Programming for everyone: from solvers to solver-aided...
Transcript of Programming for everyone: from solvers to solver-aided...
![Page 1: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/1.jpg)
Emina Torlak U.C. Berkeley
http://people.csail.mit.edu/emina/
Programming for everyone: from solvers to solver-aided languages and beyond
![Page 2: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/2.jpg)
visiona little programming for everyone
![Page 3: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/3.jpg)
A little programming for everyone
3
We all want to build programs …
![Page 4: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/4.jpg)
‣ spreadsheet data manipulation [Flashfill, POPL’11]
A little programming for everyone
3
We all want to build programs …
social scientist
![Page 5: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/5.jpg)
‣ spreadsheet data manipulation [Flashfill, POPL’11]
‣ models of cell fates [SBL, POPL’13]
A little programming for everyone
3
We all want to build programs …
biologist social scientist
![Page 6: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/6.jpg)
‣ spreadsheet data manipulation [Flashfill, POPL’11]
‣ models of cell fates [SBL, POPL’13]
‣ cache coherence protocols [Transit, PLDI’13] ‣ memory models [MemSAT, PLDI’10]
A little programming for everyone
3
We all want to build programs …
hardware designer
biologist social scientist
![Page 7: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/7.jpg)
‣ spreadsheet data manipulation [Flashfill, POPL’11]
‣ models of cell fates [SBL, POPL’13]
‣ cache coherence protocols [Transit, PLDI’13] ‣ memory models [MemSAT, PLDI’10]
A little programming for everyone
3
code
time
effort
We all want to build programs …
hardware designer
biologist social scientist
![Page 8: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/8.jpg)
A little programming for everyone
4
less code
less time
less effort
solver-aided languages
We all want to build programs …
‣ spreadsheet data manipulation ‣ models of cell fates ‣ cache coherence protocols ‣ memory models
hardware designer
biologist social scientist
![Page 9: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/9.jpg)
software crisis
program logics (Floyd, Hoare, Dijkstra)
mechanization of logic (Milner, Pnueli)
mechanized tools (Clarke, Emerson, Sifakis)
software gap
SAT/SMT solvers and tools
solver-aided languages
A little history
5
better programs
![Page 10: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/10.jpg)
software crisis
program logics (Floyd, Hoare, Dijkstra)
mechanization of logic (Milner, Pnueli)
mechanized tools (Clarke, Emerson, Sifakis)
software gap
SAT/SMT solvers and tools
solver-aided languages
A little history
5
better programs
1960
1970
1980
1990
2000
![Page 11: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/11.jpg)
software crisis
program logics (Floyd, Hoare, Dijkstra)
mechanization of logic (Milner, Pnueli)
mechanized tools (Clarke, Emerson, Sifakis)
software gap
SAT/SMT solvers and tools
solver-aided languages
A little history
5
better programs
1960
1970
1980
1990
2000
ASTRÉE [AbsInt]
SLAM [MSR]
6TH SENSE [IBM]
![Page 12: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/12.jpg)
software crisis
program logics (Floyd, Hoare, Dijkstra)
mechanization of logic (Milner, Pnueli)
mechanized tools (Clarke, Emerson, Sifakis)
software gap
SAT/SMT solvers and tools
solver-aided languages
A little history
5
better programs
1960
1970
1980
1990
2000
![Page 13: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/13.jpg)
software crisis
program logics (Floyd, Hoare, Dijkstra)
mechanization of logic (Milner, Pnueli)
mechanized tools (Clarke, Emerson, Sifakis)
software gap
SAT/SMT solvers and tools
solver-aided languages
A little history
5
better programs
1960
1970
1980
1990
2000
![Page 14: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/14.jpg)
software crisis
program logics (Floyd, Hoare, Dijkstra)
mechanization of logic (Milner, Pnueli)
mechanized tools (Clarke, Emerson, Sifakis)
software gap
SAT/SMT solvers and tools
solver-aided languages
A little history
5
better programs
more easily
1960
1970
1980
1990
2000
2010
![Page 15: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/15.jpg)
outlinesolver-aided tools, languages and beyond
![Page 16: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/16.jpg)
outlinesolver-aided tools, languages and beyondsolver-aided tools
![Page 17: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/17.jpg)
outlinesolver-aided tools, languages and beyondsolver-aided tools, languages
![Page 18: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/18.jpg)
outlinesolver-aided tools, languages and beyondsolver-aided tools, languages and demos
![Page 19: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/19.jpg)
storysolver-aided tools
![Page 20: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/20.jpg)
P(x) { … …
}
Programming …
8
specification
![Page 21: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/21.jpg)
P(x) { … …
}
Programming …
8
specificationtest case
assert safe(P(2))
![Page 22: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/22.jpg)
Programming with a solver-aided tool
9
?SAT/SMT
solvertranslate(…)
P(x) { … …
} assert safe(P(x))
![Page 23: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/23.jpg)
Solver-aided tools: verification
10
Find an input on which the program fails.
