Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in...
Transcript of Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in...
![Page 1: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/1.jpg)
Emina TorlakUniversity of Washington
homes.cs.washington.edu/~emina/
Synthesis and Verification for All
![Page 2: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/2.jpg)
Emina
Racket
![Page 3: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/3.jpg)
a programmable programming language
Racket
![Page 4: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/4.jpg)
Racket
a programmable programming language
![Page 5: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/5.jpg)
a programmable programming language
synthesis
verification ROSETTE
![Page 6: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/6.jpg)
a programmable programming language
synthesis
verification ROSETTE
solver-aided
![Page 7: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/7.jpg)
visiona little programming for everyone
![Page 8: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/8.jpg)
A little programming for everyone
8
Every knowledge worker wants to program …
![Page 9: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/9.jpg)
‣ spreadsheet data manipulation [Flashfill, POPL’11]
A little programming for everyone
8
Every knowledge worker wants to program …
social scientist
![Page 10: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/10.jpg)
‣ spreadsheet data manipulation [Flashfill, POPL’11]
‣ models of cell fates [SBL, POPL’13]
A little programming for everyone
8
Every knowledge worker wants to program …
biologist social scientist
![Page 11: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/11.jpg)
‣ spreadsheet data manipulation [Flashfill, POPL’11]
‣ models of cell fates [SBL, POPL’13]
‣ cache coherence protocols [Transit, PLDI’13]
‣ memory models [MemSAT, PLDI’10]
A little programming for everyone
8
Every knowledge worker wants to program …
hardware designer
biologist social scientist
![Page 12: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/12.jpg)
‣ spreadsheet data manipulation [Flashfill, POPL’11]
‣ models of cell fates [SBL, POPL’13]
‣ cache coherence protocols [Transit, PLDI’13]
‣ memory models [MemSAT, PLDI’10]
A little programming for everyone
8
Every knowledge worker wants to program …
hardware designer
biologist social scientist
![Page 13: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/13.jpg)
‣ spreadsheet data manipulation [Flashfill, POPL’11]
‣ models of cell fates [SBL, POPL’13]
‣ cache coherence protocols [Transit, PLDI’13]
‣ memory models [MemSAT, PLDI’10]
A little programming for everyone
8
Every knowledge worker wants to program …
hardware designer
biologist social scientist
time
expertise
![Page 14: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/14.jpg)
A little programming for everyone
9
solver-aided languages
We all want to build programs …
‣ spreadsheet data manipulation‣ models of cell fates‣ cache coherence protocols‣ memory models
hardware designer
biologist social scientist
less time
less expertise
![Page 15: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/15.jpg)
outlinesolver-aided tools, languages and beyond
![Page 16: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/16.jpg)
outlinesolver-aided tools, languages and beyondsolver-aided tools
![Page 17: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/17.jpg)
outlinesolver-aided tools, languages and beyondsolver-aided tools, languages
![Page 18: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/18.jpg)
outlinesolver-aided tools, languages and beyondsolver-aided tools, languages, and applications
![Page 19: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/19.jpg)
toolssolver-aided tools
![Page 20: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/20.jpg)
P(x) {……
}
Programming …
12
specification
![Page 21: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/21.jpg)
P(x) {……
}
Programming …
12
specificationtest case
assert safe(P(2))
![Page 22: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/22.jpg)
translator
P(x) {……
}assert safe(P(2))
Programming with a solver-aided tool
13
?
SAT/SMT solver
![Page 23: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/23.jpg)
∃x . ¬ safe(P(x))
CBMC [Kroening et al., DAC’03]Dafny [Leino, LPAR’10]Miniatur [Vaziri et al., FSE’07]Klee [Cadar et al., OSDI’08]
P(x) {……
}assert safe(P(x))
Programming with a solver-aided tool
13
Find an input on which the program fails.
? verify
42
SAT/SMT solver
![Page 24: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/24.jpg)
BugAssist [Jose & Majumdar, PLDI’11]
P(x) {v = x + 2…
}assert safe(P(x))
Programming with a solver-aided tool
13
Find an input on which the program fails.
