1/*******************************************************************\
5Author: Daniel Kroening, kroening@kroening.com
7\*******************************************************************/
22 for(std::size_t i=0; i<width; i++)
30 const std::size_t width = bv.size();
31 std::string s(width,
'0');
32 for(std::size_t i = 0; i < width; i++)
33 s[width - i - 1] = bv[i].
is_true() ?
'1' :
'0';
49 for(std::size_t i=0; i<
a.size(); i++)
61 result.resize(last+1);
63 result.erase(result.begin(), result.begin()+first);
75 result.erase(result.begin(), result.begin()+(result.size()-
n));
95 result.resize(
a.size()+
b.size());
97 for(std::size_t i=0; i<
a.size(); i++)
100 for(std::size_t i=0; i<
b.size(); i++)
101 result[i+
a.size()]=
b[i];
113 result.resize(
a.size());
114 for(std::size_t i=0; i<result.size(); i++)
147// The optimal encoding is the default as it gives a reduction in space
148// and small performance gains
149 #define OPTIMAL_FULL_ADDER
157 #ifdef OPTIMAL_FULL_ADDER
170 else if(
b.is_constant())
185 // Rely on prop.l* to do further constant propagation
188 // At least one input bit is 1
194 // At least one input bit is 0
203 // Any two inputs 1 will set the carry_out to 1
208 // Any two inputs 0 will set the carry_out to 0
213 // If both carry out and sum are 1 then all inputs are 1
218 // If both carry out and sum are 0 then all inputs are 0
223 // If all of the inputs are 1 or all are 0 it sets the sum
230 else // NOLINT(readability/braces)
231 #endif // OPTIMAL_FULL_ADDER
239// Daniel's carry optimisation
240 #define COMPACT_CARRY
247 // propagation possible?
249 a.is_constant() +
b.is_constant() +
c.is_constant();
251 // propagation is possible if two or three inputs are constant
258 // it's also possible if two of a,b,c are the same
266 // the below yields fewer clauses and variables,
267 // but doesn't propagate anything at all
275 ( a OR b OR NOT x) AND
276 ( a OR NOT b OR c OR NOT x) AND
277 ( a OR NOT b OR NOT c OR x) AND
278 (NOT a OR b OR c OR NOT x) AND
279 (NOT a OR b OR NOT c OR x) AND
280 (NOT a OR NOT b OR x)
282 (x=((a AND b) OR (a AND c) OR (b AND c)));
295 #endif // COMPACT_CARRY
308std::pair<bvt, literalt>
314 result.first.reserve(op0.size());
317 for(std::size_t i = 0; i < op0.size(); i++)
334 for(std::size_t i=0; i<op0.size(); i++)
357 // we ignore the carry-out
366 // we ignore the carry-out
391 // An unsigned overflow has occurred when carry_out is not equal to
392 // subtract: addition with a carry-out means an overflow beyond the maximum
393 // representable value, subtraction without a carry-out means an underflow
394 // below zero. For saturating arithmetic the former implies that all bits
395 // should be set to 1, in the latter case all bits should be set to zero.
405 // A signed overflow beyond the maximum representable value occurs when
406 // adding two positive numbers and the wrap-around result being negative, or
407 // when subtracting a negative from a positive number (and, again, the
408 // result being negative).
413 // A signed underflow below the minimum representable value occurs when
414 // adding two negative numbers and arriving at a positive result, or
415 // subtracting a positive from a negative number (and, again, obtaining a
416 // positive wrap-around result).
422 // set all bits except for the sign bit
430 // finally add the sign bit
444 // An overflow occurs if the signs of the two operands are the same
445 // and the sign of the sum is the opposite.
455 // overflow is simply carry-out
467 // We special-case x-INT_MIN, which is >=0 if
468 // x is negative, always representable, and
469 // thus not an overflow.
480 // overflow is simply _negated_ carry-out
497 // an overflow occurs if the signs of the two operands are the same
498 // and the sign of the sum is the opposite
503 // we ignore the carry-out
515 "representation has either value signed or unsigned");
518 return std::move(result.first);
529 std::size_t d=1, width=op.size();
538 for(std::size_t i=0; i<width; i++)
551 result.resize(src.size());
553 // 'dist' is user-controlled, and thus arbitary.