∃x . ¬ safe(P(x))
CBMC [CMU], Dafny [MSR], Miniatur [IBM], Klee [Stanford], etc.
SAT/SMT solver
P(x) { … …
} assert safe(P(x))
![Page 24: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/24.jpg)
Solver-aided tools: verification
10
Find an input on which the program fails.
∃x . ¬ safe(P(x))
CBMC [CMU], Dafny [MSR], Miniatur [IBM], Klee [Stanford], etc.
modelvalues
SAT/SMT solver
P(x) { … …
} assert safe(P(x))
42
![Page 25: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/25.jpg)
SAT/SMT solver
Solver-aided tools: debugging
11
Localize bad parts of the program.
x = 42 ⋀ safe(P(x))
BugAssist [UCLA / MPI-SWS]
P(x) { v = x + 2 …
} assert safe(P(x))
42
![Page 26: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/26.jpg)
SAT/SMT solver
Solver-aided tools: debugging
11
min core
Localize bad parts of the program.
x = 42 ⋀ safe(P(x))
BugAssist [UCLA / MPI-SWS]
P(x) { v = x + 2 …
} assert safe(P(x))
x + 2
42
expressions
![Page 27: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/27.jpg)
Solver-aided tools: angelic execution
12
Find values that repair the failing execution.
∃v . safe(P(42, v))
Kaplan [EPFL], PBnJ [UCLA], Skalch [Berkeley], Squander [MIT], etc.
SAT/SMT solver
P(x) { v = choose() …
} assert safe(P(x))
42
![Page 28: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/28.jpg)
Solver-aided tools: angelic execution
12
Find values that repair the failing execution.
∃v . safe(P(42, v))
modelvalues
Kaplan [EPFL], PBnJ [UCLA], Skalch [Berkeley], Squander [MIT], etc.
SAT/SMT solver
P(x) { v = choose() …
} assert safe(P(x))
42 40
![Page 29: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/29.jpg)
P(x) { v = ?? …
} assert safe(P(x))
Solver-aided tools: synthesis
13
Synthesize code that repairs the program.
∃e . ∀x . safe(Pe(x))
Comfusy [EPFL], Sketch [Berkeley / MIT]
SAT/SMT solver
![Page 30: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/30.jpg)
P(x) { v = ?? …
} assert safe(P(x))
Solver-aided tools: synthesis
13
Synthesize code that repairs the program.
∃e . ∀x . safe(Pe(x))
Comfusy [EPFL], Sketch [Berkeley / MIT]
SAT/SMT solver
x − 2
modelexpressions
![Page 31: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/31.jpg)
wantedmore solver-aided tools …
![Page 32: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/32.jpg)
wantedmore solver-aided tools …
![Page 33: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/33.jpg)
Building solver-aided tools: state-of-the-art
15
tools expert
execute synth
![Page 34: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/34.jpg)
Building solver-aided tools: state-of-the-art
15
learn the problem domain
I need a tool to create models of biological cells …
tools expert domain expert
execute synth
![Page 35: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/35.jpg)
Building solver-aided tools: state-of-the-art
15
learn the problem domain
design a domain language
I need a tool to create models of biological cells …
Abstractions for cells, components, interactions, …
tools expert domain expert
execute synth
![Page 36: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/36.jpg)
build a symbolic compiler from the domain language to constraints
Building solver-aided tools: state-of-the-art
15
learn the problem domain
design a domain language
months or years of work
I need a tool to create models of biological cells …
tools expert domain expert
verify debug
execute synth
A solver-aided tool for creating biological models
![Page 37: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/37.jpg)
Can we do better?