Localize bad parts of the program.? verify debug
42
SAT/SMT solverx = 42 ⋀ safe(P(x))
![Page 25: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/25.jpg)
Kaplan [Koksal et al, POPL’12]PBnJ [Samimi et al., ECOOP’10]Squander [Milicevic et al., ICSE’11]
P(x) {v = choose()…
}assert safe(P(x))
Programming with a solver-aided tool
13
Find an input on which the program fails.
Localize bad parts of the program.
Find values that repair the failing run.? verify debugsolve
42 40
SAT/SMT solver∃v . safe(P(42, v))
![Page 26: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/26.jpg)
Sketch [Solar-Lezama et al., ASPLOS’06]Comfusy [Kuncak et al., CAV’10]
P(x) {v = ??…
}assert safe(P(x))
Programming with a solver-aided tool
13
Find an input on which the program fails.
Localize bad parts of the program.
Find values that repair the failing run.
Find code that repairs the program.? verify
debugsolvesynth
x − 2
SAT/SMT solver∃e . ∀x . safe(Pe(x))
![Page 27: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/27.jpg)
translator
The standard (hard) way to build a tool
14
?P(x) {
……
}assert safe(P(x))
verify debugsolvesynth
expertise in PL, FM, SE
translator SAT/SMT solver
![Page 28: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/28.jpg)
A new, easy way to build tools
15
programming
?P(x) {
……
}assert safe(P(x))
verify debugsolvesynth
an interpreter or a library
![Page 29: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/29.jpg)
ROSETTE
A new, easy way to build tools
15
?P(x) {
……
}assert safe(P(x))
verify debugsolvesynth
an interpreter or a library
Implement a language for an application domain, get the tools for free!
![Page 30: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/30.jpg)
ROSETTE
A new, easy way to build tools
15
?P(x) {
……
}assert safe(P(x))
verify debugsolvesynth
an interpreter or a library
Implement a language for an application domain, get the tools for free!
symbolic virtual machine
![Page 31: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/31.jpg)
ROSETTE
A new, easy way to build tools
15
?P(x) {
……
}assert safe(P(x))
verify debugsolvesynth
an interpreter or a library
Implement a language for an application domain, get the tools for free!
symbolic virtual machine [Torlak & Bodik,
PLDI’14, Onward’13]
Hard technical challenge: how to efficiently translate a program and its interpreter?
![Page 32: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/32.jpg)
designsolver-aided languages
![Page 33: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/33.jpg)
domain-specific language (DSL)
Layers of languages
17
host language
A formal language that is specialized to a particular application domain and often limited in capability.
A high-level language for implementing DSLs, usually with meta-programming features.
interpreterlibrary
![Page 34: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/34.jpg)
Scala, Racket, JavaScript
domain-specific language (DSL)
artificial intelligenceChurch, BLOG
databasesSQL, Datalog
hardware designBluespec, Chisel, Verilog, VHDL
math and statisticsEigen, Matlab, R
layout and visualizationLaTex, dot, dygraphs, D3
Layers of languages
17
host language
interpreterlibrary
![Page 35: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/35.jpg)
domain-specific language (DSL)
Layers of languages
17
host language
C = A * B
C / Java
Eigen / Matlab
[associativity]C = A * B
for (i = 0; i < n; i++) for (j = 0; j < m; j++) for (k = 0; k < p; k++) C[i][k] += A[i][j] * B[j][k]
interpreterlibrary
![Page 36: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/36.jpg)
solver-aided domain-specific language (SDSL)
Layers of solver-aided languages
18
solver-aided host language
symbolic virtual machine
interpreterlibrary
![Page 37: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/37.jpg)
ROSETTE[Torlak & Bodik, Onward’13, PLDI’14]
solver-aided domain-specific language (SDSL)
Layers of solver-aided languages
18
solver-aided host language
symbolic virtual machine
interpreterlibrary
![Page 38: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/38.jpg)
ROSETTE[Torlak & Bodik, Onward’13, PLDI’14]
solver-aided domain-specific language (SDSL)
Layers of solver-aided languages
18
solver-aided host language
symbolic virtual machine
interpreterlibrary
spatial programmingChlorophyll
intelligent tutoring RuleSynth
memory modelsMemSynth
optimal synthesisSynapse
radiotherapy controllersNeutrons
BGP router configurationsBagPipe
![Page 39: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/39.jpg)
Anatomy of a solver-aided host language
19
Racket
![Page 40: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/40.jpg)
(define-symbolic id type)
(assert expr)
(verify expr) (debug [expr] expr) (solve expr) (synthesize [expr] expr)
ROSETTE
Anatomy of a solver-aided host language
19
![Page 41: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/41.jpg)
A tiny example SDSL
20
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
BV: A tiny assembly-like language for writing fast, low-level library functions.