554 // We thus must guard against the case in which i+dist overflows.
555 // We do so by considering the case dist>=src.size().
557 for(std::size_t i=0; i<src.size(); i++)
564 // no underflow on i-dist because of condition dist<=i
569 // src.size()-i won't underflow as i<src.size()
570 // Then, if dist<src.size()-i, then i+dist<src.size()
575 // src.size()-i won't underflow as i<src.size()
576 // Then, if dist<src.size()-i, then i+dist<src.size()
581 // prevent overflows by using dist%src.size()
582 l=src[(src.size()+i-(
dist%src.size()))%src.size()];
586 // prevent overflows by using dist%src.size()
587 l=src[(i+(
dist%src.size()))%src.size()];
616 // a overflow on unary- can only happen with the smallest
617 // representable number 100....0
662 else if(
pps.size()==2)
669 // add groups of three partial products using CSA
676 INVARIANT(
a.size() ==
b.size(),
"groups should be of equal size");
677 INVARIANT(
a.size() ==
c.size(),
"groups should be of equal size");
686 if(
bit + 1 <
a.size())
690 new_pps.push_back(std::move(s));
691 new_pps.push_back(std::move(t));
694 // pass onwards up to two remaining partial products
707 using columnt = std::list<literalt>;
708 std::vector<columnt>
columns(
pps.front().size());
709 for(
const auto &
pp :
pps)
712 for(std::size_t i = 0; i <
pp.size(); ++i)
720 for(std::size_t d = 2; d <
pps.front().size(); d = (d * 3) / 2)
729 else if(
col_it->size() == d + 1)
731 // Dadda prescribes a half adder here, but OPTIMAL_FULL_ADDER makes
732 // full_adder actually build a half adder when carry-in is false.
736 *std::next(
col_it->begin()),
746 // We could also experiment with n:2 compressors (for n > 3, n=3 is the
747 // full adder as used below) that use circuits with lower gate count
748 // than just combining multiple full adders.
752 *std::next(
col_it->begin()),
753 *std::next(std::next(
col_it->begin())),
765 a.reserve(
pps.front().size());
766 b.reserve(
pps.front().size());
778 a.push_back(
col.front());
782 a.push_back(
col.front());
783 b.push_back(
col.back());
790// Wallace tree multiplier. This is disabled, as runtimes have
791// been observed to go up by 5%-10%, and on some models even by 20%.
792// #define WALLACE_TREE
793// Dadda' reduction scheme. This yields a smaller formula size than Wallace
794// trees (and also the default addition scheme), but remains disabled as it
795// isn't consistently more performant either.
798// The following examples demonstrate the performance differences (with a
799// time-out of 7200 seconds):
807// __CPROVER_bitvector[BITWIDTH] a, b;
808// __CPROVER_assert(a * 3 == a + a + a, "multiplication by 3");
809// __CPROVER_assert(3 * a == a + a + a, "multiplication by 3");
810// __CPROVER_bitvector[BITWIDTH] ab = a * b;
811// __CPROVER_bitvector[BITWIDTH * 2] ab_check =