16
design a domain language
weeks
domain expert
verify debug
execute synth
implement an interpreter for the language, get a symbolic compiler for free
![Page 38: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/38.jpg)
Can we do better?
16
design a domain language
weeks
domain expert
a solver-aided host language
a solver-aided domain-specific language (SDSL)
verify debug
execute synth
implement an interpreter for the language, get a symbolic compiler for free
![Page 39: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/39.jpg)
designsolver-aided languages
![Page 40: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/40.jpg)
domain-specific language (DSL)
Layers of languages
18
host language
A formal language that is specialized to a particular application domain and often limited in capability.
A high-level language for implementing DSLs, usually with meta-programming features.
interpreterlibrary
![Page 41: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/41.jpg)
Scala, Racket, JavaScript
domain-specific language (DSL)
artificial intelligence Church, BLOG
databases SQL, Datalog
hardware design Bluespec, Chisel, Verilog, VHDL
math and statistics Eigen, Matlab, R
layout and visualization LaTex, dot, dygraphs, D3
Layers of languages
18
host language
interpreterlibrary
![Page 42: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/42.jpg)
domain-specific language (DSL)
Layers of languages
18
host language
C = A * B
C / Java
Eigen / Matlab
[associativity]C = A * B
for (i = 0; i < n; i++) for (j = 0; j < m; j++) for (k = 0; k < p; k++) C[i][k] += A[i][j] * B[j][k]
interpreterlibrary
![Page 43: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/43.jpg)
solver-aided domain-specific language (SDSL)
Layers of solver-aided languages
19
solver-aided host language
symbolic virtual machine
interpreterlibrary
![Page 44: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/44.jpg)
solver-aided domain-specific language (SDSL)
Layers of solver-aided languages
19
solver-aided host language
symbolic virtual machine
ROSETTE[Torlak & Bodik, Onward’13, PLDI’14]
interpreterlibrary
![Page 45: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/45.jpg)
spatial programming Chlorophyll
data-parallel programming SynthCL
web scraping WebSynth
secure stack machines IFC
solver-aided domain-specific language (SDSL)
Layers of solver-aided languages
19
solver-aided host language
symbolic virtual machine
ROSETTE[Torlak & Bodik, Onward’13, PLDI’14]
interpreterlibrary
![Page 46: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/46.jpg)
deve
lopm
ent
time
(wee
ks)
0
4
8
12
16
Chlorophyll SynthCL WebSynth IFC
SDSLs developed with ROSETTE
20
(first-year grad) (expert) (undergrad) (expert)
![Page 47: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/47.jpg)
deve
lopm
ent
time
(wee
ks)
0
4
8
12
16
Chlorophyll SynthCL WebSynth IFC
Spatial programming for a low-power chip, using synthesis to partition code and data across 144 tiny cores.
SDSLs developed with ROSETTE
20
(first-year grad) (expert) (undergrad) (expert)
GreenArrays GA144
x + z
![Page 48: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/48.jpg)
deve
lopm
ent
time
(wee
ks)
0
4
8
12
16
Chlorophyll SynthCL WebSynth IFC
Spatial programming for a low-power chip, using synthesis to partition code and data across 144 tiny cores.
Optimal partitioning synthesized in minutes, while manual partitioning takes days [Phothilimthana et al., PLDI’14].
SDSLs developed with ROSETTE
20
(first-year grad) (expert) (undergrad) (expert)
GreenArrays GA144
x + zx + zx + z
![Page 49: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/49.jpg)
deve
lopm
ent
time
(wee
ks)
0
4
8
12
16
Chlorophyll SynthCL WebSynth IFC
Verification and synthesis for data-parallel programming with OpenCL.
SDSLs developed with ROSETTE
20
(first-year grad) (expert) (undergrad) (expert)
![Page 50: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/50.jpg)
deve
lopm
ent
time
(wee
ks)
0
4
8
12
16
Chlorophyll SynthCL WebSynth IFC
Verification and synthesis for data-parallel programming with OpenCL.
Used by a novice to develop new vectorized kernels that are as fast as expert code.
SDSLs developed with ROSETTE
20
(first-year grad) (expert) (undergrad) (expert)
![Page 51: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/51.jpg)
deve
lopm
ent
time
(wee
ks)
0
4
8
12
16
Chlorophyll SynthCL WebSynth IFC
Synthesis of web scraping scripts from examples (PBE).