debugsynth
![Page 42: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/42.jpg)
A tiny example SDSL
20
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
BV: A tiny assembly-like language for writing fast, low-level library functions.
test verify
debugsynth
![Page 43: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/43.jpg)
A tiny example SDSL
20
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
BV: A tiny assembly-like language for writing fast, low-level library functions.
test verify
debugsynth
1. interpreter [10 LOC]
2. verifier [free]
3. debugger [free]
4. synthesizer [free]
![Page 44: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/44.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> bvmax(-2, -1)
A tiny example SDSL:
21
ROSETTE
![Page 45: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/45.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> bvmax(-2, -1)
A tiny example SDSL:
21
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
parse
ROSETTE
![Page 46: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/46.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> bvmax(-2, -1)
A tiny example SDSL:
21
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
parse
ROSETTE
(out opcode in ...)
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
![Page 47: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/47.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
22
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5))) `(-2 -1)
![Page 48: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/48.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
22
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
0 -21 -12 03 04 -25 06 -1
![Page 49: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/49.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
22
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
0 -21 -12 03 04 -25 06 -1
(2 bvge 0 1)
![Page 50: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/50.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
22
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
0 -21 -12 03 04 -25 06 -1
(2 bvge 0 1)
![Page 51: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/51.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
22
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
0 -21 -12 03 04 -25 06 -1
(2 bvge 0 1)
![Page 52: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/52.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
22
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
0 -21 -12 03 04 -25 06 -1
(2 bvge 0 1)
![Page 53: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/53.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
22
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
0 -21 -12 03 04 -25 06 -1
(2 bvge 0 1)(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
![Page 54: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/54.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
22
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
0 -21 -12 03 04 -25 06 -1
(2 bvge 0 1)(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
![Page 55: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/55.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> bvmax(-2, -1) -1
A tiny example SDSL:
23
ROSETTE
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
‣ pattern matching‣ dynamic evaluation‣ first-class &
higher-order procedures
‣ side effects
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
![Page 56: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/56.jpg)
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (interpret max inputs))))
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> verify(bvmax, max) (0, -2)
> bvmax(0, -2) -1
A tiny example SDSL:
24
ROSETTE
query
![Page 57: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/57.jpg)
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (interpret max inputs))))
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (interpret max inputs))))
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> verify(bvmax, max) (0, -2)
> bvmax(0, -2) -1
A tiny example SDSL:
24
ROSETTE
Creates two fresh symbolic constants of type number and binds them to variables n0 and n1.
query
![Page 58: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/58.jpg)
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (interpret max inputs))))
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (interpret max inputs))))
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (interpret max inputs))))
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> verify(bvmax, max) (0, -2)
> bvmax(0, -2) -1
A tiny example SDSL:
24
ROSETTE
Symbolic values can be used just like concrete values of the same type.
query
![Page 59: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/59.jpg)
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (interpret max inputs))))
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (interpret max inputs))))
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (interpret max inputs))))
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (interpret max inputs))))
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> verify(bvmax, max) (0, -2)
> bvmax(0, -2) -1
A tiny example SDSL:
24
ROSETTE
(verify expr) searches for a concrete interpretation of symbolic constants that causes expr to fail.
