p      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHI J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u vwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMN O P!Q!R!S"T"U"V"W"X"Y"Z"["\"]"^"_"`"a"b"c"d"e"f"g"h"i"j"k#l$m%n%o&p&q&r&s&t&u&v'w'x'y'z'{'|'}'~'''''(((((((((())))*+++,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,--------.../00000000000000001111111111111111111111 1 1 1 1 1111111111111111111 1!1"1#1$1%1&1'1(1)1*1+1,1-1.1/101112232425262728293:3;3<3=3>3?3@3A3B3C3D3E3F3G3H3I3J4K4L5M5N5O5P5Q5R5S5T5U5V5W5X6Y6Z6[6\6]6^6_6`6a6b6c6d7e7f7g7h7i7j7k7l7m7n7o7U8Safe$pqrstuvwxyz{|}~9None;:(c) Levent ErkokBSD3erkokl@gmail.com experimentalSafeA collection of timed stepd.Specify what is being timed.2Specify how to save timing information, if at all.&A more helpful show instance for steps 3Show the time difference in a user-friendly format."If selected, runs the computation mS, and prints the time it took to run it. The return type should be an instance of 0 to ensure the correct elapsed time is printed.     ;(c) Levent ErkokBSD3erkokl@gmail.com experimentalSafe CA variant of round; except defaulting to 0 when fed NaN or Infinity HA variant of toRational; except defaulting to 0 when fed NaN or Infinity The SMT-Lib (in particular Z3) implementation for min/max for floats does not agree with Haskell's; and also it does not agree with what the hardware does. Sigh.. See:  -https://ghc.haskell.org/trac/ghc/ticket/10378  (https://github.com/Z3Prover/z3/issues/68 So, we codify here what the Z3 (SMTLib) is implementing for fpMax. The discrepancy with Haskell is that the NaN propagation doesn't work in Haskell The discrepancy with x86 is that given +0/-0, x86 returns the second argument; SMTLib is non-deterministic  SMTLib compliant definition for fpMin. See the comments for fpMax..Convert double to float and back. Essentially fromRational . toRational, except careful on NaN, Infinities, and -0.kCompute the "floating-point" remainder function, the float/double value that remains from the division of x and yP. There are strict rules around 0's, Infinities, and NaN's as coded below, See  $http://smt-lib.org/papers/BTRW14.pdf", towards the end of section 4.c.BConvert a float to the nearest integral representable in that type|Check that two floats are the exact same values, i.e., +0/-0 does not compare equal, and NaN's compare equal to themselves.Check if a number is "normal." Note that +0/-0 is not considered a normal-number and also this is not simply the negation of isDenormalized!   <(c) Levent ErkokBSD3erkokl@gmail.com experimentalSafe Monadic lift over 2-tuplesMonadic lift over 3-tuplesMonadic lift over 4-tuplesMonadic lift over 5-tuplesMonadic lift over 6-tuplesMonadic lift over 7-tuplesMonadic lift over 8-tuplesGiven a sequence of arguments, join them together in a manner that could be used on the command line, giving preference to the Windows cmd shell quoting conventions.vFor an alternative version, intended for actual running the result in a shell, see "System.Process.showCommandForUser"CGiven a string, split into the available arguments. The inverse of #. Courtesy of the cmdargs package.   =(c) Levent ErkokBSD3erkokl@gmail.com experimentalSafeThe & class: a generalization of Haskell's  type Haskell  and SBV's SBoolG are instances of this class, unifying the treatment of boolean values.Minimal complete definition: , , $ However, it's advisable to define , and " as well (typically), for clarity. logical true logical false complementandornandnorxorimplies equivalencecast from BoolGeneralization of  Generalization of !Generalization of "Generalization of  !" !"  !"3232611>(c) Levent ErkokBSD3erkokl@gmail.com experimentalSafe#yNames reserved by SMTLib. This list is current as of Dec 6 2015; but of course there's no guarantee it'll stay that way.###?(c) Levent ErkokBSD3erkokl@gmail.com experimentalSafe9; A univariate polynomial, represented simply as a coefficient list. For instance, "5x^3 + 2x - 5" is represented as [(5, 3), (2, 1), (-5, 0)]$Algebraic reals. Note that the representation is left abstract. We represent rational results explicitly, while the roots-of-polynomials are represented implicitly by their defining equation2Check wheter a given argument is an exact rationalcConstruct a poly-root real with a given approximate value (either as a decimal, or polynomial-root)AStructural equality for AlgReal; used when constants are Map keysDStructural comparisons for AlgReal; used when constants are Map keys Render an $A as an SMTLib2 value. Only supports rationals for the time being. Render an $ as a Haskell value. Only supports rationals, since there is no corresponding standard Haskell type that can represent root-of-polynomial variety.cMerge the representation of two algebraic reals, one assumed to be in polynomial form, the other in decimal. Arguments can be the same kind, so long as they are both rationals and equivalent; if not there must be one that is precise. It's an error to pass anything else to this function! (Used in reconstructing SMT counter-example values with reals).2NB: Following the other types we have, we require `a/0` to be `0` for all a.$%& $%&$%&@(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone6T'A class for capturing values that have a sign and a size (finite or infinite) minimal complete definition: kindOf. This class can be automatically derived for data-types that have a Data< instance; this is useful for creating uninterpreted sorts.3Kind of symbolic value!Helper for Eq/Ord instances below+Does this kind represent a signed quantity?Construct an uninterpreted/enumerated kind from a piece of data; we distinguish simple enumerations as those are mapped to proper SMT-Lib2 data-types; while others go completely uninterpreted(We want to order user-sorts only by name)We want to equate user-sorts only by name*'()*+,-./0123456789:     '.()*+,-/0123456789:' ()*+,-./012(3456789:     A(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone!;YA simple expression type over extendent values, covering infinity, epsilon and intervals.BvA generalized CW allows for expressions involving infinite and epsilon values/intervals Used in optimization problems.EEW represents a concrete word of a fixed size: Endianness is mostly irrelevant (see the FromBitsT class). For signed words, the most significant digit is considered to be the sign.IA constant valueJalgebraic realKbit-vector/unbounded integerLfloatMdoubleNXvalue of an uninterpreted/user kind. The Maybe Int shows index position for enumerations*Show an extended CW, with kind if requiredOIs this a regular CW?PAre two CW's of the same type?QDConvert a CW to a Haskell boolean (NB. Assumes input is well-kinded)R5Normalize a CW. Essentially performs modular arithmetic to make sure the value can fit in the given bit-size. Note that this is rather tricky for negative values, due to asymmetry. (i.e., an 8-bit negative number represents values in the range -128 to 127; thus we have to be careful on the negative side.)SBConstant False as a CW. We represent it using the integer value 0.TAConstant True as a CW. We represent it using the integer value 1."Lift a unary function through a CWU#Lift a binary function through a CWV"Map a unary function through a CW.W#Map a binary function through a CW.)Show a CW, with kind info if bool is True;A version of show for kinds that says Bool instead of SBoolX(Create a constant word from an integral."Generate a random constant value (I) of the correct kind."Generate a random constant value (E) of the correct kind.Show instance for Generalized EShow instance for E.3 instance for generalized CW3 instance for CW"Show instance, shows with the kindKind instance for Extended CW-Ord instance for CWVal. Same comments as the % instance why this cannot be derived. Eq instance for CWVal. Note that we cannot simply derive Eq/Ord, since CWAlgReal doesn't have proper instances for these when values are infinitely precise reals. However, we do need a structural eq/ord for Map indexes; so define custom ones here:,;<=>?@ABCDEFGHIJKLMNOPQRSTUVWX $;<=>?@ABCDEFGHIJKLMNOPQRSTUVWX;<=>?@ABCDEFGHIJKLMNOPQRSTUVWX B(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone #029;<=IQRTY An SMT solver[The solver in use\The path to its executable] Options to provide to the solver^=The solver engine, responsible for interpreting solver output_"Various capabilities of the solver`Solvers that SBV is aware of! An SMT engineg%A script, to be passed to the solver.i Initial feedj2Optional continuation script, if the result is satkGThe result of an SMT solver call. Each constructor is tagged with the v that created it so that further tools can inspect it and build layers of results, if needed. For ordinary uses of the library, this type should not be needed, instead use the accessor functions on it. (Custom Show instances and model extractors.)l UnsatisfiablemSatisfiable with modelnNProver returned a model, but in an extension field containing Infinite/epsilono@Prover returned unknown, with a potential (possibly bogus) modelpProver errored outqComputation timed out (see the timeout combinator)r A model, as returned by a solvert/Mapping of symbolic values to objective values.u(Mapping of symbolic values to constants.vSolver configuration. See also z3, yices, cvc4,  boolector, mathSAT, etc. which are instantiations of this type for those solvers, with reasonable defaults. In particular, custom configuration can be created by varying those values. (Such as z3{verbose=True}.)Most fields are self explanatory. The notion of precision for printing algebraic reals stems from the fact that such values does not necessarily have finite decimal representations, and hence we have to stop printing at some depth. It is important to emphasize that such values always have infinite precision internally. The issue is merely with how we print such an infinite precision value on the screen. The field } controls the printing precision, by specifying the number of digits after the decimal point. The default value is 16, but it can be set to any positive integer.'When printing, SBV will add the suffix ... at the and of a real-value, if the given bound is not sufficient to represent the real-value exactly. Otherwise, the number will be written out in standard decimal notation. Note that SBV will always print the whole value if it is precise (i.e., if it fits in a finite number of digits), regardless of the precision limit. The limit only applies if the representation of the real value is not finite, i.e., if it is not rational.The | field can be used to print numbers in base 2, 10, or 16. If base 2 or 16 is used, then floating-point values will be printed in their internal memory-layout format as well, which can come in handy for bit-precise analysis.x Debug modeyXPrint timing information on how long different phases took (construction, solving, etc.)z5How much time to give to the solver for each call of sBranch( check. (In seconds. Default: No limit.){EHow much time to give to the solver. (In seconds. Default: No limit.)|CPrint integral literals in this base (2, 10, and 16 are supported.)}EPrint algebraic real values with this precision. (SReal, default: 16)~AAdditional lines of script to give to the solver (user specified)6Additional commands to pass before check-sat is issuedUUsually "(check-sat)". However, users might tweak it based on solver characteristics.When constructing a model, ignore variables whose name satisfy this predicate. (Default: (const False), i.e., don't ignore anything)ZIf Just, the generated SMT script will be put in this file (for debugging purposes mostly)+What version of SMT-lib we use for the toolThe actual SMT solver.3Rounding mode to use for floating-point conversions^If Nothing, pick automatically. Otherwise, either use the given one, or use the custom string.aRounding mode to be used for the IEEE floating-point operations. Note that Haskell's default is v. If you use a different rounding mode, then the counter-examples you get may not match what you observe in Haskell.yRound to nearest representable floating point value. If precisely at half-way, pick the even number. (In this context, even% means the lowest-order bit is zero.)Round to nearest representable floating point value. If precisely at half-way, pick the number further away from 0. (That is, for positive values, pick the greater; for negative values, pick the smaller.)HRound towards positive infinity. (Also known as rounding-up or ceiling.)HRound towards negative infinity. (Also known as rounding-down or floor.)/Round towards zero. (Also known as truncation.)KTranslation tricks needed for specific capabilities afforded by each solverName of the solveroset-logic string to use in case not automatically determined (if any). If Bool is True, then reals are present.+Does the solver understand SMT-Lib2 macros?8Does the solver understand produce-models option setting6Does the solver understand SMT-Lib2 style quantifiers?=Does the solver understand SMT-Lib2 style uninterpreted-sorts+Does the solver support unbounded integers?Does the solver support reals?@Does the solver support single-precision floating point numbers?@Does the solver support double-precision floating point numbers?.Does the solver support optimization routines?Chosen logic for the solver0Use one of the logics as defined by the standardUse this name for the logicSMT-Lib logics. If left unspecified SBV will pick the logic based on what it determines is needed. However, the user can override this choice using the  parameter to the configuration. This is especially handy if one is experimenting with custom logics that might be supported on new solvers. See  'http://smtlib.cs.uiowa.edu/logics.shtml for the official list.Formulas over the theory of linear integer arithmetic and arrays extended with free sort and function symbols but restricted to arrays with integer indices and values.yLinear formulas with free sort and function symbols over one- and two-dimentional arrays of integer index and real value.tFormulas with free function and predicate symbols over a theory of arrays of arrays of integer index and real value.*Linear formulas in linear real arithmetic.LQuantifier-free formulas over the theory of bitvectors and bitvector arrays.yQuantifier-free formulas over the theory of bitvectors and bitvector arrays extended with free sort and function symbols.oQuantifier-free linear formulas over the theory of integer arrays extended with free sort and function symbols.GQuantifier-free formulas over the theory of arrays with extensionality.BQuantifier-free formulas over the theory of fixed-size bitvectors.Difference Logic over the integers. Boolean combinations of inequations of the form x - y < b where x and y are integer variables and b is an integer constant.Unquantified linear integer arithmetic. In essence, Boolean combinations of inequations between linear polynomials over integer variables.Unquantified linear real arithmetic. In essence, Boolean combinations of inequations between linear polynomials over real variables.#Quantifier-free integer arithmetic. Quantifier-free real arithmetic.Difference Logic over the reals. In essence, Boolean combinations of inequations of the form x - y < b where x and y are real variables and b is a rational constant.eUnquantified formulas built over a signature of uninterpreted (i.e., free) sort and function symbols.SUnquantified formulas over bitvectors with uninterpreted sort function and symbols.aDifference Logic over the integers (in essence) but with uninterpreted sort and function symbols.TUnquantified linear integer arithmetic with uninterpreted sort and function symbols.QUnquantified linear real arithmetic with uninterpreted sort and function symbols.UUnquantified non-linear real arithmetic with uninterpreted sort and function symbols.]Unquantified non-linear real integer arithmetic with uninterpreted sort and function symbols.DLinear real arithmetic with uninterpreted sort and function symbols.KNon-linear integer arithmetic with uninterpreted sort and function symbols.\Quantifier-free formulas over the theory of floating point numbers, arrays, and bit-vectors.CQuantifier-free formulas over the theory of floating point numbers.URepresentation of an SMT-Lib program. In between pre and post goes the refuted modelsRepresentation of SMTLib Program versions. As of June 2015, we're dropping support for SMTLib1, and supporting SMTLib2 only. We keep this data-type around in case SMTLib3 comes along and we want to support 2 and 3 simultaneously."%An array index is simple an int valueWe implement a peculiar caching mechanism, applicable to the use case in implementation of SBV's. Whenever we do a state based computation, we do not want to keep on evaluating it in the then-current state. That will produce essentially a semantically equivalent value. Thus, we want to run it only once, and reuse that result, capturing the sharing at the Haskell level. This is similar to the "type-safe observable sharing" work, but also takes into the account of how symbolic simulation executes.^See Andy Gill's type-safe obervable sharing trick for the inspiration behind this technique: 9http://ittc.ku.edu/~andygill/paper.php?label=DSLExtract09/Note that this is *not* a general memo utility!+Arrays implemented in terms of SMT-arrays: 2http://smtlib.cs.uiowa.edu/theories-ArraysEx.shtmlMaps directly to SMT-lib arraysIReading from an unintialized value is OK and yields an unspecified result&Can check for equality of these arrays"Cannot quick-check theorems using SArr valuesITypically slower as it heavily relies on SMT-solving for the array theoryA Symbolic computation. Represented by a reader monad carrying the state of the computation, layered on top of IO for creating unique references to hold onto intermediate results.The Symbolic value. Either a constant (Left) or a symbolic value ( Right CachedH). Note that caching is essential for making sure sharing is preserved.%The state of the symbolic interpreter# kind KBool3Different means of running a symbolic piece of codeFully Symbolic, proof mode.Code generation mode.TConcrete simulation mode. The StdGen is for the pConstrain acceptance in cross runs.$#Cached values, implementing sharing%?Code-segments for Uninterpreted-constants, as given by the user&7Uninterpreted-constants generated during a symbolic run'&Arrays generated during a symbolic run"Representation for symbolic arrays(&Tables generated during a symbolic run)OKinds used in the program; used for determining the final SMT-Lib logic to pick*\Constants are stored in a map, for hash-consing. The bool is needed to tell -0 from +0, sigh+%Expression map, used for hash-consing*The context of a symbolic array as created5A new array, with potential initializer for each cellKAn array created from another array by fixing each element to another value:An array created by mutating another array at a given cell9An array created by symbolically merging two other arrays(Result of running a symbolic computationkinds used in the program0quick-check counter-example information (if any)uninterpeted code segmentsinputs (possibly existential) constantsJtables (automatically constructed) (tableno, index-type, result-type) eltsarrays (user specified)uninterpreted constantsaxioms assignments additional constraints (boolean)User given tactics!User specified optimization goals assertionsoutputs Solver tacticKCase-split, with implicit coverage. Bool says whether we should be verbose.?Should the case-splits be checked for vacuity? (Default: True.)3Run case-splits in parallel. (Default: Sequential.)>Should "constraints" be checked for vacuity? (Default: False.)%Time-out given to solver, in seconds.9Invoke with check-sat-using command, instead of check-sat1Use this logic, a custom one can be specified too!Use this solver (z3, yices, etc.);Use this style for optimize calls. (Default: Lexicographic)uObjective of optimization. We can minimize, maximize, or give a soft assertion with a penalty for not satisfying it.Minimize this metricMaximize this metric,A soft assertion, with an associated penalty5Penalty for a soft-assertion. The default penalty is 1, with all soft-assertions belonging to the same objective goal. A positive weight and an optional group can be provided by using the  constructor.Default: Penalty of 1 and no group attached+Penalty with a weight and an optional groupStyle of optimizationjObjectives are optimized in the order given, earlier objectives have higher priority. This is the default.*Each objective is optimized independently.}Objectives are optimized according to pareto front: That is, no objective can be made better without making some other worse.B pairs symbolic words and user given/automatically generated names&A program is a sequence of assignmentsA symbolic expressionA simple type for SBV computations, used mainly for uninterpreted constants. We keep track of the signedness/size of the arguments. A non-function will have just one entry in the list.FQuantifiers: forall or exists. Note that we allow arbitrary nestings.Floating point operationsSymbolic operations43A symbolic word, tracking it's signedness and size.6A symbolic node id,Kind of a symbolic word.8Forcing an argument; this is a necessary evil to make sure all the arguments to an uninterpreted function and sBranch test conditions are evaluated before called; the semantics of uinterpreted functions is necessarily strict; deviating from Haskell's9FConstant False as an SW. Note that this value always occupies slot -2.:EConstant True as an SW. Note that this value always occupies slot -1.;&Are there any existential quantifiers?-`To improve hash-consing, take advantage of commutative operators by reordering their arguments..The name of the objective<"Is there a parallel-case anywhere?/CIs this a concrete run? (i.e., quick-check or test-generation like)=.Is this a CodeGen run? (i.e., generating code)0Get the current path condition14Extend the path condition with the given test value.>Are we running in proof mode??=If in proof mode, get the underlying configuration (used for sBranch)2Increment the variable counter3>Generate a random value, for quick-check and test-gen purposes@@Create a new uninterpreted symbol, possibly with user given code4"Add a new sAssert based constraintACreate an internal variable, which acts as an input but isn't visible to the user. Such variables are existentially quantified in a SAT context, and universally quantified in a proof context.5Create a new SW6ARegister a new kind with the system, used for uninterpreted sorts7ACreate a new constant; hash-cons as necessary NB. For each constant, we also store weather it's negative-0 or not, as otherwise +0 == -0 and thus we'd confuse those entries. That's a bummer as we incur an extra boolean for this rare case, but it's simple and hopefully we don't generate a ton of constants in general.B*Create a new table; hash-cons as necessaryC/Create a new expression; hash-cons as necessary8+Convert a symbolic value to a symbolic-word9<Convert a symbolic value to an SW, inside the Symbolic monadDCreate a symbolic value, based on the quantifier we have. If an explicit quantifier is given, we just use that. If not, then we pick existential for SAT calls and universal for everything else. randomCWG is used for generating random values for this variable when used for  quickCheck purposes.:\Create a properly quantified variable of a user defined sort. Only valid in proof contexts.;.Introduce a new user name. We die if repeated.EAdd a user specified axiom to the generated SMT-Lib file. The first argument is a mere string, use for commenting purposes. The second argument is intended to hold the multiple-lines of the axiom text as expressed in SMT-Lib notation. Note that we perform no checks on the axiom itself, to see whether it's actually well-formed or is sensical by any means. A separate formalization of SMT-Lib would be very useful here.F6Run a symbolic computation in Proof mode and return a C. The boolean argument indicates if this is a sat instance or not.GHRun a symbolic computation, and return a extra value paired up with the HGrab the program from a running symbolic simulation state. This is useful for internal purposes, for instance when implementing sBranch.<Handling constraintsIURequire a boolean condition to be true in the state. Only used for internal purposes.