SDSLs developed with ROSETTE
20
(first-year grad) (expert) (undergrad) (expert)
![Page 52: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/52.jpg)
deve
lopm
ent
time
(wee
ks)
0
4
8
12
16
Chlorophyll SynthCL WebSynth IFC
Synthesis of web scraping scripts from examples (PBE).Works on real web pages (e.g., iTunes) in seconds.
SDSLs developed with ROSETTE
20
(first-year grad) (expert) (undergrad) (expert)
![Page 53: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/53.jpg)
deve
lopm
ent
time
(wee
ks)
0
4
8
12
16
Chlorophyll SynthCL WebSynth IFC
Verification for executable specifications of secure stack machines.
SDSLs developed with ROSETTE
20
(first-year grad) (expert) (undergrad) (expert)
![Page 54: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/54.jpg)
deve
lopm
ent
time
(wee
ks)
0
4
8
12
16
Chlorophyll SynthCL WebSynth IFC
Verification for executable specifications of secure stack machines.
Finds all bugs reported by a specialized tool [Hritcu et al., ICFP’13].
SDSLs developed with ROSETTE
20
(first-year grad) (expert) (undergrad) (expert)
![Page 55: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/55.jpg)
Modern descendent of Scheme with macro-based metaprogramming.
Anatomy of a solver-aided host language
21
Racket
![Page 56: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/56.jpg)
ROSETTE
Anatomy of a solver-aided host language
21
!(define-symbolic id type)
(assert expr)
(verify expr) (debug [expr] expr) (solve expr) (synthesize [expr] expr)
![Page 57: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/57.jpg)
ROSETTE
Anatomy of a solver-aided host language
21
symbolic constants!(define-symbolic id type)
(assert expr)
(verify expr) (debug [expr] expr) (solve expr) (synthesize [expr] expr)
![Page 58: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/58.jpg)
ROSETTE
Anatomy of a solver-aided host language
21
symbolic constants
assertions
!(define-symbolic id type)
(assert expr)
(verify expr) (debug [expr] expr) (solve expr) (synthesize [expr] expr)
![Page 59: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/59.jpg)
ROSETTE
Anatomy of a solver-aided host language
21
symbolic constants
assertions
queries
!(define-symbolic id type)
(assert expr)
(verify expr) (debug [expr] expr) (solve expr) (synthesize [expr] expr)
![Page 60: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/60.jpg)
ROSETTE
Anatomy of a solver-aided host language
21
symbolic constants
assertions
queries
!(define-symbolic id type)
(assert expr)
(verify expr) (debug [expr] expr) (solve expr) (synthesize [expr] expr)
∃ v . property(P(v))
![Page 61: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/61.jpg)
ROSETTE
Anatomy of a solver-aided host language
21
symbolic constants
assertions
queries
!(define-symbolic id type)
(assert expr)
(verify expr) (debug [expr] expr) (solve expr) (synthesize [expr] expr)
∃ v . property(P(v))∃ v . property(P(v))
(define-symbolic v number?)
![Page 62: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/62.jpg)
ROSETTE
Anatomy of a solver-aided host language
21
symbolic constants
assertions
queries
!(define-symbolic id type)
(assert expr)
(verify expr) (debug [expr] expr) (solve expr) (synthesize [expr] expr)
∃ v . property(P(v))∃ v . property(P(v))∃ v . property(P(v))
(define-symbolic v number?)
(assert (odd? (P v)))
![Page 63: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/63.jpg)
ROSETTE
Anatomy of a solver-aided host language
21
symbolic constants
assertions
queries
!(define-symbolic id type)
(assert expr)
(verify expr) (debug [expr] expr) (solve expr) (synthesize [expr] expr)
∃ v . property(P(v))∃ v . property(P(v))∃ v . property(P(v))∃ v . property(P(v))
(define-symbolic v number?)
