Using Term Rewriting to Solve Bit-Vector Arithmetic Problems - (Poster Presentation)
نویسندگان
چکیده
Among many theories supported by SMT solvers, the theory of finite-precision bit-vector arithmetic is one of the most useful, for both hardware and software systems verification. This theory is also particularly useful for some specific domains such as cryptography, in which algorithms are naturally expressed in terms of bit-vectors. Cryptol is an example of a domain-specific language (DSL) and toolset for cryptography developed by Galois, Inc.; providing an SMT backend that relies on bit-vector decision procedures to certify the correctness of cryptographic specifications [3]. Most of these decision procedures use bit-blasting to reduce a bit-vector problem into pure propositional SAT. Unfortunately bit-blasting does not scale very well, especially in the presence of operators like multiplication or division. For example, the equality x[n] − 1[n] = (x[n] + 1[n]) × (x[n] − 1[n]) is a simple consequence of distributivity and associativity laws; but even for small values of n the bit-level representation of this formula is so huge that it is intractable by current SAT solvers. The main reason for this is the loss of high-level algebraic structure present in the original decision problem. The point here is that one can exploit algebraic properties concerning the domain of bit-vectors to rewrite this problem into an equisatisfiable, but computationally less hard, problem. For instance, the above equality can be proved valid as follows (subscripts are omitted for clarity): x2 − 1 = (x + 1) × (x − 1) ≡ {distributivity × 3; associativity} x2 − 1 = x2+x−x−1 ≡ {inverse; right identity} x2−1 = x2−1 ≡ {reflexivity} true. Modern SMT solvers already include a simplification phase that performs some rewriting on the input problem prior to bit-blasting [4]. Nevertheless, SMT solvers have to deal with a wide range of application domains, and hence the set of rewrite rules employed for simplification inevitably excludes many rules that are useful for some particular domains but may be inconvenient for others. The present work was motivated by the difficulties reported by the Galois Cryptol team in achieving automatic equivalence checking for public-key cryptography (PKC). PKC is particularly hard because it involves multiplication and modular exponentiation on long bit-vectors. Hence, the bit-level representation of any PKC algorithm is usually so huge that such equivalence problems are too hard for current SAT solvers, unless a significant amount of rewriting is performed before bit-blasting. SMT solvers employing high-level rewriting-based techniques have been shown to be promising, but they are still insufficiently powerful to handle
منابع مشابه
LEC: Learning Driven Data-path Equivalence Checking
In the LEC system, we employ a learning-driven approach for solving combinational data-path equivalence checking problems. The data-path logic is specified using Boolean and word-level operators in VHDL/Verilog. The targeted application area are Cto-RTL equivalence checking problems found in an industrial setting. These are difficult because of the algebraic transformations done on the data-pat...
متن کاملArithmetic Bit-Level Verification Using Network Flow Model
The paper presents a new approach to functional, bit-level verification of arithmetic circuits. The circuit is modeled as a network of adders and basic Boolean gates, and the computation performed by the circuit is viewed as a flow of binary data through such a network. The verification problem is cast as a Network Flow problem and solved using symbolic term rewriting and simple algebraic techn...
متن کاملA Lazy and Layered SMT(BV ) Solver for Hard Industrial Verification Problems
Rarely verification problems originate from bit-level descriptions. Yet, most of the verification technologies are based on bit blasting, i.e., reduction to boolean reasoning. In this paper we advocate reasoning at higher level of abstraction, within the theory of bit vectors (BV ), where structural information (e.g. equalities, arithmetic functions) is not blasted into bits. Our approach relie...
متن کاملBeaver: Engineering an Efficient SMT Solver for Bit-Vector Arithmetic
We present the key ideas in the design and implementation of Beaver, an SMT solver for quantifierfree finite-precision bit-vector logic (QF BV). Beaver uses an eager approach, encoding the original SMT problem into a Boolean satisfiability (SAT) problem using a series of word-level and bit-level transformations. In this paper, we describe the most effective transformations, such as propagating ...
متن کاملA High-Speed Dual-Bit Parallel Adder based on Carbon Nanotube FET technology for use in arithmetic units
In this paper, a Dual-Bit Parallel Adder (DBPA) based on minority function using Carbon-Nanotube Field-Effect Transistor (CNFET) is proposed. The possibility of having several threshold voltage (Vt) levels by CNFETs leading to wide use of them in designing of digital circuits. The main goal of designing proposed DBPA is to reduce critical path delay in adder circuits. The proposed design positi...
متن کامل