= Add a tactic>Add an optimization goal?)Add a constraint with a given probabilityJMark an interim result as an output. Useful when constructing Symbolic programs that return multiple values, or when the result is programmatically computed.KRead the array element at aL1Reset all the elements of the array to the value bMUpdate the element at a to be bN?Merge two given arrays on the symbolic condition Intuitively: ,mergeArrays cond a b = if cond then a else b=. Merging pushes the if-then-else choice down on to elementsO8Create a named new array, with an optional initial valuePCompare two arrays for equalityQCache a state-based computationR'Uncache a previously cached computationS!Uncache, retrieving array indexes@SGeneric uncaching. Note that this is entirely safe, since we do it in the IO monad.T)The extension associated with the versionA kindBNFData instance for LogicCNFData instance for SMTLibLogicDqEquality constraint on SBV values. Not desirable since we can't really compare two symbolic values, but will do.EShow instance for ". Not particularly "desirable", but will do if needed NB. We do not show the type info on constant KBool values, since there's no implicit "fromBoolean" applied to Booleans in Haskell; and thus a statement of the form "True :: SBool" is just meaningless. (There should be a fromBoolean!)FShow instance for . Only for debugging purposes.GShow instance for %. Again, only for debugging purposes.HShow instance for Y. Note that this is largely for debugging purposes, not used for being read by any tool.INote that the show instance maps to the SMTLib names. We need to make sure this mapping stays correct through SMTLib changes. The only exception is FP_Cast; where we handle different source/origins explicitly later on.]YZ[\]^_`abcdef!current configurationis sat?+if optimizing, the style and #of objectivesquantified inputs skolem mapprogramghijklmnopqrstuvwxyz{|}~"JKLMN#OPQRSTUVWXYZ[\]^_`ab$%&'()*+      !"#$%&'()*+,-./01234567,89:;-.</=01>?23@4A567BC89D:;EFGH<I=>?JKLMNOPQRS@TcdeABfCghijklmnopqrstuvwxDEyzF{|}~GHI YZ\[]^_`cdebaf!ghijklmnopqrstuvwxyz{|}~"K     &#$+21 !"%'()*,-./034567,89:;.<=01>?@4ABC89D:EFGHI=>?JKLMNOPQRSTYZ[\]^_`abcdef!ghijklmnopqrstuvwxyz{|}~ "JKLMN#OPQRSTUVWXYZ[\]^_`ab$%&'()*+       !"#$%&'()*+,-./01234567,89:;-.</=01>?23@4A567BC89D:;EFGH<I=>?JKLMNOPQRS@TcdeABfCghijklmnopqrstuvwxDEyzF{|}~GHIC(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone #69;<=QRTUUISymbolically executable program fragments. This class is mainly used for safet calls, and is sufficently populated internally to cover most use cases. Users can extend it as they wish to allow safeF checks for SBV programs that return/take types that are user-defined.X7Internal representation of a symbolic simulation resultZinputs[ skolem-map\ kinds used] assertions^tactics to use_optimization goals, if any`7SMTLib representation, given the config and case-splitsaA case condition (internal)b No case-splitcIn a case-pathd"For checking the vacuity of a caseeRIn a case-path end, coverage (first arg is path cond, second arg is coverage cond)f)In a constraint vacuity check (top-level)gIn an optimization callh*Arrays implemented internally as functions;Internally handled by the library and not mapped to SMT-LibLReading an uninitialized value is considered an error (will throw exception)?Cannot check for equality (internally represented as functions)Can quick-check<Typically faster as it gets compiled away during translationj+Arrays implemented in terms of SMT-arrays: 2http://smtlib.cs.uiowa.edu/theories-ArraysEx.shtmlMaps directly to SMT-lib arraysIReading from an unintialized value is OK and yields an unspecified result&Can check for equality of these arrays"Cannot quick-check theorems using SArray valuesITypically slower as it heavily relies on SMT-solving for the array theorym#Flat arrays of symbolic values An  array a b! is an array indexed by the type  a, with elements of type  b) If an initial value is not provided in n and o methods, then the elements are left unspecified, i.e., the solver is free to choose any value. This is the right thing to do if arrays are used as inputs to functions to be verified, typically. >While it's certainly possible for user to create instances of m, the j and h instances already provided should cover most use cases in practice. (There are some differences between these models, however, see the corresponding declaration.)CMinimal complete definition: All methods are required, no defaults.n2Create a new array, with an optional initial valueo8Create a named new array, with an optional initial valuepRead the array element at aq1Reset all the elements of the array to the value brUpdate the element at a to be bs?Merge two given arrays on the symbolic condition Intuitively: ,mergeArrays cond a b = if cond then a else b=. Merging pushes the if-then-else choice down on to elementstA t is a potential symbolic bitvector that can be created instances of to be fed to a symbolic program. Note that these methods are typically not needed in casual uses with prove, sat, allSatE etc, as default instances automatically provide the necessary bits.u%Create a user named input (universal)v#Create an automatically named inputwGet a bunch of new wordsxCreate an existential variabley2Create an automatically named existential variablezCreate a bunch of existentials{@Create a free variable, universal in a proof, existential in sat|GCreate an unnamed free variable, universal in proof, existential in sat}Create a bunch of free vars~,Similar to free; Just a more convenient nameISimilar to mkFreeVars; but automatically gives names based on the strings#Turn a literal constant to symbolic+Extract a literal, if the value is concrete+Extract a literal, from a CW representationIs the symbolic word concrete?%Is the symbolic word really symbolic?/Does it concretely satisfy the given predicate?One stop allocatorFA class representing what can be returned from a symbolic computation.Mark an interim result as an output. Useful when constructing Symbolic programs that return multiple values, or when the result is programmatically computed.The symbolic variant of 0IEEE-754 double-precision floating point numbers0IEEE-754 single-precision floating point numbers0Infinite precision symbolic algebraic real value(Infinite precision signed symbolic value;64-bit signed symbolic value, 2's complement representation;32-bit signed symbolic value, 2's complement representation;16-bit signed symbolic value, 2's complement representation:8-bit signed symbolic value, 2's complement representation64-bit unsigned symbolic value32-bit unsigned symbolic value16-bit unsigned symbolic value8-bit unsigned symbolic valueA symbolic boolean/bitThe Symbolic value. The parameter aV is phantom, but is extremely important in keeping the user interface strongly typed.Get the current path condition4Extend the path condition with the given test value.Not-A-Number for  and X. Surprisingly, Haskell Prelude doesn't have this value defined, so we provide it here. Infinity for  and X. Surprisingly, Haskell Prelude doesn't have this value defined, so we provide it here.@Symbolic variant of Not-A-Number. This value will inhabit both  and .<Symbolic variant of infinity. This value will inhabit both  and .Symbolic variant of Symbolic variant of Symbolic variant of RoundNearestPositiveSymbolic variant of Symbolic variant of  Alias for  Alias for  Alias for  Alias for  Alias for +Convert a symbolic value to a symbolic-wordCreate a symbolic variable.<Convert a symbolic value to an SW, inside the Symbolic monad<Declare a new symbolic array, with a potential initial valueDeclare a new functional symbolic array, with a potential initial value. Note that a read from an uninitialized cell will result in an error.ZLift a function to an array. Useful for creating arrays in a pure context. (Otherwise use o.)*Add a constraint with a given probability. can be used symbolicallyUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~#$%&'.()*+,-/0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[]^_`cdebafghijklmnopqrstuvwxyz{|}~     &#$+21 !"%'()*,-./03456789:;<=>?@ABCEFGHIQRSTUVWXY^Z[\]_`agbcdefhijklmonprqst{uvxywz|}~TUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneGeneralized version of , allowing the user to specify the warm-up count and the convergence factor. Maximum iteration count can also be specified, at which point convergence won't be sought. The boolean controls verbosity.Given a symbolic computation that produces a value, compute the expected value that value would take if this computation is run with its free variables drawn from uniform distributions of its respective values, satisfying the given constraints specified by  constrain and  pConstrain' calls. This is equivalent to calling < the following parameters: verbose, warm-up round count of 10000;, no maximum iteration count, and with convergence margin 0.0001.D(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneH Boolean True.Boolean False.Convert from a Boolean.Convert from an Integer.Convert from a FloatConvert from a FloatConvert from a Rational<Extract a bool, by properly interpreting the integer stored.)Extract an integer from a concrete value.,Grab the numerator of an SReal, if available.Grab the denominator of an SReal, if availableConstructing [x, y, .. z] and [x .. y]. Only works when all arguments are concrete and integral and the result is guaranteed finite Note that the it isn't "obviously" clear why the following works; after all we're doing the construction over Integer's and mapping it back to other types such as SIntN/SWordN. The reason is that the values we receive are guaranteed to be in their domains; and thus the lifting to Integers preserves the bounds; and then going back is just fine. So, things like [1, 5 .. 200] :: [SInt8]< work just fine (end evaluate to empty list), since we see  [1, 5 .. -56] in the Integer* domain. Also note the explicit check for s /= fC below to make sure we don't stutter and produce an infinite list. Addition.Multiplication. Subtraction. Unary minus.Absolute value. Division.Exponentiation.<Bit-blast: Little-endian. Assumes the input is a bit-vector.Set a given bit at index9Bit-blast: Big-endian. Assumes the input is a bit-vector.nUn-bit-blast from big-endian representation to a word of the right size. The input is assumed to be unsigned.qUn-bit-blast from little-endian representation to a word of the right size. The input is assumed to be unsigned.Add a constant value: Increment: Decrement:Quotient: Overloaded operation whose meaning depends on the kind at which it is used: For unbounded integers, it corresponds to the SMT-Lib "div" operator ( Euclidean division, which always has a non-negative remainder). For unsigned bitvectors, it is "bvudiv"; and for signed bitvectors it is "bvsdiv", which rounds toward zero. All operations have unspecified semantics in case y = 0.FRemainder: Overloaded operation whose meaning depends on the kind at which it is used: For unbounded integers, it corresponds to the SMT-Lib "mod" operator (always non-negative). For unsigned bitvectors, it is "bvurem"; and for signed bitvectors it is "bvsrem", which rounds toward zero (sign of remainder matches that of x6). All operations have unspecified semantics in case y = 0.DOptimize away x == true and x /= false to x; otherwise just do eqOpt Equality. Inequality. Less than. Greater than.Less than or equal to.Greater than or equal to. Bitwise and. Bitwise or. Bitwise xor.Bitwise complement.QShift left by a constant amount. Translates to the "bvshl" operation in SMT-Lib.Shift right by a constant amount. Translates to either "bvlshr" (logical shift right) or "bvashr" (arithmetic shift right) in SMT-Lib, depending on whether x is a signed bitvector.Rotate-left, by a constantRotate-right, by a constantuGeneric rotation. Since the underlying representation is just Integers, rotations has to be careful on the bit-size.Extract bit-sequences. Join two words, by concatanetingUninterpreted constants and functions. An uninterpreted constant is a value that is indexed by its name. The only property the prover assumes about these values are that they are equivalent to themselves; i.e., (for functions) they return the same results when applied to same arguments. We support uninterpreted-functions as a general means of black-box'ing operations that are  irrelevantx for the purposes of the proof; i.e., when the proofs can be performed without any knowledge about the function itself.+If-then-else. This one will force branches.YLazy If-then-else. This one will delay forcing the branches unless it's really necessary.#Merge two symbolic values, at kind k , possibly forceH'ing the branches to make sure they do not evaluate to the same result.Total indexing operation. svSelect xs default index is intuitively the same as  xs !! index, except it evaluates to default if index) overflows. Translates to SMT-Lib tables.5Convert a symbolic bitvector from unsigned to signed.5Convert a symbolic bitvector from signed to unsigned.?Convert a symbolic bitvector from one integral kind to another.BConvert an SVal from kind Bool to an unsigned bitvector of size 1.MConvert an SVal from a bitvector of size 1 (signed or unsigned) to kind Bool.Test the value of a bit. Note that we do an extract here as opposed to masking and checking against zero, as we found extraction to be much faster with large bit-vectors.Generalization of W, where the shift-amount is symbolic. The first argument should be a bounded quantity.Generalization of W, where the shift-amount is symbolic. The first argument should be a bounded quantity.XNB. If the shiftee is signed, then this is an arithmetic shift; otherwise it's logical.Generalization of Z, where the rotation amount is symbolic. The first argument should be a bounded quantity.Generalization of Z, where the rotation amount is symbolic. The first argument should be a bounded quantity.-eqOpt says the references are to the same SW, thus we can optimize. Note that we explicitly disallow KFloat/KDouble here. Why? Because it's *NOT* true that NaN == NaN, NaN >= NaN, and so-forth. So, we have to make sure we don't optimize floats and doubles, in case the argument turns out to be NaN.:Predicate for optimizing word operations like (+) and (*).:Predicate for optimizing word operations like (+) and (*).,Predicate for optimizing bitwise operations.%Predicate for optimizing comparisons.%Predicate for optimizing comparisons.&Predicate for optimizing conditionals.jMost operations on concrete rationals require a compatibility check to avoid faulting on algebraic reals.;Quot/Rem operations require a nonzero check on the divisor.'Same as rationalCheck, except for SBV'sZ<ZE(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneNADT S-Expression format, suitable for representing get-model output of SMT-LibGParse a string into an SExpr, potentially failing with an error messageMParses the Z3 floating point formatted numbers like so: 1.321p5/1.2123e9 etc.,Convert an (s, e, m) triple to a float value,Convert an (s, e, m) triple to a float value\Special constants of SMTLib2 and their internal translation. Mainly rounding modes for now.  F(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone9TiPrettyNum class captures printing of numbers in hex and binary formats; also supporting negative numbers.Minimal complete definition:  and ,Show a number in hexadecimal (starting with 0x and type.)'Show a number in binary (starting with 0b and type.)/Show a number in hex, without prefix, or types./Show a number in bin, without prefix, or types.Show as a hexadecimal value. First bool controls whether type info is printed while the second boolean controls wether 0x prefix is printed. The tuple is the signedness and the bit-length of the input. The length of the string will not0 depend on the value, but rather the bit-length.Show as a hexadecimal value, integer version. Almost the same as shex above except we don't have a bit-length so the length of the string will depend on the actual value. Similar to ; except in binary. Similar to ; except in binary.UPad a string to a given length. If the string is longer, then we don't drop anything.Binary printer Hex printerVA more convenient interface for reading binary numbers, also supports negative numbersvA version of show for floats that generates correct C literals for nan/infinite. NB. Requires "math.h" to be included.wA version of show for doubles that generates correct C literals for nan/infinite. NB. Requires "math.h" to be included.UA version of show for floats that generates correct Haskell literals for nan/infiniteVA version of show for doubles that generates correct Haskell literals for nan/infinite[A version of show for floats that generates correct SMTLib literals using the rounding mode\A version of show for doubles that generates correct SMTLib literals using the rounding mode Show a rational in SMTLib format;Convert a rounding mode to the format SMT-Lib2 understands.*Convert a CW to an SMTLib2 compliant valueCreate a skolem 0 for the kind#G(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneAdd constraints to generate new\ models. This function is used to query the SMT-solver, while disallowing a previous model.*Translate a problem into an SMTLib2 script kinds usedis this a sat problem?extra comments to place on topinputsskolemized version inputs constantsauto-generated tablesuser specified arrays!uninterpreted functions/constants user given axioms  assignments extra constraints output variable  configurationcase analysis data  H(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone  yAn instance of SMT-Lib converter; instantiated for SMT-Lib v1 and v2. (And potentially for newer versions in the future.) Convert to SMTLib-2 format IAdd constraints generated from older models, used for querying new models BInterpret solver output based on SMT-Lib standard output responsesDDo we have a regular sat-model, or something in the extension field?Interpret solver output based on SMT-Lib standard output responses, in the case we're expecting multiple objective model valuesInterpret solver output based on SMT-Lib pareto-output mode. Unfortunately this is likely to be very Z3 specific, and quite dissimilar to other modes. (A "request" has been filed so we don't have to do this:  *https://github.com/Z3Prover/z3/issues/1008I.) In the mean time we try to interpret the Z3 output as well as we can.,Get a counter-example from an SMT-Lib2 like model output line This routing is necessarily fragile as SMT solvers tend to print output in whatever form they deem convenient for them.. Currently, it's tuned to work with Z3 and CVC4; if new solvers are added, we might need to rework the logic here.'Turn an sexpr to a binding in our modelCSimilar to reading model-lines but designed for reading objectives.  Kinds used in the problemis this a sat problem?extra comments to place on topinputs and aliasing namesskolemized inputs constantsauto-generated tablesuser specified arrays!uninterpreted functions/constants user given axioms  assignments extra constraints output variable  configuration case analysis             I(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone6TG6Various SMT results that we can extract models out of.Is there a model?Extract a model, the result is a tuple where the first argument (if True) indicates whether the model was "probable". (i.e., if the solver returned unknown.)Extract a model dictionary. Extract a dictionary mapping the variables to their respective values as returned by the SMT solver. Also see .4Extract a model value for a given element. Also see .Extract a representative name for the model value of an uninterpreted kind. This is supposed to correspond to the value as computed internally by the SMT solver; and is unportable from solver to solver. Also see .A simpler variant of % to get a model out without the fuss.;Extract model objective values, for all optimization goals.!Extract the value of an objective Instances of  can be automatically extracted from models returned by the solvers. The idea is that the sbv infrastructure provides a stream of CW'9s (constant-words) coming from the solver, and the type a is interpreted based on these constants. Many typical instances are already provided, so new instances can be declared with relative ease.Minimum complete definition: EGiven a sequence of constant-words, extract one instance of the type a{, returning the remaining elements untouched. If the next element is not what's expected for this type you should return 2Given a parsed model instance, transform it using fh, and return the result. The default definition for this method should be sufficient in most use cases.An optimize call results in a A safe call results in a An allSat call results in a N. The boolean says whether we should warn the user about prefix-existentials. A sat call results in a  # The reason for having a separate   is to have a more meaningful  instance. A prove call results in a  -Extract the final configuration from a result 1Parse a signed/sized value from a sequence of CWsReturn all the models from an allSat call, similar to 3 but is suitable for the case of multiple results.2Get dictionaries from an all-sat call. Similar to .=Extract value of a variable from an all-sat call. Similar to .LExtract value of an uninterpreted variable from an all-sat call. Similar to .@Extract a model out, will throw error if parsing is unsuccessful Given an allSatT call, we typically want to iterate over it and print the results in sequence. The ) function automates this task by calling disp+ on each result, consecutively. The first  argument to disp 'is the current model number. The second argument is a tuple, where the first element indicates whether the model is alleged (i.e., if the solver is not sure, returing Unknown)"Show an SMTResult; generic versionShow a model in human readable form. Ignore bindings to those variables that start with "__internal_sbv_" and also those marked as "nonModelVar" in the config; as these are only for internal purposes:Show bindings in a generalized model dictionary, tabulated1Show a constant value, in the user-specified baseCPrint uninterpreted function values from models. Very, very crude..@Print uninterpreted array values from models. Very, very crude..-Helper function to spin off to an SMT solver. AThe standard-model that most SMT solvers should happily work with!xSome solvers (Z3) require multiple calls for certain value extractions; as in multi-precision reals. Deal with that here"ZA standard post-processor: Reading the lines of solver output and turning it into a model:#UA standard engine interface. Most solvers follow-suit here in how we "chat" to them..$}A standard solver interface. If the solver is SMT-Lib compliant, then this function should suffice in communicating with it.%6Wrap the solver call to protect against any exceptions& A variant of readProcessWithExitCodeU; except it knows about continuation strings and can speak SMT-Lib2 (just a little).'In case the SMT-Lib solver returns a response over multiple lines, compress them so we have each S-Expression spanning only a single line. We'll ignore things like parentheses inside quotes etc., as it should not be an issue(k as a generic model provider)  as a generic model provider*  as a generic model provider+7-Tuples extracted from a model,6-Tuples extracted from a model-5-Tuples extracted from a model.4-Tuples extracted from a model/3-Tuples extracted from a model0Tuples extracted from a model1A list of values as extracted from a model. When reading a list, we go as long as we can (maximal-munch). Note that this never fails, as we can always return the empty list!2FA rounding mode, extracted from a model. (Default definition suffices)3E. as extracted from a model; trivial definition4 as extracted from a model5 as extracted from a model6$ as extracted from a model78 as extracted from a model9: as extracted from a model;< as extracted from a model=> as extracted from a model?@ as extracted from a modelAB as extracted from a modelCD as extracted from a modelEF as extracted from a modelGH as extracted from a modelI as extracted from a modelJBase case for = at unit type. Comes in handy if there are no real variables.K&Show instance for optimization resultsLThe Show instance of AllSatResults. Note that we have to be careful in being lazy enough as the typical use case is to pull results out as they become available.M,User friendly way of printing safety resultsN3User friendly way of printing satisfiablity resultsO-User friendly way of printing theorem resultsN      !"#$%&'()*+,-./012345679;=?ACEGIJKLMNO/      !"#$%&'=      !"