(assert (odd? (P v)))
(solve (check P))
![Page 64: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/64.jpg)
A tiny example SDSL
22
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
BV: A tiny assembly-like language for writing fast, low-level library functions.
debug synth
![Page 65: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/65.jpg)
A tiny example SDSL
22
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
BV: A tiny assembly-like language for writing fast, low-level library functions.
test verify
debug synth
![Page 66: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/66.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> bvmax(-2, -1)
A tiny example SDSL:
23
ROSETTE
![Page 67: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/67.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> bvmax(-2, -1)
A tiny example SDSL:
23
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
parse
ROSETTE
![Page 68: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/68.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> bvmax(-2, -1)
A tiny example SDSL:
23
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
parse
ROSETTE
(out opcode in ...)
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
![Page 69: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/69.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
24
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5))) `(-2 -1)
![Page 70: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/70.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
24
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
0 -21 -12 03 04 -25 06 -1
![Page 71: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/71.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
24
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
0 -21 -12 03 04 -25 06 -1
(2 bvge 0 1)
![Page 72: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/72.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
24
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
0 -21 -12 03 04 -25 06 -1
(2 bvge 0 1)
![Page 73: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/73.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
24
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
0 -21 -12 03 04 -25 06 -1
(2 bvge 0 1)
![Page 74: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/74.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
24
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
0 -21 -12 03 04 -25 06 -1
(2 bvge 0 1)
![Page 75: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/75.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
24
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
0 -21 -12 03 04 -25 06 -1
(2 bvge 0 1)(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
![Page 76: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/76.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> bvmax(-2, -1) -1
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
A tiny example SDSL:
24
ROSETTE
interpret
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
0 -21 -12 03 04 -25 06 -1
(2 bvge 0 1)(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
![Page 77: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/77.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> bvmax(-2, -1) -1
A tiny example SDSL:
25
ROSETTE
(define bvmax `((2 bvge 0 1) (3 bvneg 2) (4 bvxor 0 2) (5 bvand 3 4) (6 bvxor 1 5)))
‣ pattern matching ‣ dynamic evaluation ‣ first-class &
higher-order procedures
‣ side effects
(define (interpret prog inputs) (make-registers prog inputs) (for ([stmt prog]) (match stmt [(list out opcode in ...) (define op (eval opcode)) (define args (map load in)) (store out (apply op args))])) (load (last)))
![Page 78: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/78.jpg)
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (apply max inputs))))
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> verify(bvmax, max) (0, -2) !> bvmax(0, -2) -1
A tiny example SDSL:
26
ROSETTE
query
![Page 79: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/79.jpg)
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (apply max inputs))))
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> verify(bvmax, max) (0, -2) !> bvmax(0, -2) -1
A tiny example SDSL:
26
ROSETTE
Creates two fresh symbolic constants of type number and binds them to variables n0 and n1.
query
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (apply max inputs))))
![Page 80: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/80.jpg)
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (apply max inputs))))
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> verify(bvmax, max) (0, -2) !> bvmax(0, -2) -1
A tiny example SDSL:
26
ROSETTE
Symbolic values can be used just like concrete values of the same type.
query
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (apply max inputs))))
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (apply max inputs))))
![Page 81: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/81.jpg)
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (apply max inputs))))
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> verify(bvmax, max) (0, -2) !> bvmax(0, -2) -1
A tiny example SDSL:
26
ROSETTE
(verify expr) searches for a concrete interpretation of symbolic constants that causes expr to fail.
query
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (apply max inputs))))
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (apply max inputs))))
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (apply max inputs))))
![Page 82: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/82.jpg)
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (apply max inputs))))
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> verify(bvmax, max) (0, -2) !> bvmax(0, -2) -1
A tiny example SDSL:
26
ROSETTE
query
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (apply max inputs))))
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (apply max inputs))))
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (verify (assert (= (interpret bvmax inputs) (apply max inputs))))
![Page 83: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/83.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> debug(bvmax, max, (0, -2))
!(define inputs (list 0 -2)) (debug [input-register?] (assert (= (interpret bvmax inputs) (apply max inputs))))
A tiny example SDSL:
27
ROSETTE
query
![Page 84: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/84.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 !> debug(bvmax, max, (0, -2))
!(define inputs (list 0 -2)) (debug [input-register?] (assert (= (interpret bvmax inputs) (apply max inputs))))
A tiny example SDSL:
27
ROSETTE
query
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6
![Page 85: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/85.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(??, ??) r5 = bvand(r3, ??) r6 = bvxor(??, ??) return r6 !> synthesize(bvmax, max) !!!!!
