Skip to content

Bitvector to Integer Translation

Matthias Heizmann edited this page Mar 28, 2018 · 9 revisions

Bitvector to Integer translation

Motivation

Our analysis is more efficient on integers but most programming languages use a bitvector-based semantics. In many cases we can get the integer performance and the bitvector precision if we represent bitvectors as integers and use the integer representation whenever possible.

  • We translate 01001 to 9
  • We translate x + 1 to (x + 1) % 4294967296 if x is a 32-bit integer variable
  • We translate bitshift operations by multiplication resp. division
  • We translate bitwise and x & y to function that may return any value and is marked as an overapproximation. Whenever such a marked operation occurs in a counterexample, we redo the analysis using the bitprecise semantics.

In this project we will develop more of these several translations (e.g., use division and modulo to extract certain bits) and evaluate their performance

Bitvector to Integer translation

Contact: Daniel or Matthias

Our analysis is more efficient on integers but most programming languages use a bitvector-based semantics. In many cases we can get the integer performance and the bitvector precision if we represent bitvectors as integers and use the integer representation whenever possible.

  • We translate 01001 to 9
  • We translate x + 1 to (x + 1) % 4294967296 if x is a 32-bit integer variable
  • We translate bitshift operations by multiplication resp. division
  • We translate bitwise and x & y to function that may return any value and is marked as an overapproximation. Whenever such a marked operation occurs in a counterexample, we redo the analysis using the bitprecise semantics.

In this project we will develop more of these several translations (e.g., use division and modulo to extract certain bits) and evaluate their performance.

Introductory Material

Boogie

Exercises to get familiar with Boogie

  • Write some (small) Boogie program that is correct.
  • Write some (small) Boogie program that not correct.
  • Write some (small) Boogie program where Ultimate is unable to decide correctness.
  • Write some (small) Boogie program that is nonterminating.
  • Write some (small) Boogie program that is terminating.
Clone this wiki locally