-
Notifications
You must be signed in to change notification settings - Fork 42
Bitvector to Integer Translation
Our analysis is more efficient on integers but most programming languages use a bitvector-based semantics. In many cases we can get the integer performance and the bitvector precision if we represent bitvectors as integers and use the integer representation whenever possible.
- We translate
01001
to9
- We translate
x + 1
to(x + 1) % 4294967296
ifx
is a 32-bit integer variable - We translate bitshift operations by multiplication resp. division
- We translate bitwise and
x & y
to function that may return any value and is marked as an overapproximation. Whenever such a marked operation occurs in a counterexample, we redo the analysis using the bitprecise semantics.
In this project we will develop more of these several translations (e.g., use division and modulo to extract certain bits) and evaluate their performance
- Boogie specification This is Boogie 2
- Microsoft's tool for Boogie verificationBoogie @ rise4fun
- A Boogie interpreter Boogaloo
- Verification of safety properties in Ultimate
- Termination analysis in Ultimate (link currently not working, problem with umlauts)
- Synthesis of ranking functions and nontermination arguments in Ultimate
Exercises
- Write some (small) Boogie program that is correct.
- Write some (small) Boogie program that not correct.
- Write some (small) Boogie program where Ultimate is unable to decide correctness.
- Write some (small) Boogie program that is nonterminating.
- Write some (small) Boogie program that is terminating.
Exercises
- Write an SMT script that demonstrates that the formula
x * x <= 5 /\ x > 1
is satisfiable. The Sort of the variablex
should beInt
. - What is a satisfiable assignment for
x
. - Add another conjunct such that the formula becomes unsatisfiable.
Internally Ultimate does not use program statements (like assignment, assume, havoc..) instead we translate all statements into relations that are represented by SMT formulas over primed and unprimed variables.
(TODO find literature - maybe could be understood without)
Example: Assume a program has variables x, y, z, then x := x + 1
would be translated into the formula x'=x+1 /\ y'=y /\ z'=z
- Translate some of the statements from Sequence below to formulas.
- We can use relations/formulas to represent sequences of statements. Let us assume that formula
φ1(x,x')
represents statement st1 and that formulaφ2(x,x')
represents statement st2. How can we combine both formulas in order to obtain a formula that represents the sequence st1;st2. (Hint: quantifier and substitution) - Find a formula over primed and unprimed variables that does not represent any single statement but only a sequence of statements.
z:= 1; assume x>=7; x := x+1; assume y >= x; havoc x; assume (y < 8 || z >= 5);
- Home
- Ultimate Development
- Ultimate Build System
- Documentation
- Project Topics