(define-symbolic n0 n1 number?) (define inputs (list n0 n1)) (synthesize [inputs] (assert (= (interpret bvmax inputs) (apply max inputs)))))
A tiny example SDSL:
28
ROSETTE
query
![Page 86: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/86.jpg)
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(??, ??) r5 = bvand(r3, ??) r6 = bvxor(??, ??) return r6 !> synthesize(bvmax, max) !!!!!
def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r1) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 (define-symbolic n0 n1 number?)
(define inputs (list n0 n1)) (synthesize [inputs] (assert (= (interpret bvmax inputs) (apply max inputs)))))
A tiny example SDSL:
28
ROSETTE
query
![Page 87: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/87.jpg)
techsymbolic virtual machine (SVM)
![Page 88: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/88.jpg)
Anatomy of a symbolic virtual machine
30
SVM
SDSL + program
synthesize
debug
verify
solve
solver
evaluate & compile to constraints
ROSETTE
[Torlak & Bodik, Onward’13]
[Torlak & Bodik, PLDI’14]
![Page 89: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/89.jpg)
Anatomy of a symbolic virtual machine
30
SVM
SDSL + program
synthesize
debug
verify
solve
solver
evaluate & compile to constraints
lift solution to program level
ROSETTE
[Torlak & Bodik, Onward’13]
[Torlak & Bodik, PLDI’14]
![Page 90: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/90.jpg)
Anatomy of a symbolic virtual machine
30
SVM
program
synthesize
debug
verify
solve
solver
evaluate & compile to constraints
lift solution to program level
ROSETTE
[Torlak & Bodik, Onward’13
[Torlak & Bodik, PLDI’14]
![Page 91: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/91.jpg)
(3, 1, -2) (1, 3)
Translation to constraints by example
31
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
reverse and filter, keeping only positive numbers
vs ps
![Page 92: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/92.jpg)
(3, 1, -2) (1, 3)
Translation to constraints by example
31
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
vs ps
![Page 93: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/93.jpg)
Translation to constraints by example
31
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
vs psconstraints
![Page 94: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/94.jpg)
a>0 ∧ b>0 (a, b)
Translation to constraints by example
31
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
vs psconstraints
![Page 95: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/95.jpg)
Design space of precise symbolic encodings
32
symbolic execution
bounded model checkingsolve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 96: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/96.jpg)
{ }a > 0 b ≤ 0 false
Design space of precise symbolic encodings
32
a > 0
b ≤ 0
ps ↦ (a)
ps ↦ (a)
vs ↦ (a, b) ps ↦ ( )
symbolic execution
bounded model checkingsolve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 97: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/97.jpg)
{ }a > 0 b ≤ 0 false
∨ ∨ ∨
Design space of precise symbolic encodings
32
a > 0
b ≤ 0
ps ↦ (a)
ps ↦ (a)
vs ↦ (a, b) ps ↦ ( )
b > 0b > 0
ps ↦ (b) ps ↦ (b, a)
{ }a ≤ 0 b > 0 false
{ }a > 0 b > 0 true
a ≤ 0
b ≤ 0
ps ↦ ( )
ps ↦ ( )
{ }a ≤ 0 b ≤ 0 false
symbolic execution
bounded model checkingsolve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 98: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/98.jpg)
{ }a > 0 b ≤ 0 false
∨ ∨ ∨
Design space of precise symbolic encodings
32
vs ↦ (a, b) ps ↦ ( )
ps ↦ (a)
ps ↦ ps0
a > 0a ≤ 0
!ps0 = ite(a > 0, (a), ( )) ps1 = insert(b, ps0) ps2 = ite(b > 0, ps0, ps1) assert len(ps2) = 2
a > 0
b ≤ 0
ps ↦ (a)
ps ↦ (a)
vs ↦ (a, b) ps ↦ ( )
b > 0b > 0
ps ↦ (b) ps ↦ (b, a)
{ }a ≤ 0 b > 0 false
{ }a > 0 b > 0 true
a ≤ 0
b ≤ 0
ps ↦ ( )
ps ↦ ( )
{ }a ≤ 0 b ≤ 0 false