#$%&'()*+,-./012345679;=?ACEGIJKLMNOJ(c) Adam FoltzerBSD3erkokl@gmail.com experimentalNoneP2The description of abc. The default executable is "abc"/, which must be in your path. You can use the SBV_ABC\ environment variable to point to the executable on your system. The default options are 6-S "%blast; &sweep -C 5000; &syn4; &cec -s -m -C 2000". You can use the SBV_ABC_OPTIONS. environment variable to override the options.PPPK(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneQGThe description of the Boolector SMT solver The default executable is  "boolector"., which must be in your path. You can use the  SBV_BOOLECTORZ environment variable to point to the executable on your system. The default options are  "-m --smt2". You can use the SBV_BOOLECTOR_OPTIONS. environment variable to override the options.QQQL(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneTRBThe description of the CVC4 SMT solver The default executable is "cvc4"., which must be in your path. You can use the SBV_CVC4Z environment variable to point to the executable on your system. The default options are  "--lang smt". You can use the SBV_CVC4_OPTIONS. environment variable to override the options.RRRM(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneTSEThe description of the MathSAT SMT solver The default executable is  "mathsat"., which must be in your path. You can use the  SBV_MATHSATZ environment variable to point to the executable on your system. The default options are  "-input=smt2". You can use the SBV_MATHSAT_OPTIONS. environment variable to override the options.SSSN(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneTTCThe description of the Yices SMT solver The default executable is  "yices-smt2"., which must be in your path. You can use the  SBV_YICES| environment variable to point to the executable on your system. SBV does not pass any arguments to yices. You can use the SBV_YICES_OPTIONS. environment variable to override the options.TTTO(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneTU@The description of the Z3 SMT solver The default executable is "z3"., which must be in your path. You can use the SBV_Z3Z environment variable to point to the executable on your system. The default options are  "-in -smt2"-, which is valid for Z3 4.1. You can use the SBV_Z3_OPTIONS. environment variable to override the options.VUWUVUWP(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone#9;T[+A type aa is provable if we can turn it into a predicate. Note that a predicate can be made from a curried function of arbitrary arity, where each element is either a symbolic type or up-to a 7-tuple of symbolic-types. So predicates can be constructed from almost arbitrary Haskell functions that have arbitrary shapes. (See the instance declarations below.)Turns a value into a universally quantified predicate, internally naming the inputs. In this case the sbv library will use names of the form s1, s2(, etc. to name these variables Example: / forAll_ $ \(x::SWord8) y -> x `shiftL` 2 .== y]is a predicate with two arguments, captured using an ordinary Haskell function. Internally, x will be named s0 and y will be named s1.]Turns a value into a predicate, allowing users to provide names for the inputs. If the user does not provide enough number of names for the variables, the remaining ones will be internally generated. Note that the names are only used for printing models and has no other significance; in particular, we do not check that they are unique. Example: 9 forAll ["x", "y"] $ \(x::SWord8) y -> x `shiftL` 2 .== y>This is the same as above, except the variables will be named x and yG respectively, simplifying the counter-examples when they are printed.CTurns a value into an existentially quantified predicate. (Indeed, xR would have been a better choice here for the name, but alas it's already taken.) Version of  that allows user defined namesA goal is a symbolic program that returns no values. The idea is that the constraints/min-max goals will serve as appropriate directives for sat/prove calls.A predicate is a symbolic program that returns a (symbolic) boolean value. For all intents and purposes, it can be treated as an n-ary function from symbolic-values to a boolean. The  monad captures the underlying representation, and can/should be ignored by the users of the library, unless you are building further utilities on top of SBV itself. Instead, simply use the  type when necessary.2Default configuration for the Boolector SMT solver.Default configuration for the CVC4 SMT Solver./Default configuration for the Yices SMT Solver.+Default configuration for the Z3 SMT solver0Default configuration for the MathSAT SMT solver BDefault configuration for the ABC synthesis and verification tool.!<The default solver used by SBV. This is currently set to z3."!Prove a predicate, equivalent to . !#<Find a satisfying assignment for a predicate, equivalent to / !$AReturn all satisfying assignments for a predicate, equivalent to 4 !u. Satisfying assignments are constructed lazily, so they will be available as returned by the solver and on demand.rNB. Uninterpreted constant/function values and counter-examples for array values are ignored for the purposes of $. That is, only the satisfying assignments modulo uninterpreted functions and array inputs will be returned. This is due to the limitation of not having a robust means of getting a function counter-example back from the SMT solver.%Optimize a given collection of s&Check that all the sAssert calls are safe, equivalent to 1 !'>Check if the given constraints are satisfiable, equivalent to 3 !. See the function  constrain for an example use of '. Also see the  tactic.(fCheck whether a given property is a theorem, with an optional time out and the given solver. Returns Nothing* if times out, or the result wrapped in a Just otherwise.)hCheck whether a given property is satisfiable, with an optional time out and the given solver. Returns Nothing* if times out, or the result wrapped in a Just otherwise.*;Checks theoremhood within the given optional time limit of i seconds. Returns Nothing* if times out, or the result wrapped in a Just otherwise.+>Checks satisfiability within the given optional time limit of i seconds. Returns Nothing* if times out, or the result wrapped in a Just otherwise.,Compiles to SMT-Lib and returns the resulting program as a string. Useful for saving the result to a file for off-line analysis, for instance if you have an SMT solver that's not natively supported out-of-the box by the SBV library. It takes two arguments:Tversion: The SMTLib-version to produce. Note that we currently only support SMTLib2. isSat : If X>, will translate it as a SAT query, i.e., in the positive. If Y, will translate as a PROVE query, i.e., it will negate the result. (In this case, the check-sat call to the SMT solver will produce UNSAT if the input is a theorem, as usual.)-rCreate SMT-Lib benchmarks, for supported versions of SMTLib. The first argument is the basename of the file. The  argument controls whether this is a SAT instance, i.e., translate the query directly, or a PROVE instance, i.e., translate the negated query. (See the second boolean argument to , for details.)ZEMake sure we're line-buffering if there's going to be parallel calls.[CMake sure sat/prove calls don't have objectives, and optimize does!\Pick the converter, based on the SMTLib version. Note that we no longer support SMTLib1, so the following is more or less a no-op, but it's good to use it since if we add some other target GHC's pattern-match warning will point us to here../Proves the predicate using the given SMT-solver/7Find a satisfying assignment using the given SMT-solver03Optimizes the objectives using the given SMT-solver]-Construct a lexicographic optimization result^,Construct an independent optimization result_,Construct a pareto-front optimization result`$Apply the given tactics to a problemaImplements the "constraint vacuity check" tactic, making sure the calls to "constrain" describe a satisfiable condition. Returns:Nothing if this is a SAT call, as that would be a weird thing to do (we only would care about constraint-vacuity in a proof context),9Nothing if satisfiable: The world is OK, just keep moving[ProofError if unsatisfiable. In this case we found that the constraints given are just bad!NB. We'll do a SAT call even if there are *no* constraints! This is OK, as the call will be cheap; and this is an opt-in call. (i.e., the user asked us to do it explicitly.)b\Implements the case-split tactic. Works for both Sat and Proof, hence the quantification on res1.Check if any of the assertions can be violated20Check if a safe-call was safe or not, turning a  to a Bool.3SDetermine if the constraints are vacuous using the given SMT-solver. Also see the  tactic.4:Find all satisfying assignments using the given SMT-solvercIRun an external proof on the given condition to see if it is satisfiable.:d !"#$%&'()*+,DVersion of SMTLib to compile to. (Only SMTLib2 supported currently.)lIf True, translate directly, otherwise negate the goal. (Use True for SAT queries, False for PROVE queries.)-Z[\./0]^_`Solver configurationSAre we a sat-problem? Do we have anything parallel going on? (Parallel-case split.)0Wrapper/unwrapper pair from result to SMT answer>Level at which we are called. (In case of a nested case-split)Tactics active at this levelOptimization goals we have%The actual continuation at this pointaisSAT?configoptimization info)wrappers back and forth from final result continuation)result, wrapped in Maybe if vacuity failsb  Solver configAre we optimizing?!Should we check vacuity of cases?PShould we run the cases in parallel? Second bool: Is anything parallel going on?True if we're sat solving6wrapper, unwrapper from sat/proof to the actual resultWPath condition as we reached here. (In a nested case split, First #, then actual name.)'Should we be chatty on the case-splits?XList of cases. Case name, condition, plus further tactics for nested case-splitting etc. 9The "solver" once we provide it with a problem and a case1234efgchijklmnopqr^YZ\[]^_klmnopqvwxyz{|}~     !"#$%&'()*+,-./01234c6d !"#$%&'()*+,-Z[\./0]^_`ab1234efgchijklmnopqrQ(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone 69:;<=OQRT]sClass of metrics we can optimize for. Currently, bounded signed/unsigned bit-vectors, unbounded integers, and algebraic reals can be optimized. (But not, say, SFloat, SDouble, or SBool.) Minimal complete definition: minimize/maximize.EA good reference on these features is given in the following paper:  Ohttp://www.easychair.org/publications/download/Z_-_Maximal_Satisfaction_with_Z3.5Minimize a named metric6Maximize a named metric7Uninterpreted constants and functions. An uninterpreted constant is a value that is indexed by its name. The only property the prover assumes about these values are that they are equivalent to themselves; i.e., (for functions) they return the same results when applied to same arguments. We support uninterpreted-functions as a general means of black-box'ing operations that are  irrelevantx for the purposes of the proof; i.e., when the proofs can be performed without any knowledge about the function itself.Minimal complete definition: :. However, most instances in practice are already provided by SBV, so end-users should not need to define their own instances.8Uninterpret a value, receiving an object that can be used instead. Use this version when you do not need to add an axiom about this value.9 Uninterpret a value, only for the purposes of code-generation. For execution and verification the value is used as is. For code-generation, the alternate definition is used. This is useful when we want to take advantage of native libraries on the target languages.:Most generalized form of uninterpretation, this function should not be needed by end-user-code, but is rather useful for the library development.tNot exported. Used only in uk. Instances are provided for the generic representations of product types where each element is Mergeable.;)Symbolic conditionals are modeled by the ; class, describing how to merge the results of an if-then-else call with a symbolic test. SBV provides all basic types as instances of this class, so users only need to declare instances for custom data-types of their programs as needed.A ; instance may be automatically derived for a custom data-type with a single constructor where the type of each field is an instance of ;?, such as a record of symbolic values. Users only need to add v and ; to the deriving clause for the data-type. See 1R] for an example and an illustration of what the instance would look like if written by hand. The function = is a total-indexing function out of a list of choices with a default value, simulating array/list indexing. It's an n-way generalization of the  function.>Minimal complete definition: None, if the type is instance of Generic . Otherwise <Q. Note that most types subject to merging are likely to be trivial instances of Generic.<'Merge two values based on the condition. The first argument states whether we force the then-and-else branches before the merging, at the word level. This is an efficiency concern; one that we'd rather not make but unfortunately necessary for getting symbolic simulation working efficiently.=Total indexing operation. select xs default index is intuitively the same as  xs !! index, except it evaluates to default if index underflows/overflows.>The >P class captures the essence of division. Unfortunately we cannot use Haskell's w class since the x and yH superclasses are not implementable for symbolic bit-vectors. However, z and { makes perfect sense, and the >) class captures this operation. One issue is how division by 0 behaves. The verification technology requires total functions, and there are several design choices here. We follow Isabelle/HOL approach of assigning the value 0 for division by 0. Therefore, we impose the following pair of laws:  x ? 0 = (0, x) x @ 0 = (0, x) 5Note that our instances implement this law even when x is 0 itself.NB. | truncates toward zero, while }$ truncates toward negative infinity.Minimal complete definition: ?, @ESymbolic Numbers. This is a simple class that simply incorporates all number like base types together, simplifying writing polymorphic type-signatures that work for all symbolic numbers, such as , M etc. For instance, we can write a generic list-minimum function as follows: S mm :: SIntegral a => [SBV a] -> SBV a mm = foldr1 (a b -> ite (a .<= b) a b) It is similar to the standard w/ class, except ranging over symbolic instances.F!Symbolic Comparisons. Similar to  , we cannot implement Haskell's ~+ class since there is no way to return an 1 value from a symbolic comparison. Furthermore, F requires ;R to implement if-then-else, for the benefit of implementing symbolic versions of  and  functions.Minimal complete definition: GM4Symbolic Equality. Note that we can't use Haskell's s class since Haskell insists on returning Bool Comparing symbolic values will necessarily return a symbolic value.Minimal complete definition: NNewer versions of GHC (Starting with 7.8 I think), distinguishes between FiniteBits and Bits classes. We should really use FiniteBitSize for SBV which would make things better. In the interim, just work around pesky warnings..+Generate a finite symbolic bitvector, named-Generate a finite symbolic bitvector, unnamedP$Generate a finite constant bitvectorQ'Convert a constant to an integral valueRGenerically make a symbolic varS Declare an TDeclare a list of sU Declare an VDeclare a list of sW Declare an XDeclare a list of sY Declare an ZDeclare a list of s[ Declare an \Declare a list of s] Declare an ^Declare a list of s_ Declare an `Declare a list of sa Declare an bDeclare a list of sc Declare an dDeclare a list of se Declare an fDeclare a list of sg Declare an hDeclare a list of si Declare an jDeclare a list of sk Declare an lDeclare a list of smKConvert an SReal to an SInteger. That is, it computes the largest integer n that satisfies sIntegerToSReal n <= r essentially giving us the floor.For instance, 1.3 will be 1, but -1.3 will be -2.nlabel: Label the result of an expression. This is essentially a no-op, but useful as it generates a comment in the generated C/SMT-Lib code. Note that if the argument is a constant, then the label is dropped completely, per the usual constant folding strategy.oLReturns (symbolic) true if all the elements of the given list are different.pKReturns (symbolic) true if all the elements of the given list are the same.q3Returns (symbolic) true if the argument is in rangerSymbolic membership tests.Returns 1 if the boolean is true, otherwise 0.:Predicate for optimizing word operations like (+) and (*).:Predicate for optimizing word operations like (+) and (*).tASymbolic exponentiation using bit blasting and repeated squaring.FN.B. The exponent must be unsigned. Signed exponents will be rejected.&Lift a 1 arg FP-op, using sRNE default7Lift a float/double unary function, only over constants8Lift a float/double binary function, only over constantsuReplacement for . Since  requires a b to be returned, we cannot implement it for symbolic words. Index 0 is the least-significant bit.v Variant of u2, where we want to extract multiple bit positions.wReplacement for . Since  returns an A, we cannot implement it for symbolic words. Here, we return an g, which can overflow when used on quantities that have more than 255 bits. Currently, that's only the > type that SBV supports, all other types are safe. Even with , this will only overflow if there are at least 256-bits set in the number, and the smallest such number is 2^256-1, which is a pretty darn big number to worry about for practical purposes. In any case, we do not support w for unbounded symbolic integers, as the only possible implementation wouldn't symbolically terminate. So the only overflow issue is with really-really large concrete  values.xGeneralization of ( based on a symbolic boolean. Note that  and { are still available on Symbolic words, this operation comes handy when the condition to set/clear happens to be symbolic.yKConversion between integral-symbolic values, akin to Haskell's fromIntegralzGeneralization of 6, when the shift-amount is symbolic. Since Haskell's  only takes an  as the shift amount, it cannot be used when we have a symbolic amount to shift with. The first argument should be a bounded quantity.{Generalization of 6, when the shift-amount is symbolic. Since Haskell's  only takes an  as the shift amount, it cannot be used when we have a symbolic amount to shift with. The first argument should be a bounded quantity.NB. If the shiftee is signed, then this is an arithmetic shift; otherwise it's logical, following the usual Haskell convention. See |a for a variant that explicitly uses the msb as the sign bit, even for unsigned underlying types.|UArithmetic shift-right with a symbolic unsigned shift amount. This is equivalent to {H when the argument is signed. However, if the argument is unsigned, then it explicitly treats its msb as a sign-bit, and uses it as the bit that gets shifted in. Useful when using the underlying unsigned bit representation to implement custom signed operations. Note that there is no direct Haskell analogue of this function.}Generalization of 6, when the shift-amount is symbolic. Since Haskell's  only takes an  as the shift amount, it cannot be used when we have a symbolic amount to shift with. The first argument should be a bounded quantity.~Generalization of 6, when the shift-amount is symbolic. Since Haskell's  only takes an  as the shift amount, it cannot be used when we have a symbolic amount to shift with. The first argument should be a bounded quantity.4Full adder. Returns the carry-out from the addition.FN.B. Only works for unsigned types. Signed arguments will be rejected.xFull multiplier: Returns both the high-order and the low-order bits in a tuple, thus fully accounting for the overflow.FN.B. Only works for unsigned types. Signed arguments will be rejected.N.B. The higher-order bits are determined using a simple shift-add multiplier, thus involving bit-blasting. It'd be naive to expect SMT solvers to deal efficiently with properties involving this function, at least with the current state of the art.=Little-endian blasting of a word into its bits. Also see the FromBits class.:Big-endian blasting of a word into its bits. Also see the FromBits class.:Least significant bit of a word, always stored at index 0.CMost significant bit of a word, always stored at the last position.*Helper function for use in enum operationsLift QRem2 to symbolic words. Division by 0 is defined s.t. x/0 = 0; which holds even when x is 0 itself.Lift DMod2 to symbolic words. Division by 0 is defined s.t. x/0 = 0; which holds even when x is 0u itself. Essentially, this is conversion from quotRem (truncate to 0) to divMod (truncate towards negative infinity)$If-then-else. This is by definition <S with both branches forced. This is typically the desired behavior, but also see  should you need more laziness.A Lazy version of ite, which does not force its arguments. This might cause issues for symbolic simulation with large thunks around, so use with care.Symbolic assert. Check that the given boolean condition is always true in the given path. The optional first argument can be used to provide call-stack info via GHC's location facilities.#Merge two symbolic values, at kind k , possibly force'ing the branches to make sure they do not evaluate to the same result. This should only be used for internal purposes; as default definitions provided should suffice in many cases. (i.e., End users should only need to define <2 when needed; which should be rare to start with.)uKNot exported. Symbolic merge using the generic representation provided by ST.Adding arbitrary constraints. When adding constraints, one has to be careful about making sure they are not inconsistent. The function 'T can be use for this purpose. Here is an example. Consider the following predicate:Slet pred = do { x <- forall "x"; constrain $ x .< x; return $ x .>= (5 :: SWord8) }~This predicate asserts that all 8-bit values are larger than 5, subject to the constraint that the values considered satisfy x .< x~, i.e., they are less than themselves. Since there are no values that satisfy this constraint, the proof will pass vacuously: prove predQ.E.D. We can use '/ to make sure to see that the pass was vacuous:isVacuous predTrue While the above example is trivial, things can get complicated if there are multiple constraints with non-straightforward relations; so if constraints are used one should make sure to check the predicate is not vacuously true. Here's an example that is not vacuous:Tlet pred' = do { x <- forall "x"; constrain $ x .> 6; return $ x .>= (5 :: SWord8) }'This time the proof passes as expected: prove pred'Q.E.D.And the proof is not vacuous:isVacuous pred'False'Adding a probabilistic constraint. The R argument is the probability threshold. Probabilistic constraints are useful for genTest and  quickCheck+ calls where we restrict our attention to  interesting parts of the input domain.&Provide a tactic for the solver engine4Introduce a soft assertion, with an optional penalty1Quick check an SBV property. Note that a regular  quickCheckZ call will work just as well. Use this variant if you want to receive the boolean result.Explicit sharing combinator. The SBV library has internal caching/hash-consing mechanisms built in, based on Andy Gill's type-safe obervable sharing technique (see:  9http://ittc.ku.edu/~andygill/paper.php?label=DSLExtract09u). However, there might be times where being explicit on the sharing can help, especially in experimental code. The  combinator ensures that its first argument is computed once and passed on to its continuation, explicitly indicating the intent of sharing. Most use cases of the SBV library should simply use Haskell's let construct for this purpose.Check if a boolean condition is satisfiable in the current state. This function can be useful in contexts where an interpreter implemented on top of SBV needs to decide if a particular stae (represented by the boolean) is reachable in the current if-then-else paths implied by the L calls. Returns Nothing if not satisfiable, otherwise the satisfying model.'Define Floating instance on SBV's; only for base types that are already floating; i.e., SFloat and SDouble Note that most of the fields are "undefined" for symbolic values, we add methods as they are supported by SMTLib. Currently, the only symbolicly available function in this class is sqrt.CBase type of () allows simple construction for uninterpreted types.s56789:t;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~u     dyxvus56789:;=<>B?@ACDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~s56789:t;<=<>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~u     G4H4I4J4N4O4U(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneOT.BCapture convertability from/to FloatingPoint representations NB.  and - are underspecified when given when given a NaN, +oo, or -oov value that cannot be represented in the target domain. For these inputs, we define the result to be +0, arbitrarily.A class of floating-point (IEEE754) operations, some of which behave differently based on rounding modes. Note that unless the rounding mode is concretely RoundNearestTiesToEven, we will not concretely evaluate these, but rather pass down to the SMT solver.