812// (__CPROVER_bitvector[BITWIDTH * 2])a *
813// (__CPROVER_bitvector[BITWIDTH * 2])b;
815// ab == (__CPROVER_bitvector[BITWIDTH])ab_check, "should pass");
818// |----|-----------------------------|-----------------------------|
819// | | CaDiCaL | MiniSat2 |
820// |----|-----------------------------|-----------------------------|
821// | n | No tree | Wallace | Dadda | No tree | Wallace | Dadda |
822// |----|---------|---------|---------|---------|---------|---------|
823// | 1 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 |
824// | 2 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 |
825// | 3 | 0.01 | 0.01 | 0.00 | 0.00 | 0.00 | 0.00 |
826// | 4 | 0.01 | 0.01 | 0.01 | 0.01 | 0.01 | 0.01 |
827// | 5 | 0.04 | 0.04 | 0.04 | 0.01 | 0.01 | 0.01 |
828// | 6 | 0.11 | 0.13 | 0.12 | 0.04 | 0.05 | 0.06 |
829// | 7 | 0.28 | 0.46 | 0.44 | 0.15 | 0.27 | 0.31 |
830// | 8 | 0.50 | 1.55 | 1.09 | 0.90 | 1.06 | 1.36 |
831// | 9 | 2.22 | 3.63 | 2.67 | 3.40 | 5.85 | 3.44 |
832// | 10 | 2.79 | 4.81 | 4.69 | 4.32 | 28.41 | 28.01 |
833// | 11 | 8.48 | 4.45 | 11.99 | 38.24 | 98.55 | 86.46 |
834// | 12 | 14.52 | 4.86 | 5.80 | 115.00 | 140.11 | 461.70 |
835// | 13 | 33.62 | 5.56 | 6.14 | 210.24 | 805.59 | 609.01 |
836// | 14 | 37.23 | 6.11 | 8.01 | 776.75 | 689.96 | 6153.82 |
837// | 15 | 108.65 | 7.86 | 14.72 | 1048.92 | 1421.74 | 6881.78 |
838// | 16 | 102.61 | 14.08 | 18.54 | 1628.01 | timeout | 1943.85 |
839// | 17 | 117.89 | 18.53 | 9.19 | 4148.73 | timeout | timeout |
840// | 18 | 209.40 | 7.97 | 7.74 | 2760.51 | timeout | timeout |
841// | 19 | 168.21 | 18.04 | 15.00 | 2514.21 | timeout | timeout |
842// | 20 | 566.76 | 12.68 | 22.47 | 2609.09 | timeout | timeout |
843// | 21 | 786.31 | 23.80 | 23.80 | 2232.77 | timeout | timeout |
844// | 22 | 817.74 | 17.64 | 22.53 | 3866.70 | timeout | timeout |
845// | 23 | 1102.76 | 24.19 | 26.37 | timeout | timeout | timeout |
846// | 24 | 1319.59 | 27.37 | 29.95 | timeout | timeout | timeout |
847// | 25 | 1786.11 | 27.10 | 29.94 | timeout | timeout | timeout |
848// | 26 | 1952.18 | 31.08 | 33.95 | timeout | timeout | timeout |
849// | 27 | 6908.48 | 27.92 | 34.94 | timeout | timeout | timeout |
850// | 28 | 6919.34 | 36.63 | 33.78 | timeout | timeout | timeout |
851// | 29 | timeout | 27.95 | 40.69 | timeout | timeout | timeout |
852// | 30 | timeout | 36.94 | 31.59 | timeout | timeout | timeout |
853// | 31 | timeout | 38.41 | 40.04 | timeout | timeout | timeout |
854// | 32 | timeout | 33.06 | 91.38 | timeout | timeout | timeout |
855// |----|---------|---------|---------|---------|---------|---------|
857// In summary, both Wallace tree and Dadda reduction are substantially more
858// efficient with CaDiCaL on the above code for all bit width > 11, but somewhat
859// slower with MiniSat.