symbolic execution
bounded model checking
ps ↦ ( )
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 99: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/99.jpg)
{ }a > 0 b ≤ 0 false
∨ ∨ ∨
Design space of precise symbolic encodings
32
vs ↦ (a, b) ps ↦ ( )
ps ↦ (a)
ps ↦ ps0
a > 0a ≤ 0
!ps0 = ite(a > 0, (a), ( )) ps1 = insert(b, ps0) ps2 = ite(b > 0, ps0, ps1) assert len(ps2) = 2
a > 0
b ≤ 0
ps ↦ (a)
ps ↦ (a)
vs ↦ (a, b) ps ↦ ( )
b > 0b > 0
ps ↦ (b) ps ↦ (b, a)
{ }a ≤ 0 b > 0 false
{ }a > 0 b > 0 true
a ≤ 0
b ≤ 0
ps ↦ ( )
ps ↦ ( )
{ }a ≤ 0 b ≤ 0 false
symbolic execution
bounded model checking
ps ↦ ( )
ps ↦ ps1
b > 0
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 100: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/100.jpg)
{ }a > 0 b ≤ 0 false
∨ ∨ ∨
Design space of precise symbolic encodings
32
vs ↦ (a, b) ps ↦ ( )
ps ↦ (a)
ps ↦ ps0
a > 0a ≤ 0
!ps0 = ite(a > 0, (a), ( )) ps1 = insert(b, ps0) ps2 = ite(b > 0, ps0, ps1) assert len(ps2) = 2
a > 0
b ≤ 0
ps ↦ (a)
ps ↦ (a)
vs ↦ (a, b) ps ↦ ( )
b > 0b > 0
ps ↦ (b) ps ↦ (b, a)
{ }a ≤ 0 b > 0 false
{ }a > 0 b > 0 true
a ≤ 0
b ≤ 0
ps ↦ ( )
ps ↦ ( )
{ }a ≤ 0 b ≤ 0 false
symbolic execution
bounded model checking
ps ↦ ( )
ps ↦ ps1
ps ↦ ps2
b > 0b ≤ 0
ps ↦ ps0
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 101: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/101.jpg)
A new design: type-driven state merging
33
{ }a > 0 b > 0 true
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
![Page 102: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/102.jpg)
A new design: type-driven state merging
33
{ }a > 0 b > 0 true
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
Merge values of ‣ primitive types: symbolically ‣ immutable types: structurally ‣ all other types: via unions
![Page 103: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/103.jpg)
ba
A new design: type-driven state merging
33
{ }a > 0 b > 0 true
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
Merge values of ‣ primitive types: symbolically ‣ immutable types: structurally ‣ all other types: via unions
⁊g g
c
![Page 104: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/104.jpg)
ba (c, d)(a, b)
A new design: type-driven state merging
33
{ }a > 0 b > 0 true
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
Merge values of ‣ primitive types: symbolically ‣ immutable types: structurally ‣ all other types: via unions
⁊g g
c(e, f)
![Page 105: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/105.jpg)
ba (c, d)
A new design: type-driven state merging
33
{ }a > 0 b > 0 true
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
Merge values of ‣ primitive types: symbolically ‣ immutable types: structurally ‣ all other types: via unions
⁊g g
c(e, f){ ¬g ⊦ a, g ⊦ () }
()
![Page 106: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/106.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
A new design: type-driven state merging
34
symbolic virtual machine
![Page 107: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/107.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
a > 0a ≤ 0
A new design: type-driven state merging
34
vs ↦ (a, b) ps ↦ ( )
ps ↦ (a)ps ↦ ( )
symbolic virtual machine
![Page 108: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/108.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
Symbolic union: a set of guarded values, with disjoint and exhaustive guards.
g0 = a > 0 g1 = b > 0 g2 = g0 ∧ g1 g3 = ¬(g0 ⇔ g1) g4 = ¬g0 ∧ ¬g1 c = ite(g1, b, a) assert g2
a > 0a ≤ 0 g0¬ g0
A new design: type-driven state merging
34
vs ↦ (a, b) ps ↦ ( )
ps ↦ (a)ps ↦ ( )
symbolic virtual machine
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
![Page 109: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/109.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
Execute insert concretely on all lists in the union.