query
![Page 60: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/60.jpg)
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (interpret max inputs))))
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (interpret max inputs))))
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (interpret max inputs))))
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (interpret max inputs))))
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> verify(bvmax, max) (0, -2)
> bvmax(0, -2) -1
A tiny example SDSL:
24
ROSETTE
query
![Page 61: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/61.jpg)
(define inputs (list 0 -2)) (debug [input-register?] (assert (= (interpret bvmax inputs) (interpret max inputs))))
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> debug(bvmax, max, (0, -2))
A tiny example SDSL:
25
ROSETTE
query
![Page 62: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/62.jpg)
(define inputs (list 0 -2)) (debug [input-register?] (assert (= (interpret bvmax inputs) (interpret max inputs))))
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
> debug(bvmax, max, (0, -2))
A tiny example SDSL:
25
ROSETTE
query
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
![Page 63: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/63.jpg)
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (synthesize [inputs] (assert (= (interpret bvmax inputs) (interpret max inputs)))))
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(??, ??) r5 = bvand(r3, ??) r6 = bvxor(??, ??) return r6
> synthesize(bvmax, max)
A tiny example SDSL:
26
ROSETTE
query
![Page 64: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/64.jpg)
(define-symbolic n0 n1 integer?) (define inputs (list n0 n1)) (synthesize [inputs] (assert (= (interpret bvmax inputs) (interpret max inputs)))))
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(??, ??) r5 = bvand(r3, ??) r6 = bvxor(??, ??) return r6
> synthesize(bvmax, max)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r1) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
A tiny example SDSL:
26
ROSETTE
query
![Page 65: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/65.jpg)
techsymbolic virtual machine (SVM)
![Page 66: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/66.jpg)
ROSETTE
How it all works: a big picture view
28
symbolicvirtual machine
SDSL
program
query
solver
[Torlak & Bodik, Onward’13]
[Torlak & Bodik, PLDI’14]
![Page 67: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/67.jpg)
ROSETTE
How it all works: a big picture view
28
symbolicvirtual machine
SDSL
program
result
solver
[Torlak & Bodik, Onward’13]
[Torlak & Bodik, PLDI’14]
![Page 68: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/68.jpg)
ROSETTE
How it all works: a big picture view
28
symbolicvirtual machine
SDSL
program
result
solver
‣ pattern matching‣ dynamic evaluation‣ first-class procedures ‣ higher-order procedures‣ side effects‣ macros
theories of bitvectors, integers, reals, and uninterpreted functions
[Torlak & Bodik, Onward’13]
[Torlak & Bodik, PLDI’14]
![Page 69: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/69.jpg)
(3, 1, -2) (1, 3)
Translation to constraints by example
29
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
reverse and filter, keeping only positive numbers
vs ps
![Page 70: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/70.jpg)
(3, 1, -2) (1, 3)
Translation to constraints by example
29
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
vs ps
![Page 71: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/71.jpg)
Translation to constraints by example
29
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
vs psconstraints
![Page 72: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/72.jpg)
(a, b)
Translation to constraints by example
29
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
vs psconstraints
![Page 73: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/73.jpg)
a>0 ∧ b>0 (a, b)
Translation to constraints by example
29
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
vs psconstraints
![Page 74: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/74.jpg)
Design space of precise symbolic encodings
30
symbolic execution
bounded model checkingsolve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 75: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/75.jpg)
{ }a > 0b ≤ 0false
Design space of precise symbolic encodings
30
a > 0
b ≤ 0
ps ↦ (a)
ps ↦ (a)
vs ↦ (a, b)ps ↦ ( )
symbolic execution
bounded model checkingsolve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 76: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/76.jpg)
