Abstract

Much of an interpolation engine for bit-vector (BV) arithmetic can be constructed by observing that BV arithmetic can be modeled with linear integer arithmetic (LIA). Two BV formulae can thus be translated into two LIA formulae and then an interpolation engine for LIA used to derive an interpolant, albeit one expressed in LIA. The construction is completed by back-translating the LIA interpolant into a BV formula whose models coincide with those of the LIA interpolant. This paper develops a back-translation algorithm showing, for the first time, how back-translation can be universally applied, whatever the LIA interpolant. This avoids the need for deriving a BV interpolant by bit-blasting the BV formulae, as a backup process when back-translation fails. The new back-translation process relies on a novel geometric technique, called gapping, the correctness and practicality of which are demonstrated.

Highlights

  • Given two formulae A and B which are inconsistent, an interpolant for the ordered pair A, B is a formula I over the variables common to both A and B which is a relaxation of A that is still inconsistent with B

  • In lazy abstraction with interpolants [25], program state is described with unrestricted formulae, rather than merely using predicates, and interpolation is applied to relax sequences of formulae that describe the states down paths which do not error

  • We show that a naıve encoding of an linear integer arithmetic (LIA) inequality as a BV inequality can give a formula which has a completely different meaning from LIA inequality: the BV inequality can have solutions not admitted by the LIA inequality and vice versa

Read more

Summary

Introduction

Given two formulae A and B which are inconsistent, an interpolant for the ordered pair A, B is a formula I over the variables common to both A and B which is a relaxation of A that is still inconsistent with B. One takes advantage of existing interpolation engines [16] and the another develops a bespoke interpolation engine around lazy reduction [2], which supports bit-vector operations by expanding them, on demand, to Presburger arithmetic [2] This paper develops the former approach, aiming to use an LIA solver as is. If the candidate fails the check, the two BV formulae are bit-blasted to recover a propositional interpolant, albeit one which looses the high-level structure of bit-vectors, and is not compact This approach is promising: it exploits robust off-the-shelf LIA interpolation [17] yet is compromised by the quality of the interpolants which follow from bit-blasting. Contribution This paper plugs this gap, addressing the issue of interpolant quality by developing a new, principled encoding LIA formulae into BV formulae which does not enlarge the bit-width of the BV formulae.

Boxing and Gapping in Pictures
Formal correctness of boxing and gapping
Boxing
Boxing and Gapping
Boxing, Gapping and Flipping
Boxing, Gapping, Flipping and Demoding
Experiments
Overall Result
Runtime for Naive encoding and Boxing
Interpolant Size for Naive encoding and Boxing
Related work
Concluding Discussion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call