Approximations and Abstractions for Reasoning about Machine Arithmetic

Safety-critical systems rely on various forms of machine arithmetic to perform their tasks: integer arithmetic, fixed-point arithmetic or floating-point arithmetic. Machine arithmetic can exhibit subtle differences in behavior compared to the ideal mathematical arithmetic, due to fixed-size of representation in memory. Failure of safety-critical systems is unacceptable, because it can cost lives or huge amounts of money, time and e↵ort. To prevent such incidents, we want to formally prove that systems satisfy certain safety properties, or otherwise discover cases when the properties are violated. However, for this we need to be able to formally reason about machine arithmetic. The main problem with existing approaches is their inability to scale well with the increasing complexity of systems and their properties. In this thesis, we explore two alternatives to bit-blasting, the core procedure lying behind many common approaches to reasoning about machine arithmetic. In the first approach, we present a general approximation framework which we apply to solve constraints over floating-point arithmetic. It is built on top of an existing decision procedure, e.g., bit-blasting. Rather than solving the original formula, we solve a sequence of approximations of the formula. Initially very crude, these approximations are frequently solved very quickly. We use results from these approximations to either obtain a solution, obtain a proof of unsatisfiability or generate a new approximation to solve. Eventually, we will either have found a solution or a proof that solution does not exist. The approximation framework improves the solving time and can solve a number of formulas that the bit-blasting cannot. In the second approach, we present a novel method to reason about the theory of fixed-width bit-vectors. This new decision procedure is called mcBV and it is based on the model constructing satisfiability calculus (mcSAT). The procedure uses a lazy representation of bit-vectors and attempts to avoid bit-blasting altogether. It is able to reason about bit-vectors on both bitand word-level, leveraging both Boolean constraint propagation and native arithmetic reasoning. It also features a greedy explanation generalization mechanism and is capable of more general learning compared to existing approaches. mcBV is able to reason about bit-vectors with sizes that significantly exceed the usual 32, 64 and 128 bits. Evaluation of mcBV shows an improvement in performance (compared to bit-blasting) on several classes of problems.