{ }a > 0b ≤ 0false
∨ ∨ ∨
Design space of precise symbolic encodings
30
a > 0
b ≤ 0
ps ↦ (a)
ps ↦ (a)
vs ↦ (a, b)ps ↦ ( )
b > 0b > 0
ps ↦ (b) ps ↦ (b, a)
{ }a ≤ 0b > 0false
{ }a > 0b > 0true
a ≤ 0
b ≤ 0
ps ↦ ( )
ps ↦ ( )
{ }a ≤ 0b ≤ 0false
symbolic execution
bounded model checkingsolve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 77: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/77.jpg)
{ }a > 0b ≤ 0false
∨ ∨ ∨
Design space of precise symbolic encodings
30
vs ↦ (a, b)ps ↦ ( )
ps ↦ (a)
ps ↦ ps0
a > 0a ≤ 0
ps0 = ite(a > 0, (a), ( ))ps1 = insert(b, ps0)ps2 = ite(b > 0, ps0, ps1)assert len(ps2) = 2
a > 0
b ≤ 0
ps ↦ (a)
ps ↦ (a)
vs ↦ (a, b)ps ↦ ( )
b > 0b > 0
ps ↦ (b) ps ↦ (b, a)
{ }a ≤ 0b > 0false
{ }a > 0b > 0true
a ≤ 0
b ≤ 0
ps ↦ ( )
ps ↦ ( )
{ }a ≤ 0b ≤ 0false
symbolic execution
bounded model checking
ps ↦ ( )
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 78: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/78.jpg)
{ }a > 0b ≤ 0false
∨ ∨ ∨
Design space of precise symbolic encodings
30
vs ↦ (a, b)ps ↦ ( )
ps ↦ (a)
ps ↦ ps0
a > 0a ≤ 0
ps0 = ite(a > 0, (a), ( ))ps1 = insert(b, ps0)ps2 = ite(b > 0, ps0, ps1)assert len(ps2) = 2
a > 0
b ≤ 0
ps ↦ (a)
ps ↦ (a)
vs ↦ (a, b)ps ↦ ( )
b > 0b > 0
ps ↦ (b) ps ↦ (b, a)
{ }a ≤ 0b > 0false
{ }a > 0b > 0true
a ≤ 0
b ≤ 0
ps ↦ ( )
ps ↦ ( )
{ }a ≤ 0b ≤ 0false
symbolic execution
bounded model checking
ps ↦ ( )
ps ↦ ps1
b > 0
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 79: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/79.jpg)
{ }a > 0b ≤ 0false
∨ ∨ ∨
Design space of precise symbolic encodings
30
vs ↦ (a, b)ps ↦ ( )
ps ↦ (a)
ps ↦ ps0
a > 0a ≤ 0
ps0 = ite(a > 0, (a), ( ))ps1 = insert(b, ps0)ps2 = ite(b > 0, ps0, ps1)assert len(ps2) = 2
a > 0
b ≤ 0
ps ↦ (a)
ps ↦ (a)
vs ↦ (a, b)ps ↦ ( )
b > 0b > 0
ps ↦ (b) ps ↦ (b, a)
{ }a ≤ 0b > 0false
{ }a > 0b > 0true
a ≤ 0
b ≤ 0
ps ↦ ( )
ps ↦ ( )
{ }a ≤ 0b ≤ 0false
symbolic execution
bounded model checking
ps ↦ ( )
ps ↦ ps1
ps ↦ ps2
b > 0b ≤ 0
ps ↦ ps0
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 80: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/80.jpg)
A new design: type-driven state merging
31
{ }a > 0b > 0true
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 81: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/81.jpg)
Merge values of ‣ primitive types: symbolically‣ immutable types: structurally‣ all other types: via unions
A new design: type-driven state merging
31
{ }a > 0b > 0true
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 82: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/82.jpg)
Merge values of ‣ primitive types: symbolically‣ immutable types: structurally‣ all other types: via unions
ba
A new design: type-driven state merging
31
{ }a > 0b > 0true
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
⁊g g
c
![Page 83: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/83.jpg)
Merge values of ‣ primitive types: symbolically‣ immutable types: structurally‣ all other types: via unions
ba (c, d)(a, b)
A new design: type-driven state merging
31
{ }a > 0b > 0true
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
⁊g g
c(e, f)
![Page 84: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/84.jpg)
Merge values of ‣ primitive types: symbolically‣ immutable types: structurally‣ all other types: via unions
ba (c, d)
A new design: type-driven state merging
31
{ }a > 0b > 0true
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
⁊g g
c(e, f){ ¬g ⊦ a, g ⊦ () }
()
![Page 85: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/85.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
A new design: type-driven state merging
32
symbolic virtual machine
![Page 86: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/86.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
a > 0a ≤ 0
A new design: type-driven state merging
32
vs ↦ (a, b)ps ↦ ( )
ps ↦ (a)ps ↦ ( )
symbolic virtual machine
![Page 87: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/87.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
Symbolic union: a set of guarded values, with disjoint guards.
g0 = a > 0g1 = b > 0 g2 = g0 ∧ g1
g3 = ¬(g0 ⇔ g1)g4 = ¬g0 ∧ ¬g1
c = ite(g1, b, a)assert g2
a > 0a ≤ 0 g0¬ g0
A new design: type-driven state merging
32
vs ↦ (a, b)ps ↦ ( )
ps ↦ (a)ps ↦ ( )
symbolic virtual machine
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
![Page 88: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/88.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
Execute insert concretely on all lists in the union.