g0 = a > 0 g1 = b > 0 g2 = g0 ∧ g1 g3 = ¬(g0 ⇔ g1) g4 = ¬g0 ∧ ¬g1 c = ite(g1, b, a) assert g2
a > 0a ≤ 0
g1
g0¬ g0
A new design: type-driven state merging
34
vs ↦ (a, b) ps ↦ ( )
ps ↦ (a)ps ↦ ( )
symbolic virtual machine
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g0 ⊦ (b, a), ¬g0 ⊦ (b) }
![Page 110: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/110.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
g0 = a > 0 g1 = b > 0 g2 = g0 ∧ g1 g3 = ¬(g0 ⇔ g1) g4 = ¬g0 ∧ ¬g1 c = ite(g1, b, a) assert g2
a > 0a ≤ 0
¬ g1 g1
g0¬ g0
A new design: type-driven state merging
34
vs ↦ (a, b) ps ↦ ( )
ps ↦ (a)ps ↦ ( )
symbolic virtual machine
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g0 ⊦ (b, a), ¬g0 ⊦ (b) }
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
![Page 111: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/111.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
g0 = a > 0 g1 = b > 0 g2 = g0 ∧ g1 g3 = ¬(g0 ⇔ g1) g4 = ¬g0 ∧ ¬g1 c = ite(g1, b, a) assert g2
a > 0a ≤ 0
¬ g1 g1
g0¬ g0
A new design: type-driven state merging
34
vs ↦ (a, b) ps ↦ ( )
ps ↦ (a)ps ↦ ( )
symbolic virtual machine
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g0 ⊦ (b, a), ¬g0 ⊦ (b) }
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g2 ⊦ (b, a), g3 ⊦ (c), g4 ⊦ ( ) }
![Page 112: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/112.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
Evaluate len concretely on all lists in the union; assertion true only on the list guarded by g2.
g0 = a > 0 g1 = b > 0 g2 = g0 ∧ g1 g3 = ¬(g0 ⇔ g1) g4 = ¬g0 ∧ ¬g1 c = ite(g1, b, a) assert g2
a > 0a ≤ 0
¬ g1 g1
g0¬ g0
A new design: type-driven state merging
34
vs ↦ (a, b) ps ↦ ( )
ps ↦ (a)ps ↦ ( )
symbolic virtual machine
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g0 ⊦ (b, a), ¬g0 ⊦ (b) }
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g2 ⊦ (b, a), g3 ⊦ (c), g4 ⊦ ( ) }
![Page 113: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/113.jpg)
solve: ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs)
g0 = a > 0 g1 = b > 0 g2 = g0 ∧ g1 g3 = ¬(g0 ⇔ g1) g4 = ¬g0 ∧ ¬g1 c = ite(g1, b, a) assert g2
a > 0a ≤ 0
¬ g1 g1
g0¬ g0
A new design: type-driven state merging
34
vs ↦ (a, b) ps ↦ ( )
ps ↦ (a)ps ↦ ( )
symbolic virtual machine
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g0 ⊦ (b, a), ¬g0 ⊦ (b) }
ps ↦ { g0 ⊦ (a), ¬g0 ⊦ ( ) }
ps ↦ { g2 ⊦ (b, a), g3 ⊦ (c), g4 ⊦ ( ) }
polynomial encoding
partial evaluation
![Page 114: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/114.jpg)
Effectiveness of type-driven state merging
35
Merging performance for verification and synthesis queries in SynthCL, WebSynth and IFC programs
0
10000
20000
30000
40000
number of control flow joins
0 4500 9000 13500 18000
R² = 0.9884
R² = 0.95
number of unionssize of all unions
![Page 115: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/115.jpg)
Effectiveness of type-driven state merging
36
SVM and solving time for verification and synthesis queries in SynthCL, WebSynth and IFC programs
runn
ing
time
(sec
)
0
75
150
225
300
FWT
3 B1 B2 J2 B3
MM
1 J1
FWT
1 B4 SF3
CR
1
CR
2
CR
3
FWT
4
CR
4
MM
2
SF1
FWT
2
iTun
es
IMD
b
MM
3
AlA
n
SF4
SF2
SVMZ3
![Page 116: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/116.jpg)
demoa little SDSL for finite state automata
![Page 117: Programming for everyone: from solvers to solver-aided ...fm.csl.sri.com/SSFT14/rosette-lecture.pdf · application domain and often limited in capability. A high-level language for](https://reader033.fdocuments.us/reader033/viewer/2022050211/5f5d8d24562cf50e7c705bb1/html5/thumbnails/117.jpg)
thanks