867// __CPROVER_bitvector[BITWIDTH] a, b, c, ab, bc, abc;
869// __CPROVER_bitvector[BITWIDTH * 2] ab_check =
870// (__CPROVER_bitvector[BITWIDTH * 2])a *
871// (__CPROVER_bitvector[BITWIDTH * 2])b;
872// __CPROVER_assume(ab == ab_check);
874// __CPROVER_bitvector[BITWIDTH * 2] bc_check =
875// (__CPROVER_bitvector[BITWIDTH * 2])b *
876// (__CPROVER_bitvector[BITWIDTH * 2])c;
877// __CPROVER_assume(bc == bc_check);
879// __CPROVER_bitvector[BITWIDTH * 2] abc_check =
880// (__CPROVER_bitvector[BITWIDTH * 2])ab *
881// (__CPROVER_bitvector[BITWIDTH * 2])c;
882// __CPROVER_assume(abc == abc_check);
883// __CPROVER_assert(abc == a * bc, "associativity");
886// |----|-----------------------------|-----------------------------|
887// | | CaDiCaL | MiniSat2 |
888// |----|-----------------------------|-----------------------------|
889// | n | No tree | Wallace | Dadda | No tree | Wallace | Dadda |
890// |----|---------|---------|---------|---------|---------|---------|
891// | 1 | 0.00 | 0.00 | 0.00 | 0.01 | 0.01 | 0.01 |
892// | 2 | 0.01 | 0.01 | 0.01 | 0.01 | 0.01 | 0.01 |
893// | 3 | 0.02 | 0.03 | 0.03 | 0.01 | 0.01 | 0.01 |
894// | 4 | 0.05 | 0.07 | 0.06 | 0.02 | 0.02 | 0.02 |
895// | 5 | 0.17 | 0.18 | 0.14 | 0.04 | 0.04 | 0.04 |
896// | 6 | 0.50 | 0.63 | 0.63 | 0.13 | 0.14 | 0.13 |
897// | 7 | 1.01 | 1.15 | 0.90 | 0.43 | 0.47 | 0.47 |
898// | 8 | 1.56 | 1.76 | 1.75 | 3.35 | 2.39 | 1.75 |
899// | 9 | 2.07 | 2.48 | 1.75 | 11.20 | 12.64 | 7.94 |
900// | 10 | 3.58 | 3.88 | 3.54 | 20.23 | 23.49 | 15.66 |
901// | 11 | 5.84 | 7.46 | 5.31 | 49.32 | 39.86 | 44.15 |
902// | 12 | 11.71 | 16.85 | 13.40 | 69.32 | 156.57 | 46.50 |
903// | 13 | 33.22 | 41.95 | 34.43 | 250.91 | 294.73 | 79.47 |
904// | 14 | 76.27 | 109.59 | 84.49 | 226.98 | 259.84 | 258.08 |
905// | 15 | 220.01 | 330.10 | 267.11 | 783.73 | 1160.47 | 1262.91 |
906// | 16 | 591.91 | 981.16 | 808.33 | 2712.20 | 4286.60 | timeout |
907// | 17 | 1634.97 | 2574.81 | 2006.27 | timeout | timeout | timeout |
908// | 18 | 4680.16 | timeout | 6704.35 | timeout | timeout | timeout |
909// | 19 | timeout | timeout | timeout | timeout | timeout | timeout |
910// | 20 | timeout | timeout | timeout | timeout | timeout | timeout |
911// | 21 | timeout | timeout | timeout | timeout | timeout | timeout |
912// | 22 | timeout | timeout | timeout | timeout | timeout | timeout |
913// | 23 | timeout | timeout | timeout | timeout | timeout | timeout |
914// | 24 | timeout | timeout | timeout | timeout | timeout | timeout |
915// | 25 | timeout | timeout | timeout | timeout | timeout | timeout |
916// | 26 | timeout | timeout | timeout | timeout | timeout | timeout |
917// | 27 | timeout | timeout | timeout | timeout | timeout | timeout |
918// | 28 | timeout | timeout | timeout | timeout | timeout | timeout |
919// | 29 | timeout | timeout | timeout | timeout | timeout | timeout |
920// | 30 | timeout | timeout | timeout | timeout | timeout | timeout |
921// | 31 | timeout | timeout | timeout | timeout | timeout | timeout |
922// | 32 | timeout | timeout | timeout | timeout | timeout | timeout |
923// |----|---------|---------|---------|---------|---------|---------|
925// In summary, Wallace tree reduction is slower for both solvers and all bit
926// widths (except BITWIDTH==8 with MiniSat2). Dadda multipliers get closer to
927// our multiplier that's not using a tree reduction scheme, but aren't uniformly
937 // build the usual quadratic number of partial products
938 std::vector<bvt>
pps;
939 pps.reserve(op0.size());
941 for(std::size_t
bit=0;
bit<op0.size();
bit++)
946 // zeros according to weight
948 pp.reserve(op0.size());
950 for(std::size_t idx =
bit; idx < op0.size(); idx++)
957 return zeros(op0.size());
962#elif defined(DADDA_TREE)
967 for(
auto it = std::next(
pps.begin()); it !=
pps.end(); ++it)
989 for(std::size_t i=0; i<
product.size(); i++)
992 for(std::size_t
sum=0;
sum<op0.size();
sum++)
999 for(std::size_t idx=0; idx<
sum; idx++)
1002 for(std::size_t idx=
sum; idx<
product.size(); idx++)
1007 for(std::size_t idx=op1.size()-
sum; idx<op1.size(); idx++)
1016 if(op0.empty() || op1.empty())
1037 result.resize(bv.size());
1039 for(std::size_t i=0; i<bv.size(); i++)
1062 if(op0.empty() || op1.empty())
1085 // We determine the result size from the operand size, and the implementation
1086 // liberally swaps the operands, so we need to arrive at the same size
1087 // whatever the order of the operands.