*Compute the floating point absolute value.&Compute the unary negation. Note that 0 - x is not equivalent to -x for floating-point, since -0 and 0 are different.<Add two floating point values, using the given rounding modeASubtract two floating point values, using the given rounding modeAMultiply two floating point values, using the given rounding mode?Divide two floating point values, using the given rounding modeOFused-multiply-add three floating point values, using the given rounding mode. fpFMA x y z = x*y+z but with only one rounding done for the whole operation; not two. Note that we will never concretely evaluate this function since Haskell lacks an FMA implementation.ACompute the square-root of a float, using the given rounding modeCompute the remainder:  x - y * n, where nY is the truncated integer nearest to x/y. The rounding mode is implicitly assumed to be RoundNearestTiesToEven.CRound to the nearest integral value, using the given rounding mode.,Compute the minimum of two floats, respects infinity and NaN values,Compute the maximum of two floats, respects infinity and NaN values4Are the two given floats exactly the same. That is, NaN will compare equal to itself, +0 will not compare equal to -0h etc. This is the object level equality, as opposed to the semantic equality. (For the latter, just use N.)FIs the floating-point number a normal value. (i.e., not denormalized.)IIs the floating-point number a subnormal value. (Also known as denormal.)WIs the floating-point number 0? (Note that both +0 and -0 will satisfy this predicate.)`Is the floating-point number infinity? (Note that both +oo and -oo will satisfy this predicate.))Is the floating-point number a NaN value?]Is the floating-point number negative? Note that -0 satisfies this predicate but +0 does not.]Is the floating-point number positive? Note that +0 satisfies this predicate but -0 does not. Is the floating point number -0? Is the floating point number +0?yIs the floating-point number a regular floating point, i.e., not NaN, nor +oo, nor -oo. Normals or denormals are allowed.LA generic converter that will work for most of our instances. (But not all!)#Check that a given float is a pointqConcretely evaluate one arg function, if rounding mode is RoundNearestTiesToEven and we have enough concrete dataqConcretely evaluate two arg function, if rounding mode is RoundNearestTiesToEven and we have enough concrete dataConcretely evaluate a bool producing two arg function, if rounding mode is RoundNearestTiesToEven and we have enough concrete dataqConcretely evaluate two arg function, if rounding mode is RoundNearestTiesToEven and we have enough concrete data7Add the converted rounding mode if given as an argumentLift a 1 arg FP-opLift an FP predicateLift a 2 arg FP-opLift min/max: Note that we protect against constant folding if args are alternating sign 0's, since SMTLib is deliberately nondeterministic in this case"Lift a 2 arg FP-op, producing boolLift a 3 arg FP-op Convert an  to an M, preserving the bit-correspondence. Note that since the representation for NaNTs are not unique, this function will return a symbolic value when given a concrete NaN.IImplementation note: Since there's no corresponding function in SMTLib for conversion to bit-representation due to partiality, we use a translation trick by allocating a new word variable, converting it to float, and requiring it to be equivalent to the input. In code-generation mode, we simply map it to a simple conversion. Convert an  to an M, preserving the bit-correspondence. Note that since the representation for NaNTs are not unique, this function will return a symbolic value when given a concrete NaN. See the implementation note for , as it applies here as well.Extract the sign/exponent/mantissa of a single-precision float. The output will have 8 bits in the second argument for exponent, and 23 in the third for the mantissa.Extract the sign/exponent/mantissa of a single-precision float. The output will have 11 bits in the second argument for exponent, and 52 in the third for the mantissa.QReinterpret the bits in a 32-bit word as a single-precision floating point numberQReinterpret the bits in a 32-bit word as a single-precision floating point numberSDouble instance SFloat instance>!"#$%&'()*+, ##!"#$%&'()*+, V(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone9;<=?Unblasting a value from symbolic-bits. The bits can be given little-endian or big-endian. For a signed number in little-endian, we assume the very last bit is the sign digit. This is a bit awkward, but it is more consistent with the "reverse" view of little-big-endian representationsMinimal complete definition:  Splitting an a into two b#'s and joining back. Intuitively, a is a larger bit-size word than b, typically double. The # operation captures embedding of a b value into an a& without changing its semantic value..Minimal complete definition: All, no defaults.->Construct a symbolic word from its bits given in little-endianPerform a sanity check that we should receive precisely the same number of bits as required by the resulting type. The input is little-endian./-0123456789:;<=>./-0123456789:;<=>5(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone9:;pImplements polynomial addition, multiplication, division, and modulus operations over GF(2^n). NB. Similar to ?, division by 0 is interpreted as follows: x  0 = (0, x)for all x (including 0)Minimal complete definition: , , @Given bit-positions to be set, create a polynomial For instance polynomial [0, 1, 3] :: SWord8will evaluate to 11, since it sets the bits 0, 1, and 30. Mathematicans would write this polynomial as  x^3 + x + 1. And in fact,  will show it like that.Add two polynomials in GF(2^n).Multiply two polynomials in GF(2^n), and reduce it by the irreducible specified by the polynomial as specified by coefficients of the third argument. Note that the third argument is specifically left in this form as it is usally in GF(2^(n+1)), which is not available in our formalism. (That is, we would need SWord9 for SWord8 multiplication, etc.) Also note that we do not support symbolic irreducibles, which is a minor shortcoming. (Most GF's will come with fixed irreducibles, so this should not be a problem in practice.)Passing [] for the third argument will multiply the polynomials and then ignore the higher bits that won't fit into the resulting size.DDivide two polynomials in GF(2^n), see above note for division by 0.OCompute modulus of two polynomials in GF(2^n), see above note for modulus by 0.%Division and modulus packed together.CDisplay a polynomial like a mathematician would (over the monomial x), with a type.CDisplay a polynomial like a mathematician would (over the monomial xC), the first argument controls if the final type is shown as well.?Pretty print as a polynomialAdd two polynomialsRun down a boolean condition over two lists. Note that this is different than zipWith as shorter list is assumed to be filled with false at the end (i.e., zero-bits); which nicely pads it when considered as an unsigned number in little-endian form.@}Multiply two polynomials and reduce by the third (concrete) irreducible, given by its coefficients. See the remarks for the  function for this design choice8Compute modulus/remainder of polynomials on bit-vectors.(Compute CRCs over bit-vectors. The call  crcBV n m p" computes the CRC of the message m with respect to polynomial p@. The inputs are assumed to be blasted big-endian. The number n5 specifies how many bits of CRC is needed. Note that n+ is actually the degree of the polynomial p, and thus it seems redundant to pass it in. However, in a typical proof context, the polynomial can be symbolic, so we cannot compute the degree easily. While this can be worked-around by generating code that accounts for all possible degrees, the resulting code would be unnecessarily big and complicated, and much harder to reason with. (Also note that a CRC is just the remainder from the polynomial division, but this routine is much faster in practice.)NB. The nth bit of the polynomial p mustQ be set for the CRC to be computed correctly. Note that the polynomial argument p[ will not even have this bit present most of the time, as it will typically contain bits 0 through n-13 as usual in the CRC literature. The higher order nth bit is simply assumed to be set, as it does not make sense to use a polynomial of a lesser degree. This is usually not a problem since CRC polynomials are designed and expressed this way.sNB. The literature on CRC's has many variants on how CRC's are computed. We follow the following simple procedure:Extend the message m by adding n 0 bits on the right+Divide the polynomial thus obtained by the pThe remainder is the CRC value.{There are many variants on final XOR's, reversed polynomials etc., so it is essential to double check you use the correct  algorithm.ACompute CRC's over polynomials, i.e., symbolic words. The first 0 argument plays the same role as the one in the  function.ABC?@DEFGABC?@DEFG(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone9:;T]A symbolic tree containing values of type e, indexed by elements of type i. Note that these are full-trees, and their their shapes remain constant. There is no API provided that can change the shape of the tree. These structures are useful when dealing with data-structures that are indexed with symbolic values where access time is important. 7 structures provide logarithmic time reads and writes.`Reading a value. We bit-blast the index and descend down the full tree according to bit-values.Writing a value, similar to how reads are done. The important thing is that the tree representation keeps updates to a minimum.AConstruct the fully balanced initial tree using the given values.HIJHIJ(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneTest output style"As a Haskell value with given name'As a C array of structs with given nameAs a Forte/Verilog value with given name. If the boolean is True then vectors are blasted big-endian, otherwise little-endian The indices are the split points on bit-vectors for input and output valuesType of test vectors (abstract)ZRetrieve the test vectors for further processing. This function is useful in cases where K is not sufficient and custom output (or further preprocessing) is needed.Generate a set of concrete test values from a symbolic program. The output can be rendered as test vectors in different languages as necessary. Use the function G call to indicate what fields should be in the test result. (Also see  constrain and  pConstrain' for filtering acceptable test values.)7Render the test as a Haskell value with the given name n. KLMNKLMNW(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone9;I3CDifferent kinds of "files" we can produce. Currently this is quite C specific.5Representation of a collection of generated programs.Possible mappings for the C type when translated to C. Used in conjunction with the function  . Note that the particular characteristics of the mapped types depend on the platform and the compiler used for compiling the generated C program. See  )http://en.wikipedia.org/wiki/C_data_types for details. float double  long doubleThe code-generation monad. Allows for precise layout of input values reference parameters (for returning composite values in languages such as C), and return values.Code-generation state%Abstraction of target language valuesOptions for code-generation.If XR, perform run-time-checks for index-out-of-bounds or shifting-by-large values etc.2Bit-size to use for representing SInteger (if any)+Type to use for representing SReal (if any)YValues to use for the driver program generated, useful for generating non-random drivers.If X , will generate a driver programIf X, will generate a makefileIf X, will ignore sAssert calls5Abstract over code generation for different languagesuDefault options for code generation. The run-time checks are turned-off, and the driver values are completely random.)Initial configuration for code-generation.Reach into symbolic monad from code-generationJReach into symbolic monad and output a value. Returns the corresponding SWaSets RTC (run-time-checks) for index-out-of-bounds, shift-with-large value etc. on/off. Default: Y. 4Sets number of bits to be used for representing the < type in the generated C code. The argument must be one of 8, 16, 32, or 64. Note that this is essentially unsafe as the semantics of unbounded Haskell integers becomes reduced to the corresponding bit size, as typical in most C implementations. 0Sets the C type to be used for representing the > type in the generated C code. The setting can be one of C's "float", "double", or  "long double", types, depending on the precision needed. Note that this is essentially unsafe as the semantics of infinite precision SReal values becomes reduced to the corresponding floating point type in C, and hence it is subject to rounding errors. .Should we generate a driver program? Default: Xl. When a library is generated, it will have a driver if any of the contituent functions has a driver. (See  compileToCLib.) (Should we generate a Makefile? Default: X. Sets driver program run time values, useful for generating programs with fixed drivers for testing. Default: None, i.e., use random values.&Ignore assertions (those generated by sAssert calls) in the generated C codeoAdds the given lines to the header file generated, useful for generating programs with uninterpreted functions.pAdds the given lines to the program file generated, useful for generating programs with uninterpreted functions.jAdds the given words to the compiler options in the generated Makefile, useful for linking extra stuff in..Creates an atomic input in the generated code.-Creates an array input in the generated code./Creates an atomic output in the generated code..Creates an array output in the generated code.9Creates a returned (unnamed) value in the generated code.?Creates a returned (unnamed) array value in the generated code..Creates an atomic input in the generated code.-Creates an array input in the generated code./Creates an atomic output in the generated code..Creates an array output in the generated code.9Creates a returned (unnamed) value in the generated code.?Creates a returned (unnamed) array value in the generated code.Is this a driver program?Is this a make file? }Generate code for a symbolic program, returning a Code-gen bundle, i.e., collection of makefiles, source code, headers, etc.!4Render a code-gen bundle to a directory or to stdout"An alternative to Pretty's renderb, which might have "leading" white-space in empty lines. This version eliminates such whitespace.O=A simple way to print bundles, mostly for debugging purposes.P instance for  5 displays values as they would be used in a C programF      !"OPD      !")      !"OPX(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone#gGiven a symbolic computation, render it as an equivalent collection of files that make up a C program:The first argument is the directory name under which the files will be saved. To save files in the current directory pass Q ".". Use  for printing to stdout.>The second argument is the name of the C function to generate.2The final argument is the function to be compiled.!Compilation will also generate a Makefile3, a header file, and a driver (test) program, etc.$Lower level version of #, producing a %Create code to generate a library archive (.a) from given symbolic functions. Useful when generating code from multiple functions that work together as a library.The first argument is the directory name under which the files will be saved. To save files in the current directory pass Q ".". Use  for printing to stdout.;The second argument is the name of the archive to generate.The third argument is the list of functions to include, in the form of function-name/code pairs, similar to the second and third arguments of #, except in a list.&Lower level version of %, producing a RPretty print a functions type. If there is only one output, we compile it as a function that returns that value. Otherwise, we compile it as a void function that takes return values as pointers to be updated.STRenders as "const SWord8 s0", etc. the first parameter is the width of the typefieldTAReturn the proper declaration and the result as a pair. No constsU3Renders as "s0", etc, or the corresponding constantV!Words as it would map to a C wordWAlmost a "show", but map SWord1 to SBool- which is used for extracting one-bit words.X!The printf specifier for the typeYMake a constant value of the given type. We don't check for out of bounds here, as it should not be needed. There are many options here, using binary, decimal, etc. We simply use decimal for values 8-bits or less, and hex otherwise.ZDGenerate a makefile. The first argument is True if we have a driver.[Generate the header\"Generate an example driver program]Generate the C program^7Merge a bunch of bundles to generate code for a library_!Create a Makefile for the library`Create a driver for a library"ab#$%&cdeRfgSTUVWXYhZ[i\]jklmn^_`o#$%&!ab#$%&cdeRfgSTUVWXYhZ[i\]jklmn^_`o(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone #$%&'.()*+,-/0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[]^_`cdebafghijklmnopqrstuvwxyz{|}~     &#$+21 !"%'()*,-./03456789:;<=>?@ABCEFGHIQRSTUVWXY^Z[\]_`agbcdefhijklmonprqst{uvxywz|}~ PQR      !"$&tuvwxyz{|}~EFGHIJKLMN$%&;<=>?@ABCDOPQXUVW45:9TSR67mnopqrshijkl8CQRS'()*+,-./012( !"#$%&'()*+,-./0123     BUVWFG>3456789:AI=@E;T#Hghij`abcdefYZ[\]^_klmnopqrstuvwxyz{|}~?abcdefgXYZ[\]^_`<PQR rstu$&      !" (c) Levent ErkokBSD3erkokl@gmail.com experimentalNone9; 'Equality as a proof method. Allows for very concise construction of equivalence proofs, which is very typical in bit-precise proofs.)3The currently active solver, obtained by importing Data.SBV. To have other solvers current$, import one of the bridge modules Data.SBV.Bridge.ABC, Data.SBV.Bridge.Boolector, Data.SBV.Bridge.CVC4, Data.SBV.Bridge.Yices, or Data.SBV.Bridge.Z3 directly.*Form the symbolic conjunction of a given list of boolean conditions. Useful in expressing problems with constraints, like the following: L do [x, y, z] <- sIntegers ["x", "y", "z"] solve [x .> 5, y + z .< x] +Check whether the given solver is installed and is ready to go. This call does a simple call to the solver to ensure all is well.,:The default configs corresponding to supported SMT solvers-EReturn the known available solver configs, installed on your machine..~Prove a property with multiple solvers, running them in separate threads. The results will be returned in the order produced./Prove a property with multiple solvers, running them in separate threads. Only the result of the first one to finish will be returned, remaining threads will be killed.0Find a satisfying assignment to a property with multiple solvers, running them in separate threads. The results will be returned in the order produced.1Find a satisfying assignment to a property with multiple solvers, running them in separate threads. Only the result of the first one to finish will be returned, remaining threads will be killed.'()*+,-pq./0123456789:;<=>?FB>:rstHD@<uvwxyz{|}~  !"$'.()*+,-/0123456789:;<=>?@ABCDEFGHQYZ\[]^_`cdebafklmnopqvwxyz{|}~EUVWhjmonprqst{uvxywz|}~     !"#$%&'()*+,-./0123465789:;=<>B?@ACDEFGHIJKLMNOSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     #%'()*+,-./01$mSUWY[]_acegikTVXZ\^`bdfhjlmnopqrsjhuvwz{}~|yxsnpoqrt;<=<MNOFGHIJKLE>?@ABCD !"789:E'(".*(#/+)&12UVW$4*'3./0156%0;<=>?@ABCD    klmnopqvwxyz{|}~`abcdefYZ[\]^_ ,)!+- EFGH'()*+,-./012(3456789:Qtuvwxyz{|}~,-     #%'()*+,-pq./0123456789:;<=>?(4(c) Adam FoltzerBSD3erkokl@gmail.com experimentalNone @)Current solver instance, pointing to abc.AProve theorems, using ABCB$Find satisfying solutions, using ABCC Check all  calls are safe, using ABCD(Find all satisfying solutions, using ABCEOptimize objectives, using ABCFECheck vacuity of the explicit constraints introduced by calls to the  function, using ABCGTCheck if the statement is a theorem, with an optional time-out in seconds, using ABCHVCheck if the statement is satisfiable, with an optional time-out in seconds, using ABC @AProperty to checkEResponse from the SMT solver, containing the counter-example if foundBProperty to check9Response of the SMT Solver, containing the model if foundC Program containing sAssert callsDProperty to checkList of all satisfying modelsEProgram with objectivesFProperty to check*True if the constraints are unsatisifiableG%Optional time-out, specify in secondsProperty to check#Returns Nothing if time-out expiresH%Optional time-out, specify in secondsProperty to check#Returns Nothing if time-out expiersFB>:rstHD@<uvwxyz{|}~  !"$'.()*+,-/0123456789:;<=>?@ABCDEFGHQYZ\[]^_`cdebafklmnopqvwxyz{|}~EUVWhjmonprqst{uvxywz|}~     !(),-./0123456789:;=<>B?@ACDEFGHIJKLMNOSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     #%'(*+,-./01@ABCDEFGH @ABDCEFGH @ABCDEFGH (c) Levent ErkokBSD3erkokl@gmail.com experimentalNone I/Current solver instance, pointing to Boolector.J.Prove theorems, using the Boolector SMT solverK9Find satisfying solutions, using the Boolector SMT solverL Check all / calls are safe, using the Boolector SMT solverM=Find all satisfying solutions, using the Boolector SMT solverN$Optimize objectives, using BoolectorOECheck vacuity of the explicit constraints introduced by calls to the ) function, using the Boolector SMT solverPiCheck if the statement is a theorem, with an optional time-out in seconds, using the Boolector SMT solverQkCheck if the statement is satisfiable, with an optional time-out in seconds, using the Boolector SMT solver IJProperty to checkEResponse from the SMT solver, containing the counter-example if foundKProperty to check9Response of the SMT Solver, containing the model if foundL Program containing sAssert callsMProperty to checkList of all satisfying modelsNProgram with objectivesOProperty to check*True if the constraints are unsatisifiableP%Optional time-out, specify in secondsProperty to check#Returns Nothing if time-out expiresQ%Optional time-out, specify in secondsProperty to check#Returns Nothing if time-out expiersFB>:rstHD@<uvwxyz{|}~  !"$'.()*+,-/0123456789:;<=>?@ABCDEFGHQYZ\[]^_`cdebafklmnopqvwxyz{|}~EUVWhjmonprqst{uvxywz|}~     !(),-./0123456789:;=<>B?@ACDEFGHIJKLMNOSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     #%'(*+,-./01IJKLMNOPQ IJKMLNOPQ IJKLMNOPQ (c) Levent ErkokBSD3erkokl@gmail.com experimentalNone R*Current solver instance, pointing to cvc4.S)Prove theorems, using the CVC4 SMT solverT4Find satisfying solutions, using the CVC4 SMT solverU Check all * calls are safe, using the CVC4 SMT solverV8Find all satisfying solutions, using the CVC4 SMT solverWOptimize objectives, using CVC4XECheck vacuity of the explicit constraints introduced by calls to the $ function, using the CVC4 SMT solverYdCheck if the statement is a theorem, with an optional time-out in seconds, using the CVC4 SMT solverZfCheck if the statement is satisfiable, with an optional time-out in seconds, using the CVC4 SMT solver RSProperty to checkEResponse from the SMT solver, containing the counter-example if foundTProperty to check9Response of the SMT Solver, containing the model if foundU Program containing sAssert callsVProperty to checkList of all satisfying modelsWProgram with objectivesXProperty to check*True if the constraints are unsatisifiableY%Optional time-out, specify in secondsProperty to check#Returns Nothing if time-out expiresZ%Optional time-out, specify in secondsProperty to check#Returns Nothing if time-out expiersFB>:rstHD@<uvwxyz{|}~  !"$'.()*+,-/0123456789:;<=>?@ABCDEFGHQYZ\[]^_`cdebafklmnopqvwxyz{|}~EUVWhjmonprqst{uvxywz|}~     !(),-./0123456789:;=<>B?@ACDEFGHIJKLMNOSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     #%'(*+,-./01RSTUVWXYZ RSTVUWXYZ RSTUVWXYZ (c) Levent ErkokBSD3erkokl@gmail.com experimentalNone [-Current solver instance, pointing to MathSAT.\,Prove theorems, using the MathSAT SMT solver]7Find satisfying solutions, using the MathSAT SMT solver^ Check all - calls are safe, using the MathSAT SMT solver_;Find all satisfying solutions, using the MathSAT SMT solver`"Optimize objectives, using MathSATaECheck vacuity of the explicit constraints introduced by calls to the ' function, using the MathSAT SMT solverbgCheck if the statement is a theorem, with an optional time-out in seconds, using the MathSAT SMT solverciCheck if the statement is satisfiable, with an optional time-out in seconds, using the MathSAT SMT solver [\Property to checkEResponse from the SMT solver, containing the counter-example if found]Property to check9Response of the SMT Solver, containing the model if found^ Program containing sAssert calls_Property to checkList of all satisfying models`Program with objectivesaProperty to check*True if the constraints are unsatisifiableb%Optional time-out, specify in secondsProperty to check#Returns Nothing if time-out expiresc%Optional time-out, specify in secondsProperty to check#Returns Nothing if time-out expiersFB>:rstHD@<uvwxyz{|}~  !"