g0 = a > 0g1 = b > 0 g2 = g0 ∧ g1
g3 = ¬(g0 ⇔ g1)g4 = ¬g0 ∧ ¬g1
c = ite(g1, b, a)assert g2
a > 0a ≤ 0
g1
g0¬ g0
A new design: type-driven state merging
32
vs ↦ (a, b)ps ↦ ( )
ps ↦ (a)ps ↦ ( )
symbolic virtual machine
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g0 ⊦ (b, a), ¬g0 ⊦ (b) }
![Page 89: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/89.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
g0 = a > 0g1 = b > 0 g2 = g0 ∧ g1
g3 = ¬(g0 ⇔ g1)g4 = ¬g0 ∧ ¬g1
c = ite(g1, b, a)assert g2
a > 0a ≤ 0
¬ g1 g1
g0¬ g0
A new design: type-driven state merging
32
vs ↦ (a, b)ps ↦ ( )
ps ↦ (a)ps ↦ ( )
symbolic virtual machine
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g0 ⊦ (b, a), ¬g0 ⊦ (b) }
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
![Page 90: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/90.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
g0 = a > 0g1 = b > 0 g2 = g0 ∧ g1
g3 = ¬(g0 ⇔ g1)g4 = ¬g0 ∧ ¬g1
c = ite(g1, b, a)assert g2
a > 0a ≤ 0
¬ g1 g1
g0¬ g0
A new design: type-driven state merging
32
vs ↦ (a, b)ps ↦ ( )
ps ↦ (a)ps ↦ ( )
symbolic virtual machine
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g0 ⊦ (b, a), ¬g0 ⊦ (b) }
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g2 ⊦ (b, a), g3 ⊦ (c), g4 ⊦ ( ) }
![Page 91: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/91.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
Evaluate len concretely on all lists in the union; assertion true only on the list guarded by g2.
g0 = a > 0g1 = b > 0 g2 = g0 ∧ g1
g3 = ¬(g0 ⇔ g1)g4 = ¬g0 ∧ ¬g1
c = ite(g1, b, a)assert g2
a > 0a ≤ 0
¬ g1 g1
g0¬ g0
A new design: type-driven state merging
32
vs ↦ (a, b)ps ↦ ( )
ps ↦ (a)ps ↦ ( )
symbolic virtual machine
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g0 ⊦ (b, a), ¬g0 ⊦ (b) }
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g2 ⊦ (b, a), g3 ⊦ (c), g4 ⊦ ( ) }
![Page 92: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/92.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
g0 = a > 0g1 = b > 0 g2 = g0 ∧ g1
g3 = ¬(g0 ⇔ g1)g4 = ¬g0 ∧ ¬g1
c = ite(g1, b, a)assert g2
a > 0a ≤ 0
¬ g1 g1
g0¬ g0
A new design: type-driven state merging
32
vs ↦ (a, b)ps ↦ ( )
ps ↦ (a)ps ↦ ( )
symbolic virtual machine
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g0 ⊦ (b, a), ¬g0 ⊦ (b) }
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g2 ⊦ (b, a), g3 ⊦ (c), g4 ⊦ ( ) }
concrete evaluation
polynomial encoding
![Page 93: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/93.jpg)
appssolver-aided programming for everyone
![Page 94: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/94.jpg)
Investigating Safety of a Radiotherapy Machine (CAV’16)Stuart Pernsteiner, Calvin Loncaric, Emina Torlak, Zachary Tatlock, Xi Wang, Michael Ernst, and Jon Jacky
Scaling up Superoptimization (ASPLOS’16)Phitchaya Mangpo Phothilimthana, Aditya Thakur, Rastislav Bodík, and Dinakar Dhurjati.