1121 if(op0.empty() || op1.empty())
1131 for(std::size_t i=0; i<
_op0.size(); i++)
1134 for(std::size_t i=0; i<
_op1.size(); i++)
1143 for(std::size_t i=0; i<
res.size(); i++)
1146 for(std::size_t i=0; i<
res.size(); i++)
1175 std::size_t width=op0.size();
1177 // If both operands are constant, compute the result directly so it folds to
1178 // constant literals downstream instead of introducing fresh variables and a
1179 // multiplier constraint. Division by zero falls through to the general
1180 // (non-deterministic) encoding below.
1193 // check if we divide by a power of two
1198 for(std::size_t i=0; i<op1.size(); i++)
1212 // it is a power of two!
1215 // remainder is just a mask
1217 for(std::size_t i=
one_pos; i<rem.size(); i++)
1224 // Division by zero test.
1225 // Note that we produce a non-deterministic result in
1226 // case of division by zero. SMT-LIB now says the following:
1227 // bvudiv returns a vector of all 1s if the second operand is 0
1228 // bvurem returns its first operand if the second operand is 0
1232 // free variables for result of division
1241 // res*op1 + rem = op0
1249 // op1!=0 => rem < op1
1255 // op1!=0 => res <= op0
1263#ifdef COMPACT_EQUAL_CONST
1264// TODO : use for lt_or_le as well
1269void bv_utilst::equal_const_register(
const bvt &var)
1284 std::size_t size = var.size();
1294 constant.pop_back();
1305 return entry->second;
1311 constant.pop_back();
1317 std::pair<var_constant_pairt, literalt>(index, compare));
1332literalt bv_utilst::equal_const(
const bvt &var,
const bvt &constant)
1334 std::size_t size = constant.size();
1341 // These get modified : be careful!
1347 /* Split the constant based on a change in parity
1348 * This is based on the observation that most constants are small,
1349 * so combinations of the lower bits are heavily used but the upper
1350 * bits are almost always either all 0 or all 1.
1354 std::size_t
split = size - 1;
1371 for(std::size_t i = 0; i <=
split; ++i)
1377 // Check we have split the array correctly
1380 "lower size plus upper size should equal the total size");
1383 "lower size plus upper size should equal the total size");
1401 #ifdef COMPACT_EQUAL_CONST
1402 // simplify_expr should put the constant on the right
1403 // but bit-level simplification may result in the other cases
1415 for(std::size_t i=0; i<op0.size(); i++)
1426 #define COMPACT_LT_OR_LE
1427/* Some clauses are not needed for correctness but they remove
1428 models (effectively setting "don't care" bits) and so may be worth
1430// #define INCLUDE_REDUNDANT_CLAUSES
1441#ifdef COMPACT_LT_OR_LE
1448 if(
top0.is_false() &&
top1.is_true())
1450 else if(
top0.is_true() &&
top1.is_false())
1453 // 1-bit signed: the sign bit is the only bit
1464 "the compact signed comparison encoding requires at least two bits");
1465 // 1 if a compare is needed below this bit
1472 else if(
top0.is_true())
1474 else if(
top1.is_false())
1476 else if(
top1.is_true())
1481 // When comparing signs we are comparing the top bit
1488#ifdef INCLUDE_REDUNDANT_CLAUSES
1493 // Determine the output
1494 // \forall i . cb[i] & -a[i] & b[i] => result
1495 // \forall i . cb[i] & a[i] & -b[i] => -result
1506 // Chain the comparison bit
1507 // \forall i != 0 . cb[i] & a[i] & b[i] => cb[i-1]
1508 // \forall i != 0 . cb[i] & -a[i] & -b[i] => cb[i-1]
1509 for(i = start; i > 0; i--)