$'.()*+,-/0123456789:;<=>?@ABCDEFGHQYZ\[]^_`cdebafklmnopqvwxyz{|}~EUVWhjmonprqst{uvxywz|}~     !(),-./0123456789:;=<>B?@ACDEFGHIJKLMNOSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     #%'(*+,-./01[\]^_`abc [\]_^`abc [\]^_`abc (c) Levent ErkokBSD3erkokl@gmail.com experimentalNone d+Current solver instance, pointing to yices.e*Prove theorems, using the Yices SMT solverf5Find satisfying solutions, using the Yices SMT solverg Check all + calls are safe, using the Yices SMT solverh9Find all satisfying solutions, using the Yices SMT solveri Optimize objectives, using YicesjECheck vacuity of the explicit constraints introduced by calls to the % function, using the Yices SMT solverkeCheck if the statement is a theorem, with an optional time-out in seconds, using the Yices SMT solverlgCheck if the statement is satisfiable, with an optional time-out in seconds, using the Yices SMT solver deProperty to checkEResponse from the SMT solver, containing the counter-example if foundfProperty to check9Response of the SMT Solver, containing the model if foundg Program containing sAssert callshProperty to checkList of all satisfying modelsiProgram with objectivesjProperty to check*True if the constraints are unsatisifiablek%Optional time-out, specify in secondsProperty to check#Returns Nothing if time-out expiresl%Optional time-out, specify in secondsProperty to check#Returns Nothing if time-out expiersFB>:rstHD@<uvwxyz{|}~  !"$'.()*+,-/0123456789:;<=>?@ABCDEFGHQYZ\[]^_`cdebafklmnopqvwxyz{|}~EUVWhjmonprqst{uvxywz|}~     !(),-./0123456789:;=<>B?@ACDEFGHIJKLMNOSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     #%'(*+,-./01defghijkl defhgijkl defghijkl (c) Levent ErkokBSD3erkokl@gmail.com experimentalNone m(Current solver instance, pointing to z3.n'Prove theorems, using the Z3 SMT solvero2Find satisfying solutions, using the Z3 SMT solverp Check all ( calls are safe, using the Z3 SMT solverq6Find all satisfying solutions, using the Z3 SMT solverr Optimize objectives, using YicessECheck vacuity of the explicit constraints introduced by calls to the " function, using the Z3 SMT solvertbCheck if the statement is a theorem, with an optional time-out in seconds, using the Z3 SMT solverudCheck if the statement is satisfiable, with an optional time-out in seconds, using the Z3 SMT solver mnProperty to checkEResponse from the SMT solver, containing the counter-example if foundoProperty to check9Response of the SMT Solver, containing the model if foundp Program containing sAssert callsqProperty to checkList of all satisfying modelsrProgram with objectivessProperty to check*True if the constraints are unsatisifiablet%Optional time-out, specify in secondsProperty to check#Returns Nothing if time-out expiresu%Optional time-out, specify in secondsProperty to check#Returns Nothing if time-out expiersFB>:rstHD@<uvwxyz{|}~  !"$'.()*+,-/0123456789:;<=>?@ABCDEFGHQYZ\[]^_`cdebafklmnopqvwxyz{|}~EUVWhjmonprqst{uvxywz|}~     !(),-./0123456789:;=<>B?@ACDEFGHIJKLMNOSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     #%'(*+,-./01mnopqrstu mnoqprstu mnopqrstu(c) Brian HuffmanBSD3erkokl@gmail.com experimentalNonevDReduce a condition (i.e., try to concretize it) under the given pathwDynamic variant of quick-checkxCompiles to SMT-Lib and returns the resulting program as a string. Useful for saving the result to a file for off-line analysis, for instance if you have an SMT solver that's not natively supported out-of-the box by the SBV library. It takes two arguments:Tversion: The SMTLib-version to produce. Note that we currently only support SMTLib2. isSat : If X>, will translate it as a SAT query, i.e., in the positive. If Y, will translate as a PROVE query, i.e., it will negate the result. (In this case, the check-sat call to the SMT solver will produce UNSAT if the input is a theorem, as usual.)yCreate both SMT-Lib1 and SMT-Lib2 benchmarks. The first argument is the basename of the file, SMT-Lib1 version will be written with suffix ".smt1" and SMT-Lib2 version will be written with suffix ".smt2". The  argument controls whether this is a SAT instance, i.e., translate the query directly, or a PROVE instance, i.e., translate the negated query. (See the second boolean argument to x for details.)z/Proves the predicate using the given SMT-solver{7Find a satisfying assignment using the given SMT-solver|'Check safety using the given SMT-solver}:Find all satisfying assignments using the given SMT-solver~~Prove a property with multiple solvers, running them in separate threads. The results will be returned in the order produced.Prove a property with multiple solvers, running them in separate threads. Only the result of the first one to finish will be returned, remaining threads will be killed.Find a satisfying assignment to a property with multiple solvers, running them in separate threads. The results will be returned in the order produced.Find a satisfying assignment to a property with multiple solvers, running them in separate threads. Only the result of the first one to finish will be returned, remaining threads will be killed.Extract a model, the result is a tuple where the first argument (if True) indicates whether the model was "probable". (i.e., if the solver returned unknown.)Extract a model dictionary. Extract a dictionary mapping the variables to their respective values as returned by the SMT solver. Also see getModelDictionaries.vwx,If True, output SMT-Lib2, otherwise SMT-Lib1lIf True, translate directly, otherwise negate the goal. (Use True for SAT queries, False for PROVE queries.)yz{|}~'.()*+,-/0123456789:EFGHIJKLMNQYZ\[]^_`cdebafklmnopqvwxyz{|}~DJKLMNOP      !     #%)+,-vwxyz{|}~'()*+,-./012(3456789:EFGHIJKLMNQKLMNOPDvz{}|~w    klmnopq vwxyz{|}~`abcdefYZ[\]^_ ,)!+-Jxy     #%vwxyz{|}~(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone Formalizes Dhttps://graphics.stanford.edu/~seander/bithacks.html#IntegerMinOrMax Formalizes Dhttps://graphics.stanford.edu/~seander/bithacks.html#IntegerMinOrMax Formalizes Hhttps://graphics.stanford.edu/~seander/bithacks.html#DetectOppositeSigns Formalizes ^https://graphics.stanford.edu/~seander/bithacks.html#ConditionalSetOrClearBitsWithoutBranching Formalizes Hhttps://graphics.stanford.edu/~seander/bithacks.html#DetermineIfPowerOf2Collection of queries(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone57&LChoose the appropriate array model to be used for modeling the memory. (See .) The h is the function based model. j$ is the SMT-Lib array's based model.4Helper synonym for capturing relevant bits of MostekAn instruction is modeled as a M transformer. We model mostek programs in direct continuation passing style.BPrograms are essentially state transformers (on the machine state)0Given a machine state, compute a value out of itAbstraction of the machine: The CPU consists of memory, registers, and flags. Unlike traditional hardware, we assume the program is stored in some other memory area that we need not model. (No self modifying programs!)+ is equipped with an automatically derived ;! instance because each field is ;.2The memory maps 32-bit words to 8-bit words. (The H data-type is defined later, depending on the verification model used.) Flag bank Register bank-Convenient synonym for symbolic machine bits.Mostek was an 8-bit machine.The carry flag () and the zero flag ()XWe model only two registers of Mostek that is used in the above algorithm, can add more.(The memory is addressed by 32-bit words.!Get the value of a given register!Set the value of a given registerGet the value of a flagSet the value of a flag Read memoryWrite to memory-Checking overflow. In Legato's multipler the ADC instruction needs to see if the expression x + y + c overflowed, as checked by this function. Note that we verify the correctness of this check separately below in .Correctness theorem for our  implementation.We have:checkOverflowCorrectQ.E.D.LDX: Set register X to value vLDA: Set register A to value vCLC: Clear the carry flag9ROR, memory version: Rotate the value at memory location aP to the right by 1 bit, using the carry flag as a transfer position. That is, the final bit of the memory location becomes the new carry and the carry moves over to the first bit. This very instruction is one of the reasons why Legato's multiplier is quite hard to understand and is typically presented as a verification challenge.ROR, register version: Same as , except through register r.BCC: branch to label l if the carry flag is false%ADC: Increment the value of register A- by the value of memory contents at address a7, using the carry-bit as the carry-in for the addition.%DEX: Decrement the value of register X%BNE: Branch if the zero-flag is falseThe U combinator "stops" our program, providing the final continuation that does nothing.<Parameterized by the addresses of locations of the factors (F1 and F2f), the following program multiplies them, storing the low-byte of the result in the memory location lowAddr , and the high-byte in register An. The implementation is a direct transliteration of Legato's algorithm given at the top, using our notation.jGiven address/value pairs for F1 and F2, and the location of where the low-byte of the result should go,  runLegato" takes an arbitrary machine state m; and returns the high and low bytes of the multiplication.{Create an instance of the Mostek machine, initialized by the memory and the relevant values of the registers and the flagsNThe correctness theorem. For all possible memory configurations, the factors (x and y below), the location of the low-byte result and the initial-values of registers and the flags, this function will return True only if running Legato's algorithm does indeed compute the product of x and y correctly._The correctness theorem. On a decent MacBook Pro, this proof takes about 3 minutes with the h/ memory model and about 30 minutes with the j% model, using yices as the SMT solverFGenerate a C program that implements Legato's algorithm automatically....&(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneIElement type of lists we'd like to sort. For simplicity, we'll just use ) here, but we can pick any symbolic type.5Merging two given sorted lists, preserving the order.Simple merge-sort implementation. We simply divide the input list in two two halves so long as it has at least two elements, sort each half on its own, and then merge.1Check whether a given sequence is non-decreasing.Check whether two given sequences are permutations. We simply check that each sequence is a subset of the other, when considered as a set. The check is slightly complicated for the need to account for possibly duplicated elements.Asserting correctness of merge-sort for a list of the given size. Note that we can only check correctness for fixed-size lists. Also, the proof will get more and more complicated for the backend SMT solver as nY increases. A value around 5 or 6 should be fairly easy to prove. For instance, we have: correctness 5Q.E.D.3Generate C code for merge-sorting an array of size n. Again, we're restricted to fixed size inputs. While the output is not how one would code merge sort in C by hand, it's a faithful rendering of all the operations merge-sort would do as described by its Haskell counterpart.(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone7Find the multiplier and the mask as described. We have: maskAndMultSatisfiable. Model:% mask = 0x8080808080808080 :: Word64% mult = 0x0002040810204081 :: Word64wThat is, any 64 bit value masked by the first and multipled by the second value above will have its bits at positions [7,15,23,31,39,47,55,63] moved to positions [56,57,58,59,60,61,62,63] respectively.(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneOT IA poor man's representation of powerlists and basic operations on them:  (http://dl.acm.org/citation.cfm?id=1973564 We merely represent power-lists by ordinary lists. The tie operator, concatenation.aThe zip operator, zips the power-lists of the same size, returns a powerlist of double the size.Inverse of zipping.Reference prefix sum (ps) is simply Haskell's scanl1 function.The Ladner-Fischer (lf$) implementation of prefix-sum. See  Jhttp://www.cs.utexas.edu/~plaxton/c/337/05f/slides/ParallelRecursion-4.pdf or pg. 16 of (http://dl.acm.org/citation.cfm?id=197356gCorrectness theorem, for a powerlist of given size, an associative operator, and its left-unit element.NProves Ladner-Fischer is equivalent to reference specification for addition. 0; is the left-unit element, and we use a power-list of size 8.PProves Ladner-Fischer is equivalent to reference specification for the function max. 0; is the left-unit element, and we use a power-list of size 16.A symbolic trace can help illustrate the action of Ladner-Fischer. This generator produces the actions of Ladner-Fischer for addition, showing how the computation proceeds:ladnerFischerTrace 8*INPUTS s0 :: SWord8 s1 :: SWord8 s2 :: SWord8 s3 :: SWord8 s4 :: SWord8 s5 :: SWord8 s6 :: SWord8 s7 :: SWord8 CONSTANTS s_2 = False :: Bool s_1 = True :: BoolTABLESARRAYSUNINTERPRETED CONSTANTSUSER GIVEN CODE SEGMENTSAXIOMSTACTICSGOALSDEFINE s8 :: SWord8 = s0 + s1 s9 :: SWord8 = s2 + s8 s10 :: SWord8 = s2 + s3 s11 :: SWord8 = s8 + s10 s12 :: SWord8 = s4 + s11 s13 :: SWord8 = s4 + s5 s14 :: SWord8 = s11 + s13 s15 :: SWord8 = s6 + s14 s16 :: SWord8 = s6 + s7 s17 :: SWord8 = s13 + s16 s18 :: SWord8 = s11 + s17 CONSTRAINTS ASSERTIONSOUTPUTS s0 s8 s9 s11 s12 s14 s15 s18Trace generator for the reference spec. It clearly demonstrates that the reference implementation fewer operations, but is not parallelizable at all: scanlTrace 8&INPUTS s0 :: SWord8 s1 :: SWord8 s2 :: SWord8 s3 :: SWord8 s4 :: SWord8 s5 :: SWord8 s6 :: SWord8 s7 :: SWord8 CONSTANTS s_2 = False :: Bool s_1 = True :: BoolTABLESARRAYSUNINTERPRETED CONSTANTSUSER GIVEN CODE SEGMENTSAXIOMSTACTICSGOALSDEFINE s8 :: SWord8 = s0 + s1 s9 :: SWord8 = s2 + s8 s10 :: SWord8 = s3 + s9 s11 :: SWord8 = s4 + s10 s12 :: SWord8 = s5 + s11 s13 :: SWord8 = s6 + s12 s14 :: SWord8 = s7 + s13 CONSTRAINTS ASSERTIONSOUTPUTS s0 s8 s9 s10 s11 s12 s13 s14    (c) Levent ErkokBSD3erkokl@gmail.com experimentalNone,Simple function that returns add/sum of argsKGenerate C code for addSub. Here's the output showing the generated C code: genAddSubi%== BEGIN: "Makefile" ================C# Makefile for addSub. Automatically generated by SBV. Do not edit!=# include any user-defined .mk file in the current directory. -include *.mkCC?=gcc0CCFLAGS?=-Wall -O3 -DNDEBUG -fomit-frame-pointerall: addSub_driveraddSub.o: addSub.c addSub.h ${CC} ${CCFLAGS} -c $< -o $@ addSub_driver.o: addSub_driver.c ${CC} ${CCFLAGS} -c $< -o $@'addSub_driver: addSub.o addSub_driver.o ${CC} ${CCFLAGS} $^ -o $@clean: rm -f *.overyclean: clean rm -f addSub_driver%== END: "Makefile" ==================%== BEGIN: "addSub.h" ================J/* Header file for addSub. Automatically generated by SBV. Do not edit! */##ifndef __addSub__HEADER_INCLUDED__##define __addSub__HEADER_INCLUDED__#include <stdio.h>#include <stdlib.h>#include <inttypes.h>#include <stdint.h>#include <stdbool.h>#include <string.h>#include <math.h>/* The boolean type */typedef bool SBool;/* The float type */typedef float SFloat;/* The double type */typedef double SDouble;/* Unsigned bit-vectors */typedef uint8_t SWord8 ;typedef uint16_t SWord16;typedef uint32_t SWord32;typedef uint64_t SWord64;/* Signed bit-vectors */typedef int8_t SInt8 ;typedef int16_t SInt16;typedef int32_t SInt32;typedef int64_t SInt64;/* Entry point prototype: */8void addSub(const SWord8 x, const SWord8 y, SWord8 *sum, SWord8 *dif);(#endif /* __addSub__HEADER_INCLUDED__ */%== END: "addSub.h" ==================,== BEGIN: "addSub_driver.c" ================(/* Example driver program for addSub. */:/* Automatically generated by SBV. Edit as you see fit! */#include <stdio.h>#include "addSub.h"int main(void){ SWord8 sum; SWord8 dif; addSub(132, 241, &sum, &dif);. printf("addSub(132, 241, &sum, &dif) ->\n");$ printf(" sum = %"PRIu8"\n", sum);$ printf(" dif = %"PRIu8"\n", dif); return 0;},== END: "addSub_driver.c" ==================%== BEGIN: "addSub.c" ================D/* File: "addSub.c". Automatically generated by SBV. Do not edit! */#include "addSub.h"8void addSub(const SWord8 x, const SWord8 y, SWord8 *sum, SWord8 *dif){ const SWord8 s0 = x; const SWord8 s1 = y; const SWord8 s2 = s0 + s1; const SWord8 s3 = s0 - s1; *sum = s2; *dif = s3;}%== END: "addSub.c" ==================(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneThe USB CRC polynomial:  x^5 + x^2 + 1. Although this polynomial needs just 6 bits to represent (5 if higher order bit is implicitly assumed to be set), we'll simply use a 16 bit number for its representation to keep things simple for code generation purposes. Given an 11 bit message, compute the CRC of it using the USB polynomial, which is 5 bits, and then append it to the msg to get a 16-bit word. Again, the incoming 11-bits is represented as a 16-bit word, with 5 highest bits essentially ignored for input purposes.(Alternate method for computing the CRC, mathematically. We shift the number to the left by 5, and then compute the remainder from the polynomial division by the USB polynomial. The result is then appended to the end of the message.Prove that the custom ^ function is equivalent to the mathematical definition of CRC's for 11 bit messages. We have:crcGoodQ.E.D.OGenerate a C function to compute the USB CRC, using the internal CRC function.Generate a C function to compute the USB CRC, using the mathematical definition of the CRCs. While this version generates functionally eqivalent C code, it's less efficient; it has about 30% more code. So, the above version is preferable for code generation purposes.(c) Lee Pike, Levent ErkokBSD3erkokl@gmail.com experimentalNonecThis is a naive implementation of fibonacci, and will work fine (albeit slow) for concrete inputs:map fib0 [0..6]\[0 :: SWord64,1 :: SWord64,1 :: SWord64,2 :: SWord64,3 :: SWord64,5 :: SWord64,8 :: SWord64]However, it is not suitable for doing proofs or generating code, as it is not symbolically terminating when it is called with a symbolic value n. When we recursively call fib0 on n-1 (or n-2), the test against 0 will always explore both branches since the result will be symbolic, hence will not terminate. (An integrated theorem prover can establish termination after a certain number of unrollings, but this would be quite expensive to implement, and would be impractical.)cThe recursion-depth limited version of fibonacci. Limiting the maximum number to be 20, we can say:map (fib1 20) [0..6]\[0 :: SWord64,1 :: SWord64,1 :: SWord64,2 :: SWord64,3 :: SWord64,5 :: SWord64,8 :: SWord64]KThe function will work correctly, so long as the index we query is at most top*, and otherwise will return the value at top}. Note that we also use accumulating parameters here for efficiency, although this is orthogonal to the termination concern.A note on modular arithmetic: The 64-bit word we use to represent the values will of course eventually overflow, beware! Fibonacci is a fast growing function..We can generate code for  using the T action. Note that the generated code will grow larger as we pick larger values of topI, but only linearly, thanks to the accumulating parameter trick used by D. The following is an excerpt from the code generated for the call  genFib1 10;, where the code will work correctly for indexes up to 10: SWord64 fib1(const SWord64 x) { const SWord64 s0 = x; const SBool s2 = s0 == 0x0000000000000000ULL; const SBool s4 = s0 == 0x0000000000000001ULL; const SBool s6 = s0 == 0x0000000000000002ULL; const SBool s8 = s0 == 0x0000000000000003ULL; const SBool s10 = s0 == 0x0000000000000004ULL; const SBool s12 = s0 == 0x0000000000000005ULL; const SBool s14 = s0 == 0x0000000000000006ULL; const SBool s17 = s0 == 0x0000000000000007ULL; const SBool s19 = s0 == 0x0000000000000008ULL; const SBool s22 = s0 == 0x0000000000000009ULL; const SWord64 s25 = s22 ? 0x0000000000000022ULL : 0x0000000000000037ULL; const SWord64 s26 = s19 ? 0x0000000000000015ULL : s25; const SWord64 s27 = s17 ? 0x000000000000000dULL : s26; const SWord64 s28 = s14 ? 0x0000000000000008ULL : s27; const SWord64 s29 = s12 ? 0x0000000000000005ULL : s28; const SWord64 s30 = s10 ? 0x0000000000000003ULL : s29; const SWord64 s31 = s8 ? 0x0000000000000002ULL : s30; const SWord64 s32 = s6 ? 0x0000000000000001ULL : s31; const SWord64 s33 = s4 ? 0x0000000000000001ULL : s32; const SWord64 s34 = s2 ? 0x0000000000000000ULL : s33; return s34; },Compute the fibonacci numbers statically at code-generation0 time and put them in a table, accessed by the = call.  Once we have s, we can generate the C code straightforwardly. Below is an excerpt from the code that SBV generates for the call  genFib2 64. Note that this code is a constant-time look-up table implementation of fibonacci, with no run-time overhead. The index can be made arbitrarily large, naturally. (Note that this function returns 0> if the index is larger than 64, as specified by the call to = with default 0.) SSWord64 fibLookup(const SWord64 x) { const SWord64 s0 = x; static const SWord64 table0[] = { 0x0000000000000000ULL, 0x0000000000000001ULL, 0x0000000000000001ULL, 0x0000000000000002ULL, 0x0000000000000003ULL, 0x0000000000000005ULL, 0x0000000000000008ULL, 0x000000000000000dULL, 0x0000000000000015ULL, 0x0000000000000022ULL, 0x0000000000000037ULL, 0x0000000000000059ULL, 0x0000000000000090ULL, 0x00000000000000e9ULL, 0x0000000000000179ULL, 0x0000000000000262ULL, 0x00000000000003dbULL, 0x000000000000063dULL, 0x0000000000000a18ULL, 0x0000000000001055ULL, 0x0000000000001a6dULL, 0x0000000000002ac2ULL, 0x000000000000452fULL, 0x0000000000006ff1ULL, 0x000000000000b520ULL, 0x0000000000012511ULL, 0x000000000001da31ULL, 0x000000000002ff42ULL, 0x000000000004d973ULL, 0x000000000007d8b5ULL, 0x00000000000cb228ULL, 0x0000000000148addULL, 0x0000000000213d05ULL, 0x000000000035c7e2ULL, 0x00000000005704e7ULL, 0x00000000008cccc9ULL, 0x0000000000e3d1b0ULL, 0x0000000001709e79ULL, 0x0000000002547029ULL, 0x0000000003c50ea2ULL, 0x0000000006197ecbULL, 0x0000000009de8d6dULL, 0x000000000ff80c38ULL, 0x0000000019d699a5ULL, 0x0000000029cea5ddULL, 0x0000000043a53f82ULL, 0x000000006d73e55fULL, 0x00000000b11924e1ULL, 0x000000011e8d0a40ULL, 0x00000001cfa62f21ULL, 0x00000002ee333961ULL, 0x00000004bdd96882ULL, 0x00000007ac0ca1e3ULL, 0x0000000c69e60a65ULL, 0x0000001415f2ac48ULL, 0x000000207fd8b6adULL, 0x0000003495cb62f5ULL, 0x0000005515a419a2ULL, 0x00000089ab6f7c97ULL, 0x000000dec1139639ULL, 0x000001686c8312d0ULL, 0x000002472d96a909ULL, 0x000003af9a19bbd9ULL, 0x000005f6c7b064e2ULL, 0x000009a661ca20bbULL }; const SWord64 s65 = s0 >= 65 ? 0x0000000000000000ULL : table0[s0]; return s65; }(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone>The symbolic GCD algorithm, over two 8-bit numbers. We define sgcd a 0 to be a for all a, which implies  sgcd 0 0 = 0. Note that this is essentially Euclid's algorithm, except with a recursion depth counter. We need the depth counter since the algorithm is not symbolically terminatingE, as we don't have a means of determining that the second argument (b) will eventually reach 0 in a symbolic context. Hence we stop after 12 iterations. Why 12? We've empirically determined that this algorithm will recurse at most 12 times for arbitrary 8-bit numbers. Of course, this is a claim that we shall prove below.We have:prove sgcdIsCorrectQ.E.D.