[SMT-LIB] overflow checking for bit-vectors

Christoph Wintersteiger cwinter at microsoft.com
Fri Sep 11 08:20:28 EDT 2015 

Sounds like a good idea to me too. Z3 also has most of them, although perhaps not the most efficient encodings of them.

Cheers,
Christoph

Christoph M. Wintersteiger | Researcher | Tel: +44 1223 479724 | Fax: +44 1223 479999 | research.microsoft.com/people/cwinter


Microsoft Research Limited (company number 03369488) is a company registered in England and Wales whose registered office is at 21 Station Road, Cambridge, CB1 2FB 

-----Original Message-----
From: smt-lib-bounces at cs.nyu.edu [mailto:smt-lib-bounces at cs.nyu.edu] On Behalf Of Florian Schanda
Sent: 04 September 2015 09:21
To: smt-lib at cs.nyu.edu
Subject: [SMT-LIB] overflow checking for bit-vectors

Hi SMT-LIB,

I would like to propose an extension to bit-vectors. I have previously discussed this at SMT'14 (indeed, some time ago now) and with Liana. It took me some time to get around to writing the proposal; sorry!

The general idea is to have overflow-checking predicates, which can sometimes be implemented more efficiently than the obvious way of doing it.

I propose to extend QF_BV as follows:

  Functions:
 
    (bvsaddo (_ BitVec m) (_ BitVec m) Bool)
    (bvuaddo (_ BitVec m) (_ BitVec m) Bool)
    (bvssubo (_ BitVec m) (_ BitVec m) Bool)
    (bvusubo (_ BitVec m) (_ BitVec m) Bool)
    (bvsmulo (_ BitVec m) (_ BitVec m) Bool)
    (bvumulo (_ BitVec m) (_ BitVec m) Bool)
    (bvsdivo (_ BitVec m) (_ BitVec m) Bool)
      - signed and unsigned addition, subtraction, multiplication, and
        unsigned division overflow checking

    (bvsnego (_ BitVec m) Bool)
      - signed negation overflow checking

The signed overflow predicates checks if the given operation would yield a value outside the range -2^(m-1) .. 2^(m-1) - 1, and the unsigned overflow checks similar check if the result would be inside range 0 .. 2^m - 1.

The obvious way of doing this is to sign-extend both to a suitably sized bit- vector (m+1 for add, sub, div, neg and m*2 for mul), and then do the range check; but it is possible to do it more efficiently [1]. It is always possible to do this by hand, but I would trust solver developers much more than myself
:) Also, I think the predicates make the intent of the benchmark writer clearer.

Thoughts, comments welcome. I am of course happy to provide/write some overflow benchmarks from SPARK, if a solver developer implements the above :)

Thanks,

- Florian

[1] Schulte, M. J., Gok, M., Balzola, P. I., & Brocato, R. W. (2000, November). Combined unsigned and two's complement saturating multipliers.
In International Symposium on Optical Science and Technology (pp. 185-196).
International Society for Optics and Photonics.

_______________________________________________
SMT-LIB mailing list
SMT-LIB at cs.nyu.edu
http://www.cs.nyu.edu/mailman/listinfo/smt-lib

More information about the SMT-LIB mailing list