1515# ifdef INCLUDE_REDUNDANT_CLAUSES
1516 // Optional zeroing of the comparison bit when not needed
1517 // \forall i != 0 . -c[i] => -c[i-1]
1518 // \forall i != 0 . c[i] & -a[i] & b[i] => -c[i-1]
1519 // \forall i != 0 . c[i] & a[i] & -b[i] => -c[i-1]
1520 for(i = start; i > 0; i--)
1528 // The 'base case' of the induction is the case when they are equal
1538 // Unsigned is much easier
1539 // 1 if a compare is needed below this bit
1542 size_t start =
bv0.size() - 1;
1544 // Determine the output
1545 // \forall i . cb[i] & -a[i] & b[i] => result
1546 // \forall i . cb[i] & a[i] & -b[i] => -result
1560 else if(
bv0[i] ==
bv1[i])
1580 // Chain the comparison bit
1581 // \forall i != 0 . cb[i] & a[i] & b[i] => cb[i-1]
1582 // \forall i != 0 . cb[i] & -a[i] & -b[i] => cb[i-1]
1583 for(i = start; i > 0; i--)
1589#ifdef INCLUDE_REDUNDANT_CLAUSES
1590 // Optional zeroing of the comparison bit when not needed
1591 // \forall i != 0 . -c[i] => -c[i-1]
1592 // \forall i != 0 . c[i] & -a[i] & b[i] => -c[i-1]
1593 // \forall i != 0 . c[i] & a[i] & -b[i] => -c[i-1]
1594 for(i = start; i > 0; i--)
1602 // The 'base case' of the induction is the case when they are equal
1614 // A <= B iff there is an overflow on A-B
1626 "representation has either value signed or unsigned");
1693 for(std::size_t i=0; i<
a.size(); i++)
1712 // check every odd bit
1713 for(std::size_t i=0; i<src.size(); i++)
1727 // get every even bit
1728 for(std::size_t i=0; i<src.size(); i++)
1745 // Determine the result width: log2(bv.size()) + 1
1749 // Start with the original bit vector
1752 // Apply the parallel bit counting algorithm from Hacker's Delight (pop0).
1753 // The algorithm works by summing adjacent bit groups of increasing sizes.
1755 // Iterate through the stages of the algorithm, doubling the field size each
1762 // Skip if the bit vector is smaller than the field size
1766 // Shift the bit vector
1769 // Create a mask with 'shift_amount' ones followed by 'shift_amount' zeros,
1772 mask.reserve(
x.size());
1773 for(std::size_t i = 0; i <
x.size(); i++)
1781 // Apply the mask to both the original and shifted bit vectors
1786 for(std::size_t i = 0; i <
x.size(); i++)
1792 // Add the masked vectors
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
static bvt inverted(const bvt &op)
literalt signed_less_than(const bvt &bv0, const bvt &bv1)
static bool is_constant(const bvt &bv)
std::pair< bvt, literalt > adder(const bvt &op0, const bvt &op1, literalt carry_in)
Return the sum and carry-out when adding op0 and op1 under initial carry carry_in.
bvt wallace_tree(const std::vector< bvt > &pps)
literalt is_not_zero(const bvt &op)
static bvt verilog_bv_normal_bits(const bvt &)
literalt is_int_min(const bvt &op)
static bvt extract_msb(const bvt &a, std::size_t n)
static mp_integer from_constant(const bvt &bv)
Returns the unsigned integer value of the constant bitvector bv.
void set_equal(const bvt &a, const bvt &b)
static literalt sign_bit(const bvt &op)
bvt multiplier_no_overflow(const bvt &op0, const bvt &op1, representationt rep)
bvt add_sub_no_overflow(const bvt &op0, const bvt &op1, bool subtract, representationt rep)
bvt add(const bvt &op0, const bvt &op1)
bvt absolute_value(const bvt &op)
bvt select(literalt s, const bvt &a, const bvt &b)
If s is true, selects a otherwise selects b.
