Advertisement

Syntax-Guided Rewrite Rule Enumeration for SMT Solvers

  • Andres NötzliEmail author
  • Andrew Reynolds
  • Haniel Barbosa
  • Aina Niemetz
  • Mathias Preiner
  • Clark Barrett
  • Cesare Tinelli
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11628)

Abstract

The performance of modern Satisfiability Modulo Theories (SMT) solvers relies crucially on efficient decision procedures as well as static simplification techniques, which include large sets of rewrite rules. Manually discovering and implementing rewrite rules is challenging. In this work, we propose a framework that uses enumerative syntax-guided synthesis (SyGuS) to propose rewrite rules that are not implemented in a given SMT solver. We implement this framework in cvc4, a state-of-the-art SMT and SyGuS solver, and evaluate several use cases. We show that some SMT solvers miss rewriting opportunities, or worse, have bugs in their rewriters. We also show that a variation of our approach can be used to test the correctness of a rewriter. Finally, we show that rewrites discovered with this technique lead to significant improvements in cvc4 on both SMT and SyGuS problems over bit-vectors and strings.

Notes

Acknowledgements

This material is based upon work partially supported by the National Science Foundation (Award No. 1656926), the Office of Naval Research (Contract No. 68335-17-C-0558), and DARPA (N66001-18-C-4012, FA8650-18-2-7854 and FA8650-18-2-7861).