Recent applications of ROSETTE
34
Synthesizing Memory Models from Litmus TestsJames Bornholt and Emina Torlak (under submission)
Synthesizing Custom Tutoring Rules for Introductory AlgebraEric Butler, Emina Torlak, and Zoran Popovic (under submission)
Scalable Verification of BGP Configurations (OOPSLA’16)Konstantin Weitz, Doug Woos, Emina Torlak, Michael D. Ernst, Arvind Krishnamurthy, and Zachary Tatlock
Investigating Safety of a Radiotherapy Machine (CAV’16)Stuart Pernsteiner, Calvin Loncaric, Emina Torlak, Zachary Tatlock, Xi Wang, Michael Ernst, and Jon Jacky
A Framework for Synthesis and Parameterized Design of Rule Systems Applied to Algebra (ITS’16)
Eric Butler, Emina Torlak, and Zoran Popovic
Specifying and Checking File System Crash-Consistency Models (ASPLOS’16)
James Bornholt, Antoine Kaufmann, Jialin Li, Arvind Krishnamurthy, Emina Torlak, and Xi Wang.
Scaling up Superoptimization (ASPLOS’16)Phitchaya Mangpo Phothilimthana, Aditya Thakur, Rastislav Bodík, and Dinakar Dhurjati.
Synapse: Optimizing Synthesis with Metasketches (POPL’16)James Bornholt, Emina Torlak, Dan Grossman, and Luis Ceze.
…
![Page 95: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/95.jpg)
Investigating Safety of a Radiotherapy Machine (CAV’16)
Stuart Pernsteiner, Calvin Loncaric, Emina Torlak, Zachary Tatlock, Xi Wang, Michael Ernst, and Jon Jacky
Scaling up Superoptimization (ASPLOS’16)
Phitchaya Mangpo Phothilimthana, Aditya Thakur, Rastislav Bodík, and Dinakar Dhurjati.
35
Recent applications of ROSETTE
![Page 96: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/96.jpg)
36
Clinical Neutron Therapy System (CNTS) at UW
Recent applications of ROSETTE: Neutrons
Investigating Safety of a Radiotherapy Machine (CAV’16)
Stuart Pernsteiner, Calvin Loncaric, Emina Torlak, Zachary Tatlock, Xi Wang, Michael Ernst, and Jon Jacky
Scaling up Superoptimization (ASPLOS’16)
Phitchaya Mangpo Phothilimthana, Aditya Thakur, Rastislav Bodík, and Dinakar Dhurjati.
• Used Rosette to build a verifier for the EPICS DSL.
• Found safety-critical defects in a pre-release version of the therapy control software.
• Used by CNTS staff to verify changes to the control software.
![Page 97: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/97.jpg)
Investigating Safety of a Radiotherapy Machine (CAV’16)
Stuart Pernsteiner, Calvin Loncaric, Emina Torlak, Zachary Tatlock, Xi Wang, Michael Ernst, and Jon Jacky
Scaling up Superoptimization (ASPLOS’16)
Phitchaya Mangpo Phothilimthana, Aditya Thakur, Rastislav Bodík, and Dinakar Dhurjati.
37
Recent applications of ROSETTE: Enlearn
• Education technology company founded by Zoran Popovic.
• Uses Rosette to develop educational math games, released to thousands (and eventually millions) of students.
• Building a Rosette-based DSL to enable educators to develop their own educational tools.
![Page 98: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/98.jpg)
Investigating Safety of a Radiotherapy Machine (CAV’16)
Stuart Pernsteiner, Calvin Loncaric, Emina Torlak, Zachary Tatlock, Xi Wang, Michael Ernst, and Jon Jacky
Scaling up Superoptimization (ASPLOS’16)
Phitchaya Mangpo Phothilimthana, Aditya Thakur, Rastislav Bodík, and Dinakar Dhurjati.
38
Recent applications of ROSETTE: Greenthumb
• A Rosette-based framework for creating efficient superoptimizers for new ISAs.
• Requires only an emulator for the ISA and a few ISA-specific search utility functions!
• Hosts superoptimizers for ARM and GreenArrays (GA) ISA.
• Up to 82% speedup over gcc -O3 for ARM; within 19% of hand optimized code for GA.
![Page 99: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/99.jpg)
thanks
![Page 100: Synthesis and Verification for All - Racket · (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op](https://reader033.fdocuments.in/reader033/viewer/2022042806/5f6c6ac88892de79b15f2061/html5/thumbnails/100.jpg)
thanksROSETTE
your SDSL
symbolic virtual machine
synthesize
debug
solve
verify