static bvt build_constant(const mp_integer &i, std::size_t width)
void signed_divider(const bvt &op0, const bvt &op1, bvt &res, bvt &rem)
literalt is_zero(const bvt &op)
literalt equal(const bvt &op0, const bvt &op1)
Bit-blasting ID_equal and use in other encodings.
bvt popcount(const bvt &bv)
Symbolic implementation of popcount (count of 1 bits in a bit vector) Based on the pop0 algorithm fro...
bvt signed_multiplier(const bvt &op0, const bvt &op1)
literalt overflow_add(const bvt &op0, const bvt &op1, representationt rep)
literalt is_one(const bvt &op)
bvt cond_negate_no_overflow(const bvt &bv, const literalt cond)
literalt overflow_sub(const bvt &op0, const bvt &op1, representationt rep)
void cond_implies_equal(literalt cond, const bvt &a, const bvt &b)
literalt unsigned_less_than(const bvt &bv0, const bvt &bv1)
bvt signed_multiplier_no_overflow(const bvt &op0, const bvt &op1)
bvt incrementer(const bvt &op, literalt carry_in)
bvt add_sub(const bvt &op0, const bvt &op1, bool subtract)
static bvt shift(const bvt &op, const shiftt shift, std::size_t distance)
literalt lt_or_le(bool or_equal, const bvt &bv0, const bvt &bv1, representationt rep)
literalt overflow_negate(const bvt &op)
static bvt concatenate(const bvt &a, const bvt &b)
literalt full_adder(const literalt a, const literalt b, const literalt carry_in, literalt &carry_out)
bvt negate_no_overflow(const bvt &op)
static bvt extract(const bvt &a, std::size_t first, std::size_t last)
bvt unsigned_multiplier(const bvt &op0, const bvt &op1)
bvt divider(const bvt &op0, const bvt &op1, representationt rep)
void unsigned_divider(const bvt &op0, const bvt &op1, bvt &res, bvt &rem)
bvt multiplier(const bvt &op0, const bvt &op1, representationt rep)
bvt cond_negate(const bvt &bv, const literalt cond)
bvt dadda_tree(const std::vector< bvt > &pps)
literalt carry_out(const bvt &op0, const bvt &op1, literalt carry_in)
bvt negate(const bvt &op)
static bvt extension(const bvt &bv, std::size_t new_size, representationt rep)
static bvt extract_lsb(const bvt &a, std::size_t n)
literalt verilog_bv_has_x_or_z(const bvt &)
literalt carry(literalt a, literalt b, literalt c)
bvt unsigned_multiplier_no_overflow(const bvt &op0, const bvt &op1)
static bvt zeros(std::size_t new_size)
literalt rel(const bvt &bv0, irep_idt id, const bvt &bv1, representationt rep)
bvt adder_no_overflow(const bvt &op0, const bvt &op1, bool subtract, representationt rep)
bvt saturating_add_sub(const bvt &op0, const bvt &op1, bool subtract, representationt rep)
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
void l_set_to_true(literalt a)
virtual literalt land(literalt a, literalt b)=0
virtual literalt limplies(literalt a, literalt b)=0
virtual literalt lselect(literalt a, literalt b, literalt c)=0
virtual bool cnf_handled_well() const
virtual void l_set_to(literalt a, bool value)
virtual literalt lxor(literalt a, literalt b)=0
void lcnf(literalt l0, literalt l1)
virtual void set_equal(literalt a, literalt b)
asserts a==b in the propositional formula
virtual bvt new_variables(std::size_t width)
generates a bitvector of given width with new variables
virtual literalt new_variable()=0
virtual literalt lequal(literalt a, literalt b)=0
virtual literalt lor(literalt a, literalt b)=0
void l_set_to_false(literalt a)
virtual bool has_set_to() const
bool is_false(const literalt &l)
bool is_true(const literalt &l)
std::vector< literalt > bvt
literalt const_literal(bool value)
const mp_integer binary2integer(const std::string &n, bool is_signed)
convert binary string representation to mp_integer
const std::string integer2binary(const mp_integer &n, std::size_t width)
#define CHECK_RETURN(CONDITION)
#define UNREACHABLE
This should be used to mark dead code.
#define PRECONDITION(CONDITION)
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
#define POSTCONDITION(CONDITION)