`This call will generate the required C files. The following is the function body generated for ,. (We are not showing the generated header, Makefile, and the driver programs for brevity.) Note that the generated function is a constant time algorithm for GCD. It is not necessarily fastest, but it will take precisely the same amount of time for all values of x and y. (/* File: "sgcd.c". Automatically generated by SBV. Do not edit! */ #include <stdio.h> #include <stdlib.h> #include <inttypes.h> #include <stdint.h> #include <stdbool.h> #include "sgcd.h" SWord8 sgcd(const SWord8 x, const SWord8 y) { const SWord8 s0 = x; const SWord8 s1 = y; const SBool s3 = s1 == 0; const SWord8 s4 = (s1 == 0) ? s0 : (s0 % s1); const SWord8 s5 = s3 ? s0 : s4; const SBool s6 = 0 == s5; const SWord8 s7 = (s5 == 0) ? s1 : (s1 % s5); const SWord8 s8 = s6 ? s1 : s7; const SBool s9 = 0 == s8; const SWord8 s10 = (s8 == 0) ? s5 : (s5 % s8); const SWord8 s11 = s9 ? s5 : s10; const SBool s12 = 0 == s11; const SWord8 s13 = (s11 == 0) ? s8 : (s8 % s11); const SWord8 s14 = s12 ? s8 : s13; const SBool s15 = 0 == s14; const SWord8 s16 = (s14 == 0) ? s11 : (s11 % s14); const SWord8 s17 = s15 ? s11 : s16; const SBool s18 = 0 == s17; const SWord8 s19 = (s17 == 0) ? s14 : (s14 % s17); const SWord8 s20 = s18 ? s14 : s19; const SBool s21 = 0 == s20; const SWord8 s22 = (s20 == 0) ? s17 : (s17 % s20); const SWord8 s23 = s21 ? s17 : s22; const SBool s24 = 0 == s23; const SWord8 s25 = (s23 == 0) ? s20 : (s20 % s23); const SWord8 s26 = s24 ? s20 : s25; const SBool s27 = 0 == s26; const SWord8 s28 = (s26 == 0) ? s23 : (s23 % s26); const SWord8 s29 = s27 ? s23 : s28; const SBool s30 = 0 == s29; const SWord8 s31 = (s29 == 0) ? s26 : (s26 % s29); const SWord8 s32 = s30 ? s26 : s31; const SBool s33 = 0 == s32; const SWord8 s34 = (s32 == 0) ? s29 : (s29 % s32); const SWord8 s35 = s33 ? s29 : s34; const SBool s36 = 0 == s35; const SWord8 s37 = s36 ? s32 : s35; const SWord8 s38 = s33 ? s29 : s37; const SWord8 s39 = s30 ? s26 : s38; const SWord8 s40 = s27 ? s23 : s39; const SWord8 s41 = s24 ? s20 : s40; const SWord8 s42 = s21 ? s17 : s41; const SWord8 s43 = s18 ? s14 : s42; const SWord8 s44 = s15 ? s11 : s43; const SWord8 s45 = s12 ? s8 : s44; const SWord8 s46 = s9 ? s5 : s45; const SWord8 s47 = s6 ? s1 : s46; const SWord8 s48 = s3 ? s0 : s47; return s48; }(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone(Given a 64-bit quantity, the simplest (and obvious) way to count the number of bits that are set in it is to simply walk through all the bits and add 1 to a running count. This is slow, as it requires 64 iterations, but is simple and easy to convince yourself that it is correct. For instance:popCountSlow 0x0123456789ABCDEF 32 :: SWord8Faster version. This is essentially the same algorithm, except we go 8 bits at a time instead of one by one, by using a precomputed table of population-count values for each byte. This algorithm loops= only 8 times, and hence is at least 8 times more efficient.Look-up table, containing population counts for all possible 8-bit value, from 0 to 255. Note that we do not "hard-code" the values, but merely use the slow version to compute them.States the correctness of faster population-count algorithm, with respect to the reference slow version. (We use yices here as it's quite fast for this problem. Z3 seems to take much longer.) We have:%proveWith yices fastPopCountIsCorrectQ.E.D.Not only we can prove that faster version is correct, but we can also automatically generate C code to compute population-counts for us. This action will generate all the C files that you will need, including a driver program for test purposes.'Below is the generated header file for :genPopCountInC%== BEGIN: "Makefile" ================E# Makefile for popCount. Automatically generated by SBV. Do not edit!=# include any user-defined .mk file in the current directory. -include *.mkCC?=gcc0CCFLAGS?=-Wall -O3 -DNDEBUG -fomit-frame-pointerall: popCount_driver!popCount.o: popCount.c popCount.h ${CC} ${CCFLAGS} -c $< -o $@$popCount_driver.o: popCount_driver.c ${CC} ${CCFLAGS} -c $< -o $@-popCount_driver: popCount.o popCount_driver.o ${CC} ${CCFLAGS} $^ -o $@clean: rm -f *.overyclean: clean rm -f popCount_driver%== END: "Makefile" =================='== BEGIN: "popCount.h" ================L/* Header file for popCount. Automatically generated by SBV. Do not edit! */%#ifndef __popCount__HEADER_INCLUDED__%#define __popCount__HEADER_INCLUDED__#include <stdio.h>#include <stdlib.h>#include <inttypes.h>#include <stdint.h>#include <stdbool.h>#include <string.h>#include <math.h>/* The boolean type */typedef bool SBool;/* The float type */typedef float SFloat;/* The double type */typedef double SDouble;/* Unsigned bit-vectors */typedef uint8_t SWord8 ;typedef uint16_t SWord16;typedef uint32_t SWord32;typedef uint64_t SWord64;/* Signed bit-vectors */typedef int8_t SInt8 ;typedef int16_t SInt16;typedef int32_t SInt32;typedef int64_t SInt64;/* Entry point prototype: */!SWord8 popCount(const SWord64 x);*#endif /* __popCount__HEADER_INCLUDED__ */'== END: "popCount.h" ==================.== BEGIN: "popCount_driver.c" ================*/* Example driver program for popCount. */:/* Automatically generated by SBV. Edit as you see fit! */#include <stdio.h>#include "popCount.h"int main(void){: const SWord8 __result = popCount(0x1b02e143e4f0e0e5ULL);C printf("popCount(0x1b02e143e4f0e0e5ULL) = %"PRIu8"\n", __result); return 0;}.== END: "popCount_driver.c" =================='== BEGIN: "popCount.c" ================F/* File: "popCount.c". Automatically generated by SBV. Do not edit! */#include "popCount.h" SWord8 popCount(const SWord64 x){ const SWord64 s0 = x;" static const SWord8 table0[] = {G 0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4, 1, 2, 2, 3, 2, 3,G 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4,G 3, 4, 4, 5, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 1, 2,G 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 2, 3, 3, 4, 3, 4, 4, 5,G 3, 4, 4, 5, 4, 5, 5, 6, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5,G 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 1, 2, 2, 3,G 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4,G 4, 5, 4, 5, 5, 6, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,G 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 2, 3, 3, 4, 3, 4,G 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6,G 5, 6, 6, 7, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 4, 5,. 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8 };1 const SWord64 s11 = s0 & 0x00000000000000ffULL;" const SWord8 s12 = table0[s11]; const SWord64 s13 = s0 >> 8;2 const SWord64 s14 = 0x00000000000000ffULL & s13;" const SWord8 s15 = table0[s14]; const SWord8 s16 = s12 + s15; const SWord64 s17 = s13 >> 8;2 const SWord64 s18 = 0x00000000000000ffULL & s17;" const SWord8 s19 = table0[s18]; const SWord8 s20 = s16 + s19; const SWord64 s21 = s17 >> 8;2 const SWord64 s22 = 0x00000000000000ffULL & s21;" const SWord8 s23 = table0[s22]; const SWord8 s24 = s20 + s23; const SWord64 s25 = s21 >> 8;2 const SWord64 s26 = 0x00000000000000ffULL & s25;" const SWord8 s27 = table0[s26]; const SWord8 s28 = s24 + s27; const SWord64 s29 = s25 >> 8;2 const SWord64 s30 = 0x00000000000000ffULL & s29;" const SWord8 s31 = table0[s30]; const SWord8 s32 = s28 + s31; const SWord64 s33 = s29 >> 8;2 const SWord64 s34 = 0x00000000000000ffULL & s33;" const SWord8 s35 = table0[s34]; const SWord8 s36 = s32 + s35; const SWord64 s37 = s33 >> 8;2 const SWord64 s38 = 0x00000000000000ffULL & s37;" const SWord8 s39 = table0[s38]; const SWord8 s40 = s36 + s39; return s40;}'== END: "popCount.c" ==================(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneVA definition of shiftLeft that can deal with variable length shifts. (Note that the `` method from the } class requires an  shift amount.) Unfortunately, this'll generate rather clumsy C code due to the use of tables etc., so we uninterpret it for code generation purposes using the 9 function.Test function that uses shiftLeft defined above. When used as a normal Haskell function or in verification the definition is fully used, i.e., no uninterpretation happens. To wit, we have:tstShiftLeft 3 4 5224 :: SWord32,prove $ \x y -> tstShiftLeft x y 0 .== x + yQ.E.D.Generate C code for "tstShiftLeft". In this case, SBV will *use* the user given definition verbatim, instead of generating code for it. (Also see the functions , , and .)(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneF-,The key schedule. AES executes in rounds, and it treats first and last round keys slightly differently than the middle ones. We reflect that choice by being explicit about it in our type. The length of the middle list of keys depends on the key-size, which in turn determines the number of rounds.WThe key, which can be 128, 192, or 256 bits. Represented as a sequence of 32-bit words.AES state. The state consists of four 32-bit words, each of which is in turn treated as four GF28's, i.e., 4 bytes. The T-Box implementation keeps the four-bytes together for efficient representation.An element of the Galois Field 2^8, which are essentially polynomials with maximum degree 7. They are conveniently represented as values between 0 and 255.lMultiplication in GF(2^8). This is simple polynomial multipliation, followed by the irreducible polynomial x^8+x^4+x^3+x^1+1. We simply use the 0 function exported by SBV to do the operation. Exponentiation by a constant in GF(2^8). The implementation uses the usual square-and-multiply trick to speed up the computation.yComputing inverses in GF(2^8). By the mathematical properties of GF(2^8) and the particular irreducible polynomial used x^8+x^5+x^3+x^1+1{, it turns out that raising to the 254 power gives us the multiplicative inverse. Of course, we can prove this using SBV::prove $ \x -> x ./= 0 ==> x `gf28Mult` gf28Inverse x .== 1Q.E.D.Note that we exclude 0? in our theorem, as it does not have a multiplicative inverse.4Conversion from 32-bit words to 4 constituent bytes.:Conversion from 4 bytes, back to a 32-bit row, inverse of R above. We have the following simple theorems stating this relationship formally:Eprove $ \a b c d -> toBytes (fromBytes [a, b, c, d]) .== [a, b, c, d]Q.E.D.)prove $ \r -> fromBytes (toBytes r) .== rQ.E.D.4Rotating a state row by a fixed amount to the right.ODefinition of round-constants, as specified in Section 5.2 of the AES standard.The  InvMixColumns transformation, as described in Section 5.3.3 of the standard. Note that this transformation is only used explicitly during key-expansion in the T-Box implementation of AES.Key expansion. Starting with the given key, returns an infinite sequence of words, as described by the AES standard, Section 5.2, Figure 11.7The values of the AES S-box table. Note that we describe the S-box programmatically using the mathematical construction given in Section 5.1.1 of the standard. However, the code-generation will turn this into a mere look-up table, as it is just a constant table, all computation being done at "compile-time".wThe sbox transformation. We simply select from the sbox table. Note that we are obliged to give a default value (here 0A) to be used if the index is out-of-bounds as required by SBV's =W function. However, that will never happen since the table has all 256 elements in it.OThe values of the inverse S-box table. Again, the construction is programmatic.!The inverse s-box transformation.Prove that the  and  are inverses. We have:prove sboxInverseCorrectQ.E.D.Adding the round-key to the current state. We simply exploit the fact that addition is just xor in implementing this transformation..T-box table generation function for encryption&First look-up table used in encryption'Second look-up table used in encryption&Third look-up table used in encryption'Fourth look-up table used in encryption.T-box table generating function for decryption&First look-up table used in decryption 'Second look-up table used in decryption &Third look-up table used in decryption 'Fourth look-up table used in decryption Generic round function. Given the function to perform one round, a key-schedule, and a starting state, it performs the AES rounds. One encryption round. The first argument indicates whether this is the final round or not, in which case the construction is slightly different.|One decryption round. Similar to the encryption round, the first argument indicates whether this is the final round or not.Key schedule. Given a 128, 192, or 256 bit key, expand it to get key-schedules for encryption and decryption. The key is given as a sequence of 32-bit words. (4 elements for 128-bits, 6 for 192, and 8 for 256.)Block encryption. The first argument is the plain-text, which must have precisely 4 elements, for a total of 128-bits of input. The second argument is the key-schedule to be used, obtained by a call to H. The output will always have 4 32-bit words, which is the cipher-text.3Block decryption. The arguments are the same as in `, except the first argument is the cipher-text and the output is the corresponding plain-text.?128-bit encryption test, from Appendix C.1 of the AES standard:map hex t128Enc-["69c4e0d8","6a7b0430","d8cdb780","70b4c55a"]?128-bit decryption test, from Appendix C.1 of the AES standard:map hex t128Dec-["00112233","44556677","8899aabb","ccddeeff"]?192-bit encryption test, from Appendix C.2 of the AES standard:map hex t192Enc-["dda97ca4","864cdfe0","6eaf70a0","ec0d7191"]?192-bit decryption test, from Appendix C.2 of the AES standard:map hex t192Dec-["00112233","44556677","8899aabb","ccddeeff"]:256-bit encryption, from Appendix C.3 of the AES standard:map hex t256Enc-["8ea2b7ca","516745bf","eafc4990","4b496089"]:256-bit decryption, from Appendix C.3 of the AES standard:map hex t256Dec-["00112233","44556677","8899aabb","ccddeeff"];Correctness theorem for 128-bit AES. Ideally, we would run:  prove aes128IsCorrect >to get a proof automatically. Unfortunately, while SBV will successfully generate the proof obligation for this theorem and ship it to the SMT solver, it would be naive to expect the SMT-solver to finish that proof in any reasonable time with the currently available SMT solving technologies. Instead, we can issue:  quickCheck aes128IsCorrect and get some degree of confidence in our code. Similar predicates can be easily constructed for 192, and 256 bit cases as well.+Code generation for 128-bit AES encryption.]The following sample from the generated code-lines show how T-Boxes are rendered as C arrays: . static const SWord32 table1[] = { 0xc66363a5UL, 0xf87c7c84UL, 0xee777799UL, 0xf67b7b8dUL, 0xfff2f20dUL, 0xd66b6bbdUL, 0xde6f6fb1UL, 0x91c5c554UL, 0x60303050UL, 0x02010103UL, 0xce6767a9UL, 0x562b2b7dUL, 0xe7fefe19UL, 0xb5d7d762UL, 0x4dababe6UL, 0xec76769aUL, ... } The generated program has 5 tables (one sbox table, and 4-Tboxes), all converted to fast C arrays. Here is a sample of the generated straightline C-code: * const SWord8 s1915 = (SWord8) s1912; const SWord8 s1916 = table0[s1915]; const SWord16 s1917 = (((SWord16) s1914) << 8) | ((SWord16) s1916); const SWord32 s1918 = (((SWord32) s1911) << 16) | ((SWord32) s1917); const SWord32 s1919 = s1844 ^ s1918; const SWord32 s1920 = s1903 ^ s1919; xThe GNU C-compiler does a fine job of optimizing this straightline code to generate a fairly efficient C implementation.KComponents of the AES-128 implementation that the library is generated fromEGenerate a C library, containing functions for performing 128-bit encdeckey-expansion. A note on performance: In a very rough speed test, the generated code was able to do 6.3 million block encryptions per second on a decent MacBook Pro. On the same machine, OpenSSL reports 8.2 million block encryptions per second. So, the generated code is about 25% slower as compared to the highly optimized OpenSSL implementation. (Note that the speed test was done somewhat simplistically, so these numbers should be considered very rough estimates.)-     plain-text words key-words+True if round-trip gives us plain-text back-     -     -     (c) Austin SeippBSD3erkokl@gmail.com experimentalNoneT :Represents the current state of the RC4 stream: it is the S array along with the i and j index values used by the PRGA.The key is a stream of H values.ZRC4 State contains 256 8-bit values. We use the symbolically accessible full-binary type ~ to represent the state, since RC4 needs access to the array via a symbolic index and it's important to minimize access time.SConstruct the fully balanced initial tree, where the leaves are simply the numbers 0 through 255. $Swaps two elements in the RC4 array.!ZImplements the PRGA used in RC4. We return the new state and the next key value generated."@Constructs the state to be used by the PRGA using the given key.#CThe key-schedule. Note that this function returns an infinite list.$0Generate a key-schedule from a given key-string.%pRC4 encryption. We generate key-words and xor it with the input. The following test-vectors are from Wikipedia  http://en.wikipedia.org/wiki/RC4:)concatMap hex $ encrypt "Key" "Plaintext""bbf316e8d940af0ad3"&concatMap hex $ encrypt "Wiki" "pedia" "1021bf0420"1concatMap hex $ encrypt "Secret" "Attack at dawn""45a01f645fc35b383552544b9bf5"&WRC4 decryption. Essentially the same as decryption. For the above test vectors we have:Ddecrypt "Key" [0xbb, 0xf3, 0x16, 0xe8, 0xd9, 0x40, 0xaf, 0x0a, 0xd3] "Plaintext"-decrypt "Wiki" [0x10, 0x21, 0xbf, 0x04, 0x20]"pedia"edecrypt "Secret" [0x45, 0xa0, 0x1f, 0x64, 0x5f, 0xc3, 0x5b, 0x38, 0x35, 0x52, 0x54, 0x4b, 0x9b, 0xf5]"Attack at dawn"'Prove that round-trip encryption/decryption leaves the plain-text unchanged. The theorem is stated parametrically over key and plain-text sizes. The expression performs the proof for a 40-bit key (5 bytes) and 40-bit plaintext (again 5 bytes).Note that this theorem is trivial to prove, since it is essentially establishing xor'in the same value twice leaves a word unchanged (i.e., x  y  y = xk). However, the proof takes quite a while to complete, as it gives rise to a fairly large symbolic trace.  !"#$%&'  !"#$%&'  !"#$%&'  !"#$%&'(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone(kSBV doesn't support 48 bit words natively. So, we represent them as a tuple, 32 high-bits and 16 low-bits.)FCompute the 16 bit CRC of a 48 bit message, using the given polynomial*ACount the differing bits in the message and the corresponding CRC+Given a hamming distance value hd, + returns trueJ if the 16 bit polynomial can distinguish all messages that has at most hd? different bits. Note that we express this conversely: If the sent and receivedy messages are different, then it must be the case that that must differ from each other (including CRCs), in more than hd bits.,KGenerate good CRC polynomials for 48-bit words, given the hamming distance hd.-aFind and display all degree 16 polynomials with hamming distance at least 4, for 48 bit messages.When run, this function prints:  Polynomial #1. x^16 + x^2 + x + 1 Polynomial #2. x^16 + x^15 + x^2 + 1 Polynomial #3. x^16 + x^15 + x^2 + x + 1 Polynomial #4. x^16 + x^14 + x^10 + 1 Polynomial #5. x^16 + x^14 + x^9 + 1 ... Note that different runs can produce different results, depending on the random numbers used by the solver, solver version, etc. (Also, the solver will take some time to generate these results. On my machine, the first five polynomials were generated in about 5 minutes.)()*+,-()*+,-()*+,-()*+,-(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone.For a homogeneous problem, the solution is any linear combination of the resulting vectors. For a non-homogeneous problem, the solution is any linear combination of the vectors in the second component plus one of the vectors in the first component.1ldn: Solve a (L)inear (D)iophantine equation, returning minimal solutions over (N)aturals. The input is given as a rows of equations, with rhs values separated into a tuple.2Find the basis solution. By definition, the basis has all non-trivial (i.e., non-0) solutions that cannot be written as the sum of two other solutions. We use the mathematically equivalent statement that a solution is in the basis if it's least according to the lexicographic order using the ordinary less-than relation. (NB. We explicitly tell z3 to use the logic AUFLIA for this problem, as the BV solver that is chosen automatically has a performance issue. See:  #https://z3.codeplex.com/workitem/88.)3Solve the equation: 2x + y - z = 2We have:test2NonHomogeneous [[0,2,0],[1,0,0]] [[0,1,1],[1,0,2]]/which means that the solutions are of the form: 9(1, 0, 0) + k (0, 1, 1) + k' (1, 0, 2) = (1+k', k, k+2k')OR 9(0, 2, 0) + k (0, 1, 1) + k' (1, 0, 2) = (k', 2+k, k+2k')for arbitrary k, k'. It's easy to see that these are really solutions to the equation given. It's harder to see that they cover all possibilities, but a moments thought reveals that is indeed the case.4A puzzle: Five sailors and a monkey escape from a naufrage and reach an island with coconuts. Before dawn, they gather a few of them and decide to sleep first and share the next day. At night, however, one of them awakes, counts the nuts, makes five parts, gives the remaining nut to the monkey, saves his share away, and sleeps. All other sailors do the same, one by one. When they all wake up in the morning, they again make 5 shares, and give the last remaining nut to the monkey. How many nuts were there at the beginning?7We can model this as a series of diophantine equations:  x_0 = 5 x_1 + 1 4 x_1 = 5 x_2 + 1 4 x_2 = 5 x_3 + 1 4 x_3 = 5 x_4 + 1 4 x_4 = 5 x_5 + 1 4 x_5 = 5 x_6 + 1 5We need to solve for x_0, over the naturals. We have:sailors%[15621,3124,2499,1999,1599,1279,1023]That is:  * There was a total of 15621 coconuts * 1st sailor: 15621 = 3124*5+1, leaving 15621-3124-1 = 12496 * 2nd sailor: 12496 = 2499*5+1, leaving 12496-2499-1 = 9996 * 3rd sailor: 9996 = 1999*5+1, leaving 9996-1999-1 = 7996 * 4th sailor: 7996 = 1599*5+1, leaving 7996-1599-1 = 6396 * 5th sailor: 6396 = 1279*5+1, leaving 6396-1279-1 = 5116 * In the morning, they had: 5116 = 1023*5+1. Note that this is the minimum solution, that is, we are guaranteed that there's no solution with less number of coconuts. In fact, any member of [15625*k-4 | k <- [1..]] is a solution, i.e., so are 31246, 46871, 62496, 78121, etc../01234./01234./01234./01234(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone6+A simple predicate, based on two variables x and y , true when  0 <= x <= 1 and  x - abs y is 0.7=Generate all satisfying assignments for our problem. We have: allModels Solution #1: x = 0 :: Integer y = 0 :: Integer Solution #2: x = 1 :: Integer y = -1 :: Integer Solution #3: x = 1 :: Integer y = 1 :: IntegerFound 3 different solutions.Note that solutions 2 and 3 share the value x = 1&, since there are multiple values of y% that make this particular choice of x satisfy our constraint.8@Generate all satisfying assignments, but we first tell SBV that yM should not be considered as a model problem, i.e., it's auxiliary. We have:modelsWithYAux Solution #1: x = 0 :: Integer Solution #2: x = 1 :: IntegerFound 2 different solutions.GNote that we now have only two solutions, one for each unique value of x that satisfy our constraint.678678678678(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone07T9(Give a name to the symbolic variants of :, for convenience:A simple enumerated type, that we'd like to translate to SMT-Lib intact; i.e., this type will not be uninterpreted but rather preserved and will be just like any other symbolic type SBV provides. Note the automatically derived classes we need: , ~, , , , t, ', and ". (The last one is only needed if  and friends are used.)Also note that we need to import Data.Generics and have the LANGUAGE option DeriveDataTypeable and DeriveAnyClass set.>BHave the SMT solver enumerate the elements of the domain. We have:elts Solution #1: s0 = B :: E Solution #2: s0 = A :: E Solution #3: s0 = C :: EFound 3 different solutions.?9Shows that if we require 4 distinct elements of the type :A, we shall fail; as the domain only has three elements. We have:four Unsatisfiable@xEnumerations are automatically ordered, so we can ask for the maximum element. Note the use of quantification. We have:maxESatisfiable. Model: maxE = C :: EA/Similarly, we get the minumum element. We have:minESatisfiable. Model: minE = A :: E 9:;<=>?@A 9:=;<>?@A :;<=9>?@A9:;<=>?@A(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneTI}Prove that floating point addition is not associative. For illustration purposes, we will require one of the inputs to be a NaN . We have:prove $ assocPlus (0/0)Falsifiable. Counter-example: s0 = 0.0 :: Float s1 = 0.0 :: FloatIndeed:let i = 0/0 :: Floati + (0.0 + 0.0)NaN((i + 0.0) + 0.0)NaNBut keep in mind that NaN< does not equal itself in the floating point world! We have:$let nan = 0/0 :: Float in nan == nanFalseJ:Prove that addition is not associative, even if we ignore NaN/Infinity+ values. To do this, we use the predicate -, which is true of a floating point number ( or ) if it is neither NaN nor InfinityA. (That is, it's a representable point in the real-number line.)We have:assocPlusRegularFalsifiable. Counter-example: x = 1.9259302e-34 :: Float y = -1.9259117e-34 :: Float z = -1.814176e-39 :: FloatIndeed, we have:A((1.9259302e-34) + ((-1.9259117e-34) + (-1.814176e-39))) :: Float 3.4438e-41C(((1.9259302e-34) + ((-1.9259117e-34))) + (-1.814176e-39)) :: Float 3.4014e-41*Note the difference between two additions!KDemonstrate that a+b = a does not necessarily mean b is 0O in the floating point world, even when we disallow the obvious solution when a and b are  Infinity. We have:nonZeroAdditionFalsifiable. Counter-example: a = 2.424457e-38 :: Float b = -1.0e-45 :: FloatIndeed, we have:6(2.424457e-38 + (-1.0e-45)) == (2.424457e-38 :: Float)TrueBut:-1.0e-45 == (0 :: Float)FalseLThis example illustrates that  a * (1/a) does not necessarily equal 1). Again, we protect against division by 0 and NaN/Infinity.We have: multInverseFalsifiable. Counter-example:& a = 1.119056263978578e-308 :: DoubleIndeed, we have:(let a = 1.119056263978578e-308 :: Double a * (1/a)0.9999999999999999MOne interesting aspect of floating-point is that the chosen rounding-mode can effect the results of a computation if the exact result cannot be precisely represented. SBV exports the functions , , , ,  and 2 which allows users to specify the IEEE supported ) for the operation. (Also see the class  RoundingFloat.) This example illustrates how SBV can be used to find rounding-modes where, for instance, addition can produce different results. We have: roundingAddSatisfiable. Model:* rm = RoundTowardPositive :: RoundingMode# x = -256.0 :: Float# y = 4.6475088e-10 :: Float(Note that depending on your version of Z3, you might get a different result.) Unfortunately we can't directly validate this result at the Haskell level, as Haskell only supports  . We have:!