. I would like to sincerely thank the members of my thesis defense com- mittee,ProfessorsChristopherJacobs,MichaelGenesereth,DawsonEngler,DavidL.Dill, andDr. HennySipma,foragreeingtobeonthecommittee atarathershortnotice. I have been lucky to have some wonderful peers who have supported me during my yearsatStanford. Inparticular,IwouldliketothankJacobChang,AsheeshKhare,Cristian Cadar,TedKremenek,DebasisSahoo,ArnabRoyandothersfortheirwarmfriendship. viii Noacknowledgmentiscompletewithouttheexpressionofgratitudetowardsone’sfam- ily. Iamdeeplyindebtedtomylovingmother,whohasbeenandcontinuestobemygreat- estinspiration. Her confidencein me haskeptme going through somevery difficult times. I learnt from her the value of perseverance and honesty. I am also very grateful to my lovely wife Natalia, whose support has been critical in helping me complete this work. I would like to express my gratitude towards my late elder brother Chidambaram Raju, who inspired me to be inquisitive. A debt of gratitude goes the rest of my family. Finally, I dedicatethisdissertationtomymother. ix Contents Abstract v Acknowledgments viii 1 Introduction 1 1.1 ProblemStatement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 TheChoiceofMathematicalTheories . . . . . . . . . . . . . . . . . . . . 3 1.3 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3.1 First-Order Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3.2 TheoriesandModels . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3.3 DecisionProceduresandTheSatisfiabilityProblem . . . . . . . . . 6 1.4 Contributions AtaGlance . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.5 Organization ofthisDissertation . . . . . . . . . . . . . . . . . . . . . . . 9 2 AutomataandPresburgerArithmetic 10 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.2 PresburgerArithmetic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.2.1 IdeaBehindtheAutomaton . . . . . . . . . . . . . . . . . . . . . 16 2.2.2 FormalDescriptionoftheAutomaton . . . . . . . . . . . . . . . . 18 2.3 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.4 ExperimentalResults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 x

Description:
First, many decision problems in computer science are easily translated . at Stanford an excellent learning experience, for which I am very thankful to him. Also,.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.