References

  1. 1.
  2. 2.
  3. 3.
  4. 4.
    Abate, A., David, C., Kesseli, P., Kroening, D., Polgreen, E.: Counterexample guided inductive synthesis modulo theories. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10981, pp. 270–288. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96145-3_15CrossRefGoogle Scholar
  5. 5.
    Akiba, T., et al.: Calibrating research in program synthesis using 72,000 hours of programmer time. Technical Report, MSR, Redmond, WA, USA (2013)Google Scholar
  6. 6.
    Alur, R., et al.: Syntax-guided synthesis. In: Formal Methods in Computer-Aided Design, FMCAD 2013, Portland, OR, USA, 20–23 October 2013. pp. 1–8. IEEE (2013) http://ieeexplore.ieee.org/document/6679385/
  7. 7.
    Alur, R., Radhakrishna, A., Udupa, A.: Scaling enumerative program synthesis via divide and conquer. In: Legay, A., Margaria, T. (eds.) TACAS 2017. LNCS, vol. 10205, pp. 319–336. Springer, Heidelberg (2017).  https://doi.org/10.1007/978-3-662-54577-5_18CrossRefGoogle Scholar
  8. 8.
    Bansal, S., Aiken, A.: Automatic generation of peephole superoptimizers. In: Shen, J.P., Martonosi, M. (eds.) Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2006, San Jose, CA, USA, 21–25 October 2006. pp. 394–403. ACM (2006),  https://doi.org/10.1145/1168857.1168906
  9. 9.
    Barrett, C., et al.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22110-1_14CrossRefGoogle Scholar
  10. 10.
    Barrett, C., Fontaine, P., Tinelli, C.: The Satisfiability Modulo Theories Library (SMT-LIB) (2016). www.SMT-LIB.org
  11. 11.
    Barrett, C., Fontaine, P., Tinelli, C.: The SMT-LIB Standard: Version 2.6. Technical report, Department of Computer Science, The University of Iowa (2017). www.SMT-LIB.org
  12. 12.
    Berzish, M., Ganesh, V., Zheng, Y.: Z3str3: A string solver with theory-aware heuristics. In: 2017 Formal Methods in Computer Aided Design, FMCAD 2017, Vienna, Austria, 2–6 October 2017. pp. 55–59 (2017).  https://doi.org/10.23919/FMCAD.2017.8102241
  13. 13.
    Blotsky, D., Mora, F., Berzish, M., Zheng, Y., Kabir, I., Ganesh, V.: StringFuzz: a fuzzer for string solvers. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10982, pp. 45–51. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96142-2_6CrossRefGoogle Scholar
  14. 14.
    Brummayer, R., Biere, A.: Fuzzing and delta-debugging SMT solvers. In: Proceedings of the 7th International Workshop on Satisfiability Modulo Theories, SMT 2009, p. 5. ACM (2009)Google Scholar
  15. 15.
    Buchwald, S.: Optgen: a generator for local optimizations. In: Franke, B. (ed.) CC 2015. LNCS, vol. 9031, pp. 171–189. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46663-6_9CrossRefGoogle Scholar
  16. 16.
    Cadar, C., Dunbar, D., Engler, D.R.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Draves, R., van Renesse, R. (eds.) Proceedings of 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008, 8–10 December 2008, San Diego, California, USA, pp. 209–224. USENIX Association (2008). http://www.usenix.org/events/osdi08/tech/full_papers/cadar/cadar.pdf
  17. 17.
    Ganesh, V., Minnes, M., Solar-Lezama, A., Rinard, M.: Word equations with length constraints: what’s decidable? In: Biere, A., Nahir, A., Vos, T. (eds.) HVC 2012. LNCS, vol. 7857, pp. 209–226. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39611-3_21CrossRefGoogle Scholar
  18. 18.
    Hansen, T.: A constraint solver and its application to machine code test generation. Ph.D. thesis, University of Melbourne, Australia (2012). http://hdl.handle.net/11343/37952
  19. 19.
    Warren Jr., H.S.: Hacker’s Delight, 2nd edn. Pearson Education, London (2013). http://www.hackersdelight.org/Google Scholar
  20. 20.
    de Moura, L.M., Bjørner, N.: Z3: an efficient SMT solver. In: Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings, pp. 337–340 (2008).  https://doi.org/10.1007/978-3-540-78800-3_24CrossRefGoogle Scholar
  21. 21.
    Nadel, A.: Bit-vector rewriting with automatic rule generation. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 663–679. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-08867-9_44CrossRefGoogle Scholar
  22. 22.
    Niemetz, A., Preiner, M., Biere, A.: Boolector 2.0 system description. J. Satis. Boolean Model. Comput. 9, 53–58 (2014, published 2015)Google Scholar
  23. 23.
    Niemetz, A., Preiner, M., Biere, A.: Model-Based API Testing for SMT Solvers. In: Brain, M., Hadarean, L. (eds.) Proceedings of the 15th International Workshop on Satisfiability Modulo Theories, SMT 2017), affiliated with the 29th International Conference on Computer Aided Verification, CAV 2017, Heidelberg, Germany, 24–28 July 2017, p. 10 (2017)Google Scholar
  24. 24.
    Niemetz, A., Preiner, M., Reynolds, A., Barrett, C., Tinelli, C.: Solving quantified bit-vectors using invertibility conditions. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10982, pp. 236–255. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96142-2_16CrossRefGoogle Scholar
  25. 25.
    Reynolds, A., Barbosa, H., Nötzil, A., Barrett, C., Tinelli, C.: CVC4Sy: Smart and fast term enumeration for syntax-guided synthesis. In: Dilig, I., Tasiran, S. (eds.) Computer Aided Verification (CAV) - 31st International Conference. Lecture Notes in Computer Science, Springer (2019, Accepted for publication)Google Scholar
  26. 26.
    Reynolds, A., Deters, M., Kuncak, V., Tinelli, C., Barrett, C.: Counterexample-guided quantifier instantiation for synthesis in SMT. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9207, pp. 198–216. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-21668-3_12CrossRefGoogle Scholar
  27. 27.
    Reynolds, A., Tinelli, C.: SyGuS techniques in the core of an SMT solver. In: Proceedings Sixth Workshop on Synthesis, SYNT@CAV 2017, Heidelberg, Germany, 22nd July 2017, pp. 81–96 (2017).  https://doi.org/10.4204/EPTCS.260.8MathSciNetCrossRefGoogle Scholar
  28. 28.
    Reynolds, A., Woo, M., Barrett, C., Brumley, D., Liang, T., Tinelli, C.: Scaling Up DPLL(T) string solvers using context-dependent simplification. In: Majumdar, R., Kunčak, V. (eds.) CAV 2017. LNCS, vol. 10427, pp. 453–474. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63390-9_24CrossRefGoogle Scholar
  29. 29.
    Romano, A., Engler, D.: Expression reduction from programs in a symbolic binary executor. In: Bartocci, E., Ramakrishnan, C.R. (eds.) SPIN 2013. LNCS, vol. 7976, pp. 301–319. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39176-7_19CrossRefGoogle Scholar
  30. 30.
    Schkufza, E., Sharma, R., Aiken, A.: Stochastic superoptimization. In: Sarkar, V., Bodík, R. (eds.) Architectural Support for Programming Languages and Operating Systems, ASPLOS 2013, Houston, TX, USA - 16–20 March 2013, pp. 305–316. ACM (2013).  https://doi.org/10.1145/2451116.2451150
  31. 31.
    Singh, R., Solar-Lezama, A.: SWAPPER: A framework for automatic generation of formula simplifiers based on conditional rewrite rules. In: Piskac, R., Talupur, M. (eds.) 2016 Formal Methods in Computer-Aided Design, FMCAD 2016, Mountain View, CA, USA, 3–6 October 2016, pp. 185–192. IEEE (2016).  https://doi.org/10.1109/FMCAD.2016.7886678
  32. 32.
    Tinelli, C., Barrett, C., Fontaine, P.: Unicode Strings (Draft 1.0) (2018). http://smtlib.cs.uiowa.edu/theories-UnicodeStrings.shtml
  33. 33.
    Udupa, A., Raghavan, A., Deshmukh, J.V., Mador-Haim, S., Martin, M.M.K., Alur, R.: TRANSIT: specifying protocols with concolic snippets. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2013, Seattle, WA, USA, 16–19 June 2013, pp. 287–296 (2013).  https://doi.org/10.1145/2462156.2462174

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Stanford UniversityStanfordUSA
  2. 2.University of IowaIowa CityUSA

Personalised recommendations