(-256.0 + 4.6475088e-10) :: Float-256.09While we cannot directly see the result when the mode is C in Haskell, we can use SBV to provide us with that result thusly:Osat $ \z -> z .== fpAdd sRoundTowardPositive (-256.0) (4.6475088e-10 :: SFloat)Satisfiable. Model: s0 = -255.99998 :: Float:We can see why these two resuls are indeed different: The RoundTowardsPositivek (which rounds towards positive-infinity) produces a larger result. Indeed, if we treat these numbers as  values, we get:"(-256.0 + 4.6475088e-10) :: Double-255.99999999953525>we see that the "more precise" result is larger than what the - value is, justifying the larger value with . A more detailed study is beyond our current scope, so we'll merely -- note that floating point representation and semantics is indeed a thorny subject, and point to  Phttps://ece.uwaterloo.ca/~dwharder/NumericalAnalysis/02Numerics/Double/paper.pdf as an excellent guide.IJKLMIJKLMIJKLMIJKLM (c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneNA simple function to generate a new integer value, that is not in the given set of values. We also require the value to be non-negativeOWe now use "outside" repeatedly to generate 10 integers, such that we not only disallow previously generated elements, but also any value that differs from previous solutions by less than 5. Here, we use the < function. We could have also extracted the dictionary via < and did fancier programming as well, as necessary. We have:genVals[45,40,35,30,25,20,15,10,5,0]NONONONO!(c) Levent ErkokBSD3erkokl@gmail.com experimentalNonePhA simple variant of division, where we explicitly require the caller to make sure the divisor is not 0.Q#Check whether an arbitrary call to P5 is safe. Clearly, we do not expect this to be safe:test1][Data/SBV/Examples/Misc/NoDiv0.hs:36:14:checkedDiv: Divisor should not be 0: Violated. Model: s0 = 0 :: Int32 s1 = 0 :: Int32]RVRepeat the test, except this time we explicitly protect against the bad case. We have:test2d[Data/SBV/Examples/Misc/NoDiv0.hs:44:41:checkedDiv: Divisor should not be 0: No violations detected]PQRPQRPQRPQR"(c) Brian HuffmanBSD3erkokl@gmail.com experimentalNone09;<=SSWord4 type synonymTWord4 as a newtype. Invariant: Word4 x should satisfy x < 16.V3Smart constructor; simplifies conversion from Word8WJoining splitting to from Word8XConversion from bitsY)SIntegral instance, using default methodsZ)SDvisible instance, using default methods[%SDvisible instance, using 0-extension\:SatModel instance, merely uses the generic parsing method.]CHasKind instance; simply returning the underlying kind for the type^BSymWord instance, allowing this type to be used in proofs/sat etc._$Random instance, used in quick-check` Bits instanceaIntegral instance, again using Word8 instance and casting. NB. we do not need to use the smart constructor here as neither the quotient nor the remainder can overflow a Word4.b,Real instance simply uses the Word8 instancecDNum instance, merely lifts underlying 8-bit operation and casts backd#Enum instance, trivial definitions.eBounded instance; from 0 to 255f3Read instance. We read as an 8-bit word, and coerceg Show instanceSTUVWXYZ[\]^_`abcdefgSTUVTUVgfedcba`_S^]\[ZYXWSTUVWXYZ[\]^_`abcdefg#(c) Levent ErkokBSD3erkokl@gmail.com experimentalNonek Taken from 6http://people.brunel.ac.uk/~mastjjb/jeb/or/morelp.htmlmaximize 5x1 + 6x2 subject to  x1 + x2 <= 10 x1 - x2 >= 35x1 + 4x2 <= 35x1 >= 0x2 >= 0optimize problemOptimal model: x1 = 47 % 9 :: Real x2 = 20 % 9 :: Real goal = 355 % 9 :: Realkkkk$(c) Levent ErkokBSD3erkokl@gmail.com experimentalNonel Taken from 6http://people.brunel.ac.uk/~mastjjb/jeb/or/morelp.htmlDA company makes two products (X and Y) using two machines (A and B).Each unit of X that is produced requires 50 minutes processing time on machine A and 30 minutes processing time on machine B.Each unit of Y that is produced requires 24 minutes processing time on machine A and 33 minutes processing time on machine B.At the start of the current week there are 30 units of X and 90 units of Y in stock. Available processing time on machine A is forecast to be 40 hours and on machine B is forecast to be 35 hours.jThe demand for X in the current week is forecast to be 75 units and for Y is forecast to be 95 units.yCompany policy is to maximise the combined sum of the units of X and the units of Y in stock at the end of the week.<How much of each product should we make in the current week?We have:optimize productionOptimal model: X = 45 :: Integer Y = 6 :: Integer stock = 1 :: Integer]That is, we should produce 45 X's and 6 Y's, with the final maximum stock of just 1 expected!llll%(c) Levent ErkokBSD3erkokl@gmail.com experimentalNonem0True precisely when exactly one of the inputs isn%The allocation problem. Inspired by: 3http://rise4fun.com/z3opt/tutorialcontent/guide#h25\We have three virtual machines (VMs) which require 100, 50 and 15 GB hard disk respectively.KThere are three servers with capabilities 100, 75 and 200 GB in that order.4Find out a way to place VMs into servers in order to#Minimize the number of servers used_Minimize the operation cost (the servers have fixed daily costs 10, 5 and 20 USD respectively.)We have:optimize allocate Optimal model: x11 = False :: Bool x12 = False :: Bool x13 = True :: Bool x21 = False :: Bool x22 = False :: Bool x23 = True :: Bool x31 = False :: Bool x32 = False :: Bool x33 = True :: Bool noOfServers = 1 :: Integer cost = 20 :: IntegerPThat is, we should put all the jobs on the third server, for a total cost of 20.mnmnmnmn&(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneoHelper synonym for representing GF(2^8); which are merely 8-bit unsigned words. Largest term in such a polynomial has degree 7.pMultiplication in Rijndael's field; usual polynomial multiplication followed by reduction by the irreducible polynomial. The irreducible used by Rijndael's field is the polynomial x^8 + x^4 + x^3 + x + 1 , which we write by giving it's  exponents in SBV. See:  Nhttp://en.wikipedia.org/wiki/Finite_field_arithmetic#Rijndael.27s_finite_fieldI. Note that the irreducible itself is not in GF28! It has a degree of 8.NB. You can use the F function to print polynomials nicely, as a mathematician would write.q States that the unit polynomial 1, is the unit elementr)States that multiplication is commutativessStates that multiplication is associative, note that associativity proofs are notoriously hard for SAT/SMT solverstQStates that the usual multiplication rule holds over GF(2^n) polynomials Checks:  if (a, b) = x  y then x = y  a + b being careful about y = 0z. When divisor is 0, then quotient is defined to be 0 and the remainder is the numerator. (Note that addition is simply  in GF(2^8).)uQueriesopqrstuopqrstuopqrstuopqrstu'(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone vNRepresent day by 8-bit words; Again, an uninterpreted type would work as well.wbRepresent month by 8-bit words; We can also use an uninterpreted type, but numbers work well here.x!Months referenced in the problem.y!Months referenced in the problem.z!Months referenced in the problem.{!Months referenced in the problem.|<Check that a given month/day combo is a possible birth-date.}BAssert that the given function holds for one of the possible days.~BAssert that the given function holds for all of the possible days.DAssert that the given function holds for one of the possible months.DAssert that the given function holds for all of the possible months./Encode the conversation as given in the puzzle.NB. Lee Pike pointed out that not all the constraints are actually necessary! (Private communication.) The puzzle still has a unique solution if the statements a1 and b1i (i.e., Albert and Bernard saying they themselves do not know the answer) are removed. To experiment you can simply comment out those statements and observe that there still is a unique solution. Thanks to Lee for pointing this out! In fact, it is instructive to assert the conversation line-by-line, and see how the search-space gets reduced in each step.4Find all solutions to the birthday problem. We have:cheryl Solution #1: birthDay = 16 :: Word8 birthMonth = 7 :: Word8This is the only solution. vwxyz{|}~ vwxyz{|}~ wvxyz{|}~ vwxyz{|}~((c) Levent ErkokBSD3erkokl@gmail.com experimentalNone QWe will represent coins with 16-bit words (more than enough precision for coins).Create a coin. The argument Int argument just used for naming the coin. Note that we constrain the value to be one of the valid U.S. coin values as we create it.0Return all combinations of a sequence of values..Constraint 1: Cannot make change for a dollar.3Constraint 2: Cannot make change for half a dollar./Constraint 3: Cannot make change for a quarter.,Constraint 4: Cannot make change for a dime.-Constraint 5: Cannot make change for a nickelConstraint 6: Cannot buy the candy either. Here's where we need to have the extra knowledge that the vending machines do not take 50 cent coins.Solve the puzzle. We have:puzzleSatisfiable. Model: c1 = 50 :: Word16 c2 = 25 :: Word16 c3 = 10 :: Word16 c4 = 10 :: Word16 c5 = 10 :: Word16 c6 = 10 :: Word16<i.e., your friend has 4 dimes, a quarter, and a half dollar.    )(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneYWe will assume each number can be represented by an 8-bit word, i.e., can be at most 128.OGiven a number, increment the count array depending on the digits of the numberEncoding of the puzzle. The solution is a sequence of 10 numbers for the occurrences of the digits such that if we count each digit, we find these numbers.6Finds all two known solutions to this puzzle. We have:counts Solution #1In this sentence, the number of occurrences of 0 is 1, of 1 is 7, of 2 is 3, of 3 is 2, of 4 is 1, of 5 is 1, of 6 is 1, of 7 is 2, of 8 is 1, of 9 is 1. Solution #2In this sentence, the number of occurrences of 0 is 1, of 1 is 11, of 2 is 2, of 3 is 1, of 4 is 1, of 5 is 1, of 6 is 1, of 7 is 1, of 8 is 1, of 9 is 1.Found: 2 solution(s).*(c) Levent ErkokBSD3erkokl@gmail.com experimentalNonePrints the only solution:puzzle Solution #1: dog = 3 :: Integer cat = 41 :: Integer mouse = 56 :: IntegerThis is the only solution.+(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneIThe given guesses and the correct digit counts, encoded as a simple list.$Encode the problem, note that we check digits are within 0-9 as we use 8-bit words to represent them. Otherwise, the constraints are simply generated by zipping the alleged solution with each guess, and making sure the number of matching digits match what's given in the problem statement.'Print out the solution nicely. We have: solveEuler1854640261571849533Number of solutions: 1,(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone07TSports they engage inPets they keepBeverage choicesNationalities of the occupantsColors of housesWe have: fishOwnerGermanIt's not hard to modify this program to grab the values of all the assignments, i.e., the full solution to the puzzle. We leave that as an exercise to the interested reader!-(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone"The puzzle board is a list of rowsA row is a list of elementsUse 32-bit words for elements.4Checks that all elements in a list are within bounds#Get the diagonal of a square matrix'Test if a given board is a magic square3Group a list of elements in the sublists of length iGiven n, magic n prints all solutions to the nxn magic square problem.(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneEA solution is a sequence of row-numbers where queens should be placed Checks that a given solution of n5-queens is valid, i.e., no queen captures any other.Given n, it solves the n-queens) puzzle, printing all possible solutions./(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneSolve the puzzle. We have: sendMoreMoney Solution #1: s = 9 :: Integer e = 5 :: Integer n = 6 :: Integer d = 7 :: Integer m = 1 :: Integer o = 0 :: Integer r = 8 :: Integer y = 2 :: IntegerThis is the only solution.That is:9567 + 1085 == 10652True0(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneA puzzle is a pair: First is the number of missing elements, second is a function that given that many elements returns the final board.&A Sudoku board is a sequence of 9 rows\A row is a sequence of 8-bit words, too large indeed for representing 1-9, but does not harmfGiven a series of elements, make sure they are all different and they all are numbers between 1 and 91Given a full Sudoku board, check that it is valid*Solve a given puzzle and print the resultsTHelper function to display results nicely, not really needed, but helps presentationFind all solutions to a puzzleFind an arbitrary good board(A random puzzle, found on the internet...Another random puzzle, found on the internet...Another random puzzle, found on the internet..dAccording to the web, this is the toughest sudoku puzzle ever.. It even has a name: Al Escargot: Jhttp://zonkedyak.blogspot.com/2006/11/worlds-hardest-sudoku-puzzle-al.html/This one has been called diabolical, apparently)The following is nefarious according to %http://haskell.org/haskellwiki/SudokuFSolve them all, this takes a fraction of a second to run for each case1(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone0579;&A move action is a sequence of triples. The first component is symbolically True if only one member crosses. (In this case the third element of the triple is irrelevant.) If the first component is (symbolically) False, then both members move together/A puzzle move is modeled as a state-transformer(The status of the puzzle after each move4This type is equipped with an automatically derived ;! instance because each field is ;. A v: instance must also be derived for this to work, and the DeriveAnyClass2 language extension must be enabled. The derived ;j instance simply walks down the structure field by field and merges each one. An equivalent hand-written ;* instance is provided in a comment below. elapsed timelocation of the flashlocation of Bonolocation of Edgelocation of Adamlocation of LarrySymbolic variant of Location of the flashSymbolic variant for timeModel time using 32 bitsSymbolic shorthand for a hU2 band members. We want to translate this to SMT-Lib as a data-type, and hence the deriving mechanism. /Shorthands for symbolic versions of the members /Shorthands for symbolic versions of the members /Shorthands for symbolic versions of the members /Shorthands for symbolic versions of the members *Crossing times for each member of the band6The symbolic variant.. The duplication is unfortunate.-Shorthands for symbolic versions of locations-Shorthands for symbolic versions of locations8Start configuration, time elapsed is 0 and everybody is 'Read the state via an accessor function.Given an arbitrary member, return his location(Transferring the flash to the other side'Transferring a person to the other side0Increment the time, when only one person crosses2Increment the time, when two people cross togetherSymbolic version of when.Move one member, remembering to take the flash&Move two members, again with the flash Run a sequence of given actions.Check if a given sequence of actions is valid, i.e., they must all cross the bridge according to the rules and in less than 17 seconds.See if there is a solution that has precisely n stepsSolve the U2-bridge crossing puzzle, starting by testing solutions with increasing number of steps, until we find one. We have:solveU2#Checking for solutions with 1 move.$Checking for solutions with 2 moves.$Checking for solutions with 3 moves.$Checking for solutions with 4 moves.$Checking for solutions with 5 moves. Solution #1: 0 --> Edge, Bono 2 <-- Edge 4 --> Larry, Adam 14 <-- Bono15 --> Edge, BonoTotal time: 17 Solution #2: 0 --> Edge, Bono 2 <-- Bono 3 --> Larry, Adam 13 <-- Edge15 --> Edge, BonoTotal time: 17 Found: 2 solutions with 5 moves.-Finding all possible solutions to the puzzle.Mergeable instance for [ simply pushes the merging the data after run of each branch starting from the same state.-     ,     -           2(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone2This version directly uses SMT-arrays and hence does not need an initializer. Reading an element before writing to it returns an arbitrary value.3The array type, takes symbolic 32-bit unsigned indexes and stores 32-bit unsigned symbolic values. These are functional arrays where reading before writing a cell throws an exception.4%Uninterpreted function in the theorem53Correctness theorem. We state it for all values of x, y, and the array a6. We also take an arbitrary initializer for the array.6#Prints Q.E.D. when run, as expected proveThm1Q.E.D.7Same as 5/, except we don't need an initializer with the j model.8$Prints Q.E.D. when run, as expected: proveThm2Q.E.D.23456782345678345627823456783(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone07 94Handy shortcut for the type of symbolic values over ::The uninterpreted sort :{, corresponding to the carrier. To prevent SBV from translating it to an enumerated type, we simply attach an unused field<!Uninterpreted logical connective <=!Uninterpreted logical connective =>!Uninterpreted logical connective >?Distributivity of OR over AND, as an axiom in terms of the uninterpreted functions we have introduced. Note how variables range over the uninterpreted sort :.@]One of De Morgan's laws, again as an axiom in terms of our uninterpeted logical connectives.A,Double negation axiom, similar to the above.BProves the equivalence >NOT (p OR (q AND r)) == (NOT p AND NOT q) OR (NOT p AND NOT r)>, following from the axioms we have specified above. We have:testQ.E.D. 9:;<=>?@AB 9:;<=>?@AB :;9<=>?@AB 9:;<=>?@AB4(c) Levent ErkokBSD3erkokl@gmail.com experimentalNoneJAn uninterpreted functionK Asserts that f x z == f (y+2) z whenever x == y+2. Naturally correct: prove thmGoodQ.E.D.JKJKJKJK5(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone LA binary boolean functionMA ternary boolean functionNTPositive Shannon cofactor of a boolean function, with respect to its first argumentOTNegative Shannon cofactor of a boolean function, with respect to its first argumentPCShannon's expansion over the first argument of a function. We have:shannonQ.E.D.QWAlternative form of Shannon's expansion over the first argument of a function. We have:shannon2Q.E.D.RComputing the derivative of a boolean function (boolean difference). Defined as exclusive-or of Shannon cofactors with respect to that variable.SfThe no-wiggle theorem: If the derivative of a function with respect to a variable is constant False, then that variable does not "wiggle" the function; i.e., any changes to it won't affect the result of the function. In fact, we have an equivalence: The variable only changes the result of the function iff the derivative with respect to it is not False:noWiggleQ.E.D.TUniversal quantification of a boolean function with respect to a variable. Simply defined as the conjunction of the Shannon cofactors.U-Show that universal quantification is really meaningful: That is, if the universal quantification with respect to a variable is True, then both cofactors are true for those arguments. Of course, this is a trivial theorem if you think about it for a moment, or you can just let SBV prove it for you:univOKQ.E.D.VExistential quantification of a boolean function with respect to a variable. Simply defined as the conjunction of the Shannon cofactors.W0Show that existential quantification is really meaningful: That is, if the existential quantification with respect to a variable is True, then one of the cofactors must be true for those arguments. Again, this is a trivial theorem if you think about it for a moment, but we will just let SBV prove it:existsOKQ.E.D. LMNOPQRSTUVW LMNOPQRSTUVW MLNOPQRSTUVW LMNOPQRSTUVW6(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone07XnA new data-type that we expect to use in an uninterpreted fashion in the backend SMT solver. Note the custom deriving clause, which takes care of most of the boilerplate. The () field is needed so SBV will not translate it to an enumerated data-typeZ5Declare an uninterpreted function that works over Q's[GA satisfiable example, stating that there is an element of the domain X such that ZL returns a different element. Note that this is valid only when the domain X$ has at least two elements. We have:t1Satisfiable. Model: x = Q!val!0 :: Q\kThis is a variant on the first example, except we also add an axiom for the sort, stating that the domain XR has only one element. In this case the problem naturally becomes unsat. We have:t2 UnsatisfiableXYZ[\XYZ[\XYZ[\XYZ[\7(c) Levent ErkokBSD3erkokl@gmail.com experimentalNone0d=A "list-like" data type, but one we plan to uninterpret at the SMT level. The actual shape is really immaterial for us, but could be used as a proxy to generate test cases or explore data-space in some other part of a program. Note that we neither rely on the shape of this data, nor need the actual constructors.gyAn uninterpreted "classify" function. Really, we only care about the fact that such a function exists, not what it does.h_Formulate a query that essentially asserts a cardinality constraint on the uninterpreted sort d'. The goal is to say there are precisely 3 such things, as it might be the case. We manage this by declaring four elements, and asserting that for a free variable of this sort, the shape of the data matches one of these three instances. That is, we assert that all the instances of the data d can be classified into 3 equivalence classes. Then, allSat returns all the possible instances, which of course are all uninterpreted.As expected, we have:genLs Solution #1: l = L!val!0 :: L l0 = L!val!0 :: L l1 = L!val!1 :: L l2 = L!val!2 :: L Solution #2: l = L!val!2 :: L l0 = L!val!0 :: L l1 = L!val!1 :: L l2 = L!val!2 :: L Solution #3: l = L!val!1 :: L l0 = L!val!0 :: L l1 = L!val!1 :: L l2 = L!val!2 :: LFound 3 different solutions.i Similarly, ''s default implementation is sufficient.jDeclare instances to make d1 a usable uninterpreted sort. First we need the t1 instance, with the default definition sufficing.defghijdefghdefjighdefghij:Y:Z:[:\:]:^:_:`:a:b;c;d;e;f;g;h;i;j;k=l=m=n=o=p=q=r=s=t=u=v=w=x=y=z={>|?}?~?@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB B B B B B BBBBBBBBBBBBBBBBBBBBB B!B"B#B$B%B&B'B(B)B*B+B,B-B.B/B0B1B2B3B4B5B6B7B8B9B:B;B<B;B=B>B?B@BABBBBBCBDBEBFBFBGBHBIBJBKBLBMBNBOBPBQBRBSBTBUBVBWBXBYBZB[B\B]B^B_B`BaBbBcBdBeBfBgBhBiBjBkBlBmBnBoBpBqBrBsBtBuBvBwBxByBzB{B|B}B~BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDD D D D D DDDDDDDDDDDDDDDDDDD D!D"D#D$D%D&D'D(D)D*D+D,D-D.D/D0D1D2D3D4D5F6F7F8F9F:F;I<I=I>I?I@IAIBICIDIEIFIGIHIIIJIKILILIMIMININIOIOIPIQIRISITIUIVPWPXPYPZP[P\P]P^P_P`PaPbPcPdPePfPgPhPiPjPkPlPmPnPoPpPqPrPsPtPuPvPwQxQyQ~QzQ{Q|Q}Q~QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUVVVVVVVV      W!W"W#W$W%W&W&W'W(W)W*W+W+W,W,W-W.W/W0W1W2W3W4W5W6W7W7W8W9W:W;W<W=W>W?W@WAWBWCWDWEWFWGWHWIWJWKWLWMWNWOWPWQWRWSWTWUWVWWWXWYWZW[W\W]W^W_W`XaXbXcXdefghijklmnopqrstuvwxyz{|}gefighjmn g e f i g h j m n g e f i g h j m n g e f i g h j m n g e f i g h j m n g e f i g h j m n~opqrtwlmno>?x^      !"#$%&'()*+,-./0123456789:;<=>?@A B C!D!E!F"G"H"H"I"J"K"L"M"N"O"P"Q"R"S"T"U"V"W"X"Y"Z"["\"]#,$^%_%`&&a&b&c&d&e&f'g'h'i'j'k'l'm'n'o'p'q'r's(t(u(v(w(x(y(z({(|(r)})~)r)*r+++,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,--------.$../00000m00000000000111R1R1111111111111111111111111111111111111111111111 1 1 1 1 11111111121202222233131333333 3)3!3"3#3$3%3&3'44(5)5*5+5,5-5.5/50515253546565666666768696:6;6<7=7>7?7@7A7B7C7D7E7F7G7HIJKIJLIJMINOINPINQINRISTISUISVISWISXISYISZIS[IS\IS]IS^IS_IS`IabIacISdIJeIJfIJgIJhIJiIJiIJjIJkIJlIJmIJnIJoIJpqirqisqitqiuqivqiwqixqiyqizqi{qi|qi}qi~qiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiqiiqiqiqiqiqiqiqiqiqi=qiqi:::<<<<<<<<<<<<<gIIII=??????????????????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAABBBBBBBBBBBBBBB B B B B BBBBBBBBBBBBBBBBBBB B!B"B#BBBBB$B%B&B'B(B)B*B+B,B-B.B/B0B1B2B3B4B5B6B7B8B9B:B;B<B=B>B?B@BABBBCBDBEBFBGBHBIBJBKBLBMBNBOBPBQBRBSBTBUBVBWXYCZC[C\C]C^C_C`CaCbCcCdCeCfCgChCiCjCkClCmCnCoCpCqCrCsCtCuCvCwCxCyCzC{C|C}C~CDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDEEEEEEEEEEEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFGGGGGGGGGGGGGGGGGGGGGGGGGHHHHHHHHHHHIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII I I I  IIIIIIIIIIIIIII I!I"I#I$I%I&I'I(JcK^L_MbN`OaO)O*+,P-P.P/P0P1P2P3P4P5P6P7P8P9P:P;P<P=P>P?P@PAPBPCPDP}QEQFQGIHIIJKIJLIMNIJOIJPIJQIJRSTUVQWQXQYQQQZQ[Q\I]^I]_I]`I]aI]bI]cI]dI]eQfQgQhQiQjQkQQQlQmQnQoQpQqQrQsQtQuQvQwQxQyQzQ{Q|Q}Q~QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQMQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQUUUUUUUUUUUUUUUUUUUUUUUUUUUVVVVKVVVVVVVVVVV V V V  eWWIXX X!X"X#X$X%X&X'X(X)X*X+X,X-X.X.X/XX0X1X2X3X4X5X6X7X8X9X:;<IJ=IJ>?I@AIBICIDI]EI]FI]GI]HI]II]JI]KI]LI]MI]NI]OI]PI]QI]RI]SI]TI]UI]VI]WI]XI]YI]ZI][IJ\IJ]IJ^_I`aIbcdsbv-6.0-4IIvWPWEiDc4SCFMoRTgdQData.SBVData.SBV.InternalsData.SBV.DynamicData.SBV.Tools.ExpectedValueData.SBV.Tools.PolynomialData.SBV.Tools.STreeData.SBV.Tools.GenTestData.SBV.Bridge.ABCData.SBV.Bridge.BoolectorData.SBV.Bridge.CVC4Data.SBV.Bridge.MathSATData.SBV.Bridge.YicesData.SBV.Bridge.Z3&Data.SBV.Examples.BitPrecise.BitTricks#Data.SBV.Examples.BitPrecise.Legato&Data.SBV.Examples.BitPrecise.MergeSort%Data.SBV.Examples.BitPrecise.MultMask&Data.SBV.Examples.BitPrecise.PrefixSum'Data.SBV.Examples.CodeGeneration.AddSub)Data.SBV.Examples.CodeGeneration.CRC_USB5*Data.SBV.Examples.CodeGeneration.Fibonacci$Data.SBV.Examples.CodeGeneration.GCD0Data.SBV.Examples.CodeGeneration.PopulationCount.Data.SBV.Examples.CodeGeneration.UninterpretedData.SBV.Examples.Crypto.AESData.SBV.Examples.Crypto.RC4,Data.SBV.Examples.Existentials.CRCPolynomial*Data.SBV.Examples.Existentials.Diophantine Data.SBV.Examples.Misc.Auxiliary Data.SBV.Examples.Misc.EnumerateData.SBV.Examples.Misc.Floating#Data.SBV.Examples.Misc.ModelExtractData.SBV.Examples.Misc.NoDiv0Data.SBV.Examples.Misc.Word4(Data.SBV.Examples.Optimization.LinearOpt)Data.SBV.Examples.Optimization.Production!Data.SBV.Examples.Optimization.VM)Data.SBV.Examples.Polynomials.Polynomials"Data.SBV.Examples.Puzzles.BirthdayData.SBV.Examples.Puzzles.Coins Data.SBV.Examples.Puzzles.Counts%Data.SBV.Examples.Puzzles.DogCatMouse"Data.SBV.Examples.Puzzles.Euler185Data.SBV.Examples.Puzzles.Fish%Data.SBV.Examples.Puzzles.MagicSquare!Data.SBV.Examples.Puzzles.NQueens'Data.SBV.Examples.Puzzles.SendMoreMoney Data.SBV.Examples.Puzzles.Sudoku"Data.SBV.Examples.Puzzles.U2Bridge#Data.SBV.Examples.Uninterpreted.AUF&Data.SBV.Examples.Uninterpreted.Deduce(Data.SBV.Examples.Uninterpreted.Function'Data.SBV.Examples.Uninterpreted.Shannon$Data.SBV.Examples.Uninterpreted.Sort,Data.SBV.Examples.Uninterpreted.UISortAllSatGHC.Stack.CompatGHC.SrcLoc.CompatData.SBV.Utils.TDiffData.SBV.Utils.NumericData.SBV.Utils.LibData.SBV.Utils.BooleanData.SBV.SMT.SMTLibNamesData.SBV.Core.AlgRealsData.SBV.Core.KindData.SBV.Core.ConcreteData.SBV.Core.SymbolicData.SBV.Core.DataData.SBV.Core.OperationsData.SBV.Provers.SExprData.SBV.Utils.PrettyNumData.SBV.SMT.SMTLib2Data.SBV.SMT.SMTLibData.SBV.SMT.SMTData.SBV.Provers.ABCData.SBV.Provers.BoolectorData.SBV.Provers.CVC4Data.SBV.Provers.MathSATData.SBV.Provers.YicesData.SBV.Provers.Z3Data.SBV.Provers.ProverData.SBV.Core.ModelStatusGGenericsData.SBV.Core.FloatingData.SBV.Core.SplittableData.SBV.Compilers.CodeGenData.SBV.Compilers.C TimingInfo TimedStepProblemConstruction Translation WorkByProverTimingNoTiming PrintTiming SaveTiming showTDifffpRound0fpRatio0fpMaxHfpMinHfp2fpfpRemHfpRoundToIntegralHfpIsEqualObjectHfpIsNormalizedHBooleantruefalsebnot&&&|||~&~|<+>==><=>fromBoolbAndbOrbAnybAllsmtLibReservedNamesAlgReal AlgRational AlgPolyRootHasKindkindOfhasSign intSizeOf isBoolean isBoundedisRealisFloatisDouble isIntegerisUninterpretedshowTypeKindKBoolKBounded KUnboundedKReal KUserSortKFloatKDoubleExtCWInfiniteEpsilonInterval BoundedCWAddExtCWMulExtCW GeneralizedCW ExtendedCW RegularCWCW_cwKindcwValCWVal CWAlgReal CWIntegerCWFloatCWDouble CWUserSort isRegularCW cwSameTypecwToBoolnormCWfalseCWtrueCWliftCW2mapCWmapCW2 mkConstCW SMTSolvername executableoptionsengine capabilitiesSolverZ3Yices BoolectorCVC4MathSATABC SMTScript scriptBody scriptModel SMTResult Unsatisfiable Satisfiable SatExtFieldUnknown ProofErrorTimeOutSMTModelmodelObjectives modelAssocs SMTConfigverbosetimingsBranchTimeOuttimeOut printBase printRealPrec solverTweaks optimizeArgssatCmd isNonModelVarsmtFile smtLibVersionsolver roundingModeuseLogic RoundingModeRoundNearestTiesToEvenRoundNearestTiesToAwayRoundTowardPositiveRoundTowardNegativeRoundTowardZeroSolverCapabilities capSolverNamembDefaultLogicsupportsMacrossupportsProduceModelssupportsQuantifierssupportsUninterpretedSortssupportsUnboundedInts supportsRealssupportsFloatssupportsDoublessupportsOptimizationLogicPredefinedLogic CustomLogic SMTLibLogicAUFLIAAUFLIRAAUFNIRALRAQF_ABVQF_AUFBV QF_AUFLIAQF_AXQF_BVQF_IDLQF_LIAQF_LRAQF_NIAQF_NRAQF_RDLQF_UFQF_UFBVQF_UFIDLQF_UFLIAQF_UFLRAQF_UFNRA QF_UFNIRAUFLRAUFNIAQF_FPBVQF_FP SMTLibPgm SMTLibVersionSMTLib2CachedSArrSymbolicSValState SBVRunModeProofCodeGenConcrete ArrayInfo ArrayContext ArrayFree ArrayReset ArrayMutate ArrayMergeResultreskinds resTraces resUISegs resInputs resConsts resTables resArrays resUIConsts resAxiomsresAsgnsresConstraints resTacticsresGoals resAssertions resOutputsTactic CaseSplitCheckCaseVacuity ParallelCaseCheckConstrVacuity StopAfter CheckUsingUseLogic UseSolverOptimizePriority ObjectiveMinimizeMaximize AssertSoftPenaltyDefaultPenalty OptimizeStyle Lexicographic IndependentPareto NamedSymVarSBVPgmpgmAssignmentsSBVExprSBVAppSBVType QuantifierALLEXFPOpFP_CastFP_ReinterpretFP_AbsFP_NegFP_AddFP_SubFP_MulFP_DivFP_FMAFP_SqrtFP_RemFP_RoundToIntegralFP_MinFP_Max FP_ObjEqual FP_IsNormalFP_IsSubnormal FP_IsZero FP_IsInfiniteFP_IsNaN FP_IsNegative FP_IsPositiveOpPlusTimesMinusUNegAbsQuotRemEqualNotEqualLessThan GreaterThanLessEq GreaterEqIteAndOrXOrNotShlShrRolRorExtractJoinLkUpArrEqArrReadKindCast UninterpretedLabelIEEEFPSWNodeId forceSWArgfalseSWtrueSWneedsExistentialsisParallelCaseAnywhere isCodeGenMode inProofModegetSBranchRunConfignewUninterpretedinternalVariable getTableIndexnewExpr svMkSymVaraddAxiom runSymbolic runSymbolic'extractSymbolicSimulationStateinternalConstraint outputSValreadSArr resetSArr writeSArr mergeSArrnewSArreqSArrcacheuncache uncacheAIsmtLibVersionExtension SExecutablesName_sName SMTProblem smtInputs smtSkolemMap kindsUsed smtAssertstactics objectives smtLibPgmCaseCondNoCaseCasePathCaseVacCaseCovCstrVacOpt SFunArraySArrayunSArraySymArray newArray_newArray readArray resetArray writeArray mergeArraysSymWordforallforall_ mkForallVarsexistsexists_ mkExistVarsfreefree_ mkFreeVarssymbolic symbolicsliteral unliteralfromCW isConcrete isSymbolic isConcretely mkSymWord Outputtableoutput SRoundingModeSDoubleSFloatSRealSIntegerSInt64SInt32SInt16SInt8SWord64SWord32SWord16SWord8SBoolSBVunSBVgetPathConditionextendPathConditionnaninfinitysNaN sInfinitysRoundNearestTiesToEvensRoundNearestTiesToAwaysRoundTowardPositivesRoundTowardNegativesRoundTowardZerosRNEsRNAsRTPsRTNsRTZsbvToSWmkSymSBV sbvToSymSW declNewSArraydeclNewSFunArray mkSFunArray addConstraintexpectedValueWith expectedValuesvTruesvFalsesvBool svIntegersvFloatsvDoublesvRealsvAsBool svAsInteger svNumerator svDenominatorsvEnumFromThenTosvPlussvTimessvMinussvUNegsvAbssvDividesvExp svBlastLEsvSetBit svBlastBE svWordFromLE svWordFromBE svAddConstant svIncrement svDecrementsvQuotsvRemsvEqual svNotEqual svLessThan svGreaterThansvLessEq svGreaterEqsvAndsvOrsvXOrsvNotsvShlsvShrsvRolsvRor svExtractsvJoinsvUninterpretedsvIte svLazyItesvSymbolicMergesvSelectsvSignsvUnsignsvFromIntegral svToWord1 svFromWord1 svTestBit svShiftLeft svShiftRight svRotateLeft svRotateRight PrettyNumhexSbinShexbinreadBin Modelable modelExistsgetModelgetModelDictionary getModelValuegetModelUninterpretedValue extractModelgetModelObjectivesgetModelObjectiveValueSatModelparseCWscvtModelOptimizeResultLexicographicResult ParetoResultIndependentResult SafeResult AllSatResult SatResult ThmResultgenParse extractModelsgetModelDictionariesgetModelValuesgetModelUninterpretedValues displayModels showModelProvableforAll_forAllforSome_forSomeGoal Predicate boolectorcvc4yicesz3mathSATabc defaultSMTCfgprovesatallSatoptimizesafe isVacuous isTheoremWithisSatisfiableWith isTheorem isSatisfiablecompileToSMTLibgenerateSMTBenchmarks proveWithsatWith optimizeWithsafeWithisSafe isVacuousWith allSatWithminimizemaximize uninterpret cgUninterpretsbvUninterpret Mergeable symbolicMergeselect SDivisiblesQuotRemsDivModsQuotsRemsDivsMod SIntegral OrdSymbolic.<.<=.>.>=sminsmax EqSymbolic.==./= genLiteral genFromCW genMkSymVarsBoolsBoolssWord8sWord8ssWord16sWord16ssWord32sWord32ssWord64sWord64ssInt8sInt8ssInt16sInt16ssInt32sInt32ssInt64sInt64ssInteger sIntegerssRealsRealssFloatsFloatssDoublesDoublessRealToSIntegerlabel allDifferentallEqualinRangesElemoneIf.^sTestBit sExtractBits sPopCountsetBitTo sFromIntegral sShiftLeft sShiftRightsSignedShiftArithRight sRotateLeft sRotateRight fullAdderfullMultiplierblastLEblastBElsbmsbliftQRemliftDModiteiteLazysAssert constrain pConstraintactic assertSoft sbvQuickCheckisSatisfiableInCurrentPathIEEEFloatConvertable fromSFloattoSFloat fromSDouble toSDouble IEEEFloatingfpAbsfpNegfpAddfpSubfpMulfpDivfpFMAfpSqrtfpRemfpRoundToIntegralfpMinfpMaxfpIsEqualObject fpIsNormal fpIsSubnormalfpIsZero fpIsInfinitefpIsNaN fpIsNegative fpIsPositivefpIsNegativeZerofpIsPositiveZero fpIsPointsFloatAsSWord32sDoubleAsSWord64 blastSFloat blastSDoublesWord32AsSFloatsWord64AsSDoubleFromBits fromBitsLE fromBitsBE Splittablesplit#extendcheckAndConvert Polynomial polynomialpAddpMultpDivpModpDivModshowPolyshowPolynomialaddPolyitesmdpcrcBVcrc$fPolynomialSBV$fPolynomialSBV0$fPolynomialSBV1$fPolynomialSBV2$fPolynomialWord64$fPolynomialWord32$fPolynomialWord16$fPolynomialWord8STree readSTree writeSTreemkSTree$fMergeableSTreeInternal$fShowSTreeInternal TestStyleHaskellCForte TestVectors getTestValuesgenTest renderTest CgPgmKind CgMakefileCgHeaderCgSourceCgDriver CgPgmBundle CgSRealTypeCgFloatCgDouble CgLongDouble SBVCodeGenCgStatecgInputs cgOutputs cgReturns cgPrototypescgDecls cgLDFlags cgFinalConfigCgValCgAtomicCgArrayCgConfigcgRTC cgIntegercgReal cgDriverVals cgGenDriver cgGenMakefilecgIgnoreAssertsCgTarget targetName translatedefaultCgConfig initCgState liftSymbolic cgSBVToSW cgPerformRTCs cgIntegerSize cgSRealTypecgGenerateDrivercgGenerateMakefilecgSetDriverValuescgIgnoreSAssertcgAddPrototype cgAddDecl cgAddLDFlags svCgInput svCgInputArr svCgOutput svCgOutputArr svCgReturn svCgReturnArrcgInput cgInputArrcgOutput cgOutputArrcgReturn cgReturnArr isCgDriver isCgMakefilecodeGenrenderCgPgmBundlerender' compileToC compileToC' compileToCLibcompileToCLib'Equality===sbvCurrentSolversolvesbvCheckSolverInstallationdefaultSolverConfigsbvAvailableSolvers proveWithAll proveWithAny satWithAll satWithAny$fEquality(->)$fEquality(->)0$fEquality(->)1$fEquality(->)2$fEquality(->)3$fEquality(->)4$fEquality(->)5$fEquality(->)6$fEquality(->)7$fEquality(->)8$fEquality(->)9$fEquality(->)10$fEquality(->)11$fProvableSymbolicsvIsSatisfiableInCurrentPath svQuickCheckfastMinCorrectfastMaxCorrectoppositeSignsCorrectconditionalSetClearCorrectpowerOfTwoCorrectqueriesModelInitVals InstructionProgramMostekmemory registersflagsMemoryFlags RegistersBitValueFlagFlagCFlagZRegisterRegXRegAAddressgetRegsetReggetFlagsetFlagpeekpoke checkOverflowcheckOverflowCorrectldxldaclcrorMrorRbccadcdexbneendlegato runLegato initMachinelegatoIsCorrectcorrectnessTheorem legatoInC $fEqRegister $fOrdRegister $fIxRegister$fBoundedRegister$fEnumRegister$fEqFlag $fOrdFlag$fIxFlag $fBoundedFlag $fEnumFlag$fGenericMostek$fMergeableMostekEmerge mergeSort nonDecreasingisPermutationOf correctness maskAndMult PowerListtiePLzipPLunzipPLpslf flIsCorrectthm1thm2ladnerFischerTrace scanlTraceaddSub genAddSubusb5crcUSBcrcUSB'crcGoodcg1cg2fib0fib1genFib1fib2genFib2sgcd sgcdIsCorrect genGCDInC popCountSlow popCountFastpop8fastPopCountIsCorrectgenPopCountInC shiftLeft tstShiftLeftgenCCodeKSKeyGF28gf28Multgf28Pow gf28InversetoBytes fromBytesrotRroundConstants invMixColumns keyExpansion sboxTablesbox unSBoxTableunSBoxsboxInverseCorrect addRoundKeyt0Funct0t1t2t3u0Funcu0u1u2u3doRoundsaesRound aesInvRoundaesKeySchedule aesEncrypt aesDecryptt128Enct128Dect192Enct192Dect256Enct256Decaes128IsCorrectcgAES128BlockEncryptaes128LibComponentscgAES128LibraryRC4SinitSswapprgainitRC4 keySchedulekeyScheduleStringencryptdecrypt rc4IsCorrectSWord48 crc_48_16 diffCountgenPolyfindHD4PolynomialsSolution HomogeneousNonHomogeneousldnbasistestsailors$fShowSolutionproblem allModelsmodelsWithYAuxSEABeltsfourmaxEminE$fEqE$fOrdE$fShowE$fReadE$fDataE $fSymWordE $fHasKindE assocPlusassocPlusRegularnonZeroAddition multInverse roundingAddoutsidegenVals checkedDivtest1test2SWord4Word4word4$fSplittableWord8Word4 $fFromBitsSBV$fSIntegralWord4$fSDivisibleSBV$fSDivisibleWord4$fSatModelWord4$fHasKindWord4$fSymWordWord4 $fRandomWord4 $fBitsWord4$fIntegralWord4 $fRealWord4 $fNumWord4 $fEnumWord4$fBoundedWord4 $fReadWord4 $fShowWord4 $fEqWord4 $fOrdWord4 $fDataWord4 production strongMutexallocategfMultmultUnitmultComm multAssoc polyDivModtestGF28DayMonthmayjunejulyaugustvalid existsDay forallDay existsMonth forallMonthpuzzlecherylCoinmkCoin combinationsc1c2c3c4c5c6Countcountcountsguesseseuler185 solveEuler185SportFootballBaseball VolleyballHockeyTennisPetDogHorseCatBirdFishBeverageTeaCoffeeMilkBeerWater NationalityBritonDaneSwede NorwegianGermanColorRedGreenWhiteYellowBlue fishOwner $fEqColor $fOrdColor $fShowColor $fReadColor $fDataColor$fSymWordColor$fHasKindColor$fEqNationality$fOrdNationality$fShowNationality$fReadNationality$fDataNationality$fSymWordNationality$fHasKindNationality $fEqBeverage $fOrdBeverage$fShowBeverage$fReadBeverage$fDataBeverage$fSymWordBeverage$fHasKindBeverage$fEqPet$fOrdPet $fShowPet $fReadPet $fDataPet $fSymWordPet $fHasKindPet $fEqSport $fOrdSport $fShowSport $fReadSport $fDataSport$fSymWordSport$fHasKindSportBoardRowElemcheckdiagisMagicchunkmagicisValidnQueens sendMoreMoneyPuzzlesudoku dispSolutionsolveAllpuzzle0puzzle1puzzle2puzzle3puzzle4puzzle5puzzle6 allPuzzlesActionsMovetimeflashlBonolEdgelAdamlLarry SLocationLocationHereThereSTimeTime SU2MemberU2MemberBonoEdgeAdamLarrybonoedgeadamlarry crossTime sCrossTimeheretherestartwhereIs xferFlash xferPerson bumpTime1 bumpTime2whenSmove1move2runsolveNsolveU2$fMergeableStateT $fEqU2Member $fOrdU2Member$fShowU2Member$fReadU2Member$fDataU2Member$fSymWordU2Member$fHasKindU2Member$fSatModelU2Member $fEqLocation $fOrdLocation$fShowLocation$fReadLocation$fDataLocation$fSymWordLocation$fHasKindLocation$fSatModelLocation$fGenericStatus$fMergeableStatusf proveThm1 proveThm2SBandornotax1ax2ax3$fEqB$fOrdB$fShowB$fReadB$fDataB $fSymWordB $fHasKindBthmGoodBinaryTernaryposnegshannonshannon2 derivativenoWiggle universalunivOK existentialexistsOKQ$fEqQ$fOrdQ$fDataQ$fReadQ$fShowQ $fSymWordQ $fHasKindQLNilConsclassifygenLs $fHasKindL $fSymWordL$fEqL$fOrdL$fShowL$fReadL$fDataLbaseGHC.Stack.TypesemptyCallStack pushCallStack CallStack GHC.StackwithFrozenCallStack callStack popCallStackerrorWithStackTrace GHC.Stack.CCS renderStack whoCreated ccsToStrings ccSrcSpanccModuleccLabel ccsParentccsCCclearCCSgetCCSOf getCurrentCCSCostCentreStack CostCentre GHC.ExceptionprettyCallStack prettySrcLoccurrentCallStackfreezeCallStackfromCallSiteList getCallStack HasCallStackSrcLoc srcLocPackage srcLocModule srcLocFilesrcLocStartLinesrcLocStartCol srcLocEndLine srcLocEndColghc isSubspanOfspansleftmost_largestleftmost_smallest rightmost cmpLocated eqLocatedaddCLoc combineLocsmkGeneralLocatednoLocgetLocunLocpprUserRealSpansrcSpanFileName_mayberealSrcSpanEndrealSrcSpanStart srcSpanEnd srcSpanStart srcSpanEndColsrcSpanStartColsrcSpanEndLinesrcSpanStartLine containsSpan isOneLineSpan isGoodSrcSpansrcSpanFirstCharactercombineSrcSpans mkSrcSpan mkRealSrcSpanrealSrcLocSpan srcLocSpanmkGeneralSrcSpaninteractiveSrcSpanwiredInSrcSpan noSrcSpan sortLocated advanceSrcLoc srcLocCol srcLocLinemkGeneralSrcLocinteractiveSrcLocgeneratedSrcLocnoSrcLoc mkRealSrcLocmkSrcLoc RealSrcLoc UnhelpfulLoc RealSrcSpan srcSpanFileSrcSpan UnhelpfulSpan GenLocatedLocated RealLocatedtimedStepLabeltimeIfdeepseq-1.4.2.0Control.DeepSeqNFDatadoTimemlift2mlift3mlift4mlift5mlift6mlift7mlift8joinArgs splitArgsInitNormghc-prim GHC.TypesBool Data.Foldableanyall $fBooleanBoolisExactRational mkPolyRealalgRealStructuralEqualalgRealStructuralComparealgRealToSMTLib2algRealToHaskell mergeAlgReals$fFractionalAlgReallift1lift2showRat$fArbitraryAlgReal$fRandomAlgReal $fRandomRatio $fRealAlgReal $fNumAlgReal $fOrdAlgReal $fEqAlgReal $fShowAlgReal$fShowPolynomialkindRank kindHasSignconstructUKind $fOrdKind$fEqKind $fHasKindKind$fHasKindDouble$fHasKindFloat$fHasKindAlgReal$fHasKindInteger$fHasKindWord64$fHasKindInt64$fHasKindWord32$fHasKindInt32$fHasKindWord16$fHasKindInt16$fHasKindWord8 $fHasKindInt8 $fHasKindBool $fOrdDataType $fEqDataType $fShowKind showExtCWliftCWshowCW showBaseKind randomCWValrandomCW$fShowGeneralizedCW$fShowCW$fHasKindGeneralizedCW $fHasKindCW $fShowExtCW$fHasKindExtCW $fOrdCWVal GHC.ClassesEq $fEqCWVal SMTEngine ArrayIndexpathCondCacheCgMapUIMapArrayMapTableMapKindSetCnstMapExprMapswKindreorder objectiveNameisConcreteModegetSValPathConditionextendSValPathConditionincCtr throwDice addAssertionnewSW registerKindnewConstsvToSW svToSymSWmkSValUserSortintroduceUserNameimposeConstraint addSValTacticaddSValOptGoaladdSValConstraint uncacheGen$fHasKindRoundingMode $fNFDataLogic$fNFDataSMTLibLogic$fEqSVal $fShowSVal $fShowResult $fShowSBVExpr$fShowOp $fShowFPOprunModerStdGenrCInforctr rUsedKindsrinps rConstraintsroutsrtblMapspgm rconstMaprexprMap rArrayMaprUIMaprCgMapraxiomsrTacs rOptGoalsrAssertsrSWCacherAICache$fShowSMTSolver$fShowSMTConfig$fNFDataSMTConfig $fShowLogic$fNFDataSMTScript$fNFDataSMTModel$fNFDataSMTResult $fNFDataSVal$fNFDataCached$fNFDataSBVPgm$fNFDataSBVType$fNFDataQuantifier$fNFDataSBVExpr $fNFDataSW$fNFDataArrayContext $fNFDataKind$fNFDataResult$fNFDataGeneralizedCW $fNFDataCW$fShowSMTLibPgm$fNFDataSMTLibPgm$fNFDataSMTLibVersion $fHasKindSVal$fShowArrayContext$fNFDataTactic$fNFDataObjective$fNFDataPenalty$fNFDataOptimizeStyle $fShowSBVType$fShowSW $fHasKindSWDoubleFloat$fSymWordRoundingMode$fSExecutable(->)$fSExecutable(->)0$fSExecutable(->)1$fSExecutable(->)2$fSExecutable(->)3$fSExecutable(->)4$fSExecutable(->)5$fSExecutable(,,,,,,)$fSExecutable(,,,,,)$fSExecutable(,,,,)$fSExecutable(,,,)$fSExecutable(,,)$fSExecutable(,)$fSExecutable[]$fSExecutable()$fSExecutableSBV$fSExecutableSymbolic $fNFDataSBV$fNFDataSMTProblem$fNFDataCaseCond$fShowSFunArray$fSymArraySArray $fShowSArray $fRandomSBV$fOutputtable(,,,,,,,)$fOutputtable(,,,,,,)$fOutputtable(,,,,,)$fOutputtable(,,,,)$fOutputtable(,,,)$fOutputtable(,,)$fOutputtable(,)$fOutputtable()$fOutputtable[]$fOutputtableSBV $fHasKindSBV$fEqSBV $fShowSBV eqOptBoolroteqOptisConcreteZero isConcreteOneisConcreteOnes isConcreteMax isConcreteMinareConcretelyEqual rationalCheck nonzeroCheckrationalSBVCheck svChangeSignnoUnintnoUnint2liftSym1liftSW2liftSym2 liftSym2B mkSymOpSCmkSymOp mkSymOp1SCmkSymOp1uiLiftnoRealnoFloatnoDouble noRealUnary noFloatUnary noDoubleUnarySExpr parseSExprrdFPgetTripleFloatgetTripleDouble constantMapEConENumERealEFloatEDoubleEAppshexshexIsbinsbinIpads2s16 showCFloat showCDouble showHFloat showHDouble showSMTFloat showSMTDoubletoSMTLibRationalsmtRoundingMode cwToSMTLib mkSkolemZero$fPrettyNumSBV $fPrettyNumCW$fPrettyNumInteger$fPrettyNumInt64$fPrettyNumWord64$fPrettyNumInt32$fPrettyNumWord32$fPrettyNumInt16$fPrettyNumWord16$fPrettyNumInt8$fPrettyNumWord8$fPrettyNumBooladdNonEqConstraintscvt SkolemMapnonEqsnonEqtbddeclUIdeclAx constTable skolemTable genTableData declArrayswType swFunTypesmtTypecvtTypecvtSWcvtCWgetTablecvtExp handleFPCastshfthandleKindCastSMTLibConverter toSMTLib2interpretSolverOutput classifyModelinterpretSolverOutputMultiinterpretSolverParetoOutputinterpretSolverModelLine modelValuesinterpretSolverObjectiveLine identifyInputGHC.BaseNothingGHC.ShowShow resultConfig parseModelOutInt showSMTResultshowModelDictionaryshCWshUIshUA pipeProcess standardModelstandardValueExtractorstandardModelExtractorstandardEnginestandardSolverdispatchSolver runSolver mergeSExpr$fModelableSMTResult$fModelableSatResult$fModelableThmResult$fSatModel(,,,,,,)$fSatModel(,,,,,)$fSatModel(,,,,)$fSatModel(,,,)$fSatModel(,,) $fSatModel(,) $fSatModel[]$fSatModelRoundingMode $fSatModelCW$fSatModelDouble$fSatModelFloat$fSatModelAlgReal$fSatModelInteger integer-gmpGHC.Integer.TypeInteger$fSatModelInt64GHC.IntInt64$fSatModelWord64GHC.WordWord64$fSatModelInt32Int32$fSatModelWord32Word32$fSatModelInt16Int16$fSatModelWord16Word16$fSatModelInt8Int8$fSatModelWord8Word8$fSatModelBool $fSatModel()$fShowOptimizeResult$fShowAllSatResult$fShowSafeResult$fShowSatResult$fShowThmResult optionPrefix extractMapTrueFalse bufferSanityobjectiveCheck getConverteroptLexicographicoptIndependent optPareto applyTacticsconstraintVacuityCheck caseSplitinternalSATCheckmkConfig callSolversimulate runProofOn$fProvable(->)$fProvable(->)0$fProvable(->)1$fProvable(->)2$fProvable(->)3$fProvable(->)4$fProvable(->)5$fProvable(->)6$fProvable(->)7 $fProvableSBVMetric GMergeablesymbolicMergeDefault GHC.GenericsGenericGHC.RealIntegralRealGHC.EnumEnumquotRemdivModquotdivOrdOrderingmaxmin ghcBitSizegenVargenVar_lift1Flift1FNSlift2FNS Data.BitstestBitpopCountsetBitclearBitshiftLshiftRrotateLrotateRenumCvtsymbolicMergeWithKindslet $fFloatingSBV $fSymWord()symbolicMerge'__unused$fTestableSymbolic$fTestableSymbolic0 $fTestableSBV $fMetricSBV $fMetricSBV0 $fMetricSBV1 $fMetricSBV2 $fMetricSBV3 $fMetricSBV4 $fMetricSBV5 $fMetricSBV6 $fMetricSBV7 $fMetricSBV8$fUninterpreted(->)$fUninterpreted(->)0$fUninterpreted(->)1$fUninterpreted(->)2$fUninterpreted(->)3$fUninterpreted(->)4$fUninterpreted(->)5$fUninterpreted(->)6$fUninterpreted(->)7$fUninterpreted(->)8$fUninterpreted(->)9$fUninterpreted(->)10$fUninterpreted(->)11$fUninterpretedSBV$fMergeableSFunArray$fSymArraySFunArray$fMergeableSArray$fEqSymbolicSArray $fBoundedSBV$fGMergeable:*:$fGMergeableM1$fGMergeableK1$fGMergeableU1$fMergeable(,,,,,,)$fMergeable(,,,,,)$fMergeable(,,,,)$fMergeable(,,,)$fMergeable(,,)$fMergeable(,)$fMergeable(->)$fMergeableArray$fMergeableEither$fMergeableMaybe $fMergeable[] $fMergeable()$fMergeableSBV$fArbitrarySBV$fArbitrarySFunArray$fSDivisibleSBV0$fSDivisibleSBV1$fSDivisibleSBV2$fSDivisibleSBV3$fSDivisibleSBV4$fSDivisibleSBV5$fSDivisibleSBV6$fSDivisibleSBV7$fSDivisibleCW$fSDivisibleInteger$fSDivisibleInt8$fSDivisibleWord8$fSDivisibleInt16$fSDivisibleWord16$fSDivisibleInt32$fSDivisibleWord32$fSDivisibleInt64$fSDivisibleWord64 $fEnumSBV $fBitsSBV$fFractionalSBV$fNumSBV $fBooleanSBV$fSIntegralInteger$fSIntegralInt64$fSIntegralInt32$fSIntegralInt16$fSIntegralInt8$fSIntegralWord64$fSIntegralWord32$fSIntegralWord16$fSIntegralWord8$fOrdSymbolic(,,,,,,)$fEqSymbolic(,,,,,,)$fOrdSymbolic(,,,,,)$fEqSymbolic(,,,,,)$fOrdSymbolic(,,,,)$fEqSymbolic(,,,,)$fOrdSymbolic(,,,)$fEqSymbolic(,,,)$fOrdSymbolic(,,)$fEqSymbolic(,,)$fOrdSymbolic(,)$fEqSymbolic(,)$fOrdSymbolicEither$fEqSymbolicEither$fOrdSymbolicMaybe$fEqSymbolicMaybe$fOrdSymbolic[]$fEqSymbolic[]$fEqSymbolicBool$fOrdSymbolicSBV$fEqSymbolicSBV$fSymWordDouble$fSymWordFloat$fSymWordAlgReal$fSymWordInteger$fSymWordInt64$fSymWordWord64$fSymWordInt32$fSymWordWord32$fSymWordInt16$fSymWordWord16 $fSymWordInt8$fSymWordWord8 $fSymWordBool $fHasKind()genericFPConverterptCheck concEval1 concEval2 concEval2B concEval3addRMlift1BliftMMlift2Blift3$fIEEEFloatingDouble$fIEEEFloatingFloat$fIEEEFloatConvertableAlgReal$fIEEEFloatConvertableInteger$fIEEEFloatConvertableDouble$fIEEEFloatConvertableFloat$fIEEEFloatConvertableWord64$fIEEEFloatConvertableWord32$fIEEEFloatConvertableWord16$fIEEEFloatConvertableWord8$fIEEEFloatConvertableInt64$fIEEEFloatConvertableInt32$fIEEEFloatConvertableInt16$fIEEEFloatConvertableInt8 fromBinLEgenSplitgenJoin$fFromBitsSBV0$fFromBitsSBV1$fFromBitsSBV2$fFromBitsSBV3$fFromBitsSBV4$fFromBitsSBV5$fFromBitsSBV6$fFromBitsSBV7$fSplittableSBVSBV$fSplittableSBVSBV0$fSplittableSBVSBV1$fSplittableWord16Word8$fSplittableWord32Word16$fSplittableWord64Word32sppolyMultliftliftCliftSdegreeidxdivx STreeInternalSLeafSBinTVhaskellcforte$fShowCgPgmBundle$fShowCgSRealTypeJust pprCFunHeaderdeclSW declSWNoConstshowSWpprCWord showCType specifiermkConstgenMake genHeader genDrivergenCProg mergeToLib genLibMake mergeDriversSBVToCdiecgenmkParammkPParamshowSizedConstsepIf handleIEEEppExpr printQuotes ppSameLinealign$fCgTargetSBVToC sbvWithAny sbvWithAllRatioRationalWord Data.RatioapproxRational byteSwap64 byteSwap32 byteSwap16toIntegralSizedpopCountDefaulttestBitDefault bitDefaultBits.&..|.xor complementshiftrotatezeroBitsbit complementBit bitSizeMaybebitSizeisSigned unsafeShiftL unsafeShiftR FiniteBits finiteBitSizecountLeadingZeroscountTrailingZeros denominator numerator%toSBool Data.DataDataGHC.ReadRead