Syntax-Guided Rewrite Rule Enumeration for SMT Solvers

  • Andres NötzliEmail author
  • Andrew Reynolds
  • Haniel Barbosa
  • Aina Niemetz
  • Mathias Preiner
  • Clark Barrett
  • Cesare Tinelli
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11628)


The performance of modern Satisfiability Modulo Theories (SMT) solvers relies crucially on efficient decision procedures as well as static simplification techniques, which include large sets of rewrite rules. Manually discovering and implementing rewrite rules is challenging. In this work, we propose a framework that uses enumerative syntax-guided synthesis (SyGuS) to propose rewrite rules that are not implemented in a given SMT solver. We implement this framework in cvc4, a state-of-the-art SMT and SyGuS solver, and evaluate several use cases. We show that some SMT solvers miss rewriting opportunities, or worse, have bugs in their rewriters. We also show that a variation of our approach can be used to test the correctness of a rewriter. Finally, we show that rewrites discovered with this technique lead to significant improvements in cvc4 on both SMT and SyGuS problems over bit-vectors and strings.



This material is based upon work partially supported by the National Science Foundation (Award No. 1656926), the Office of Naval Research (Contract No. 68335-17-C-0558), and DARPA (N66001-18-C-4012, FA8650-18-2-7854 and FA8650-18-2-7861).


  1. 1.
  2. 2.
  3. 3.
  4. 4.
    Abate, A., David, C., Kesseli, P., Kroening, D., Polgreen, E.: Counterexample guided inductive synthesis modulo theories. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10981, pp. 270–288. Springer, Cham (2018). Scholar
  5. 5.
    Akiba, T., et al.: Calibrating research in program synthesis using 72,000 hours of programmer time. Technical Report, MSR, Redmond, WA, USA (2013)Google Scholar
  6. 6.
    Alur, R., et al.: Syntax-guided synthesis. In: Formal Methods in Computer-Aided Design, FMCAD 2013, Portland, OR, USA, 20–23 October 2013. pp. 1–8. IEEE (2013)
  7. 7.
    Alur, R., Radhakrishna, A., Udupa, A.: Scaling enumerative program synthesis via divide and conquer. In: Legay, A., Margaria, T. (eds.) TACAS 2017. LNCS, vol. 10205, pp. 319–336. Springer, Heidelberg (2017). Scholar
  8. 8.
    Bansal, S., Aiken, A.: Automatic generation of peephole superoptimizers. In: Shen, J.P., Martonosi, M. (eds.) Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2006, San Jose, CA, USA, 21–25 October 2006. pp. 394–403. ACM (2006),
  9. 9.
    Barrett, C., et al.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011). Scholar
  10. 10.
    Barrett, C., Fontaine, P., Tinelli, C.: The Satisfiability Modulo Theories Library (SMT-LIB) (2016).
  11. 11.
    Barrett, C., Fontaine, P., Tinelli, C.: The SMT-LIB Standard: Version 2.6. Technical report, Department of Computer Science, The University of Iowa (2017).
  12. 12.
    Berzish, M., Ganesh, V., Zheng, Y.: Z3str3: A string solver with theory-aware heuristics. In: 2017 Formal Methods in Computer Aided Design, FMCAD 2017, Vienna, Austria, 2–6 October 2017. pp. 55–59 (2017).
  13. 13.
    Blotsky, D., Mora, F., Berzish, M., Zheng, Y., Kabir, I., Ganesh, V.: StringFuzz: a fuzzer for string solvers. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10982, pp. 45–51. Springer, Cham (2018). Scholar
  14. 14.
    Brummayer, R., Biere, A.: Fuzzing and delta-debugging SMT solvers. In: Proceedings of the 7th International Workshop on Satisfiability Modulo Theories, SMT 2009, p. 5. ACM (2009)Google Scholar
  15. 15.
    Buchwald, S.: Optgen: a generator for local optimizations. In: Franke, B. (ed.) CC 2015. LNCS, vol. 9031, pp. 171–189. Springer, Heidelberg (2015). Scholar
  16. 16.
    Cadar, C., Dunbar, D., Engler, D.R.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Draves, R., van Renesse, R. (eds.) Proceedings of 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008, 8–10 December 2008, San Diego, California, USA, pp. 209–224. USENIX Association (2008).
  17. 17.
    Ganesh, V., Minnes, M., Solar-Lezama, A., Rinard, M.: Word equations with length constraints: what’s decidable? In: Biere, A., Nahir, A., Vos, T. (eds.) HVC 2012. LNCS, vol. 7857, pp. 209–226. Springer, Heidelberg (2013). Scholar
  18. 18.
    Hansen, T.: A constraint solver and its application to machine code test generation. Ph.D. thesis, University of Melbourne, Australia (2012).
  19. 19.
    Warren Jr., H.S.: Hacker’s Delight, 2nd edn. Pearson Education, London (2013). Scholar
  20. 20.
    de Moura, L.M., Bjørner, N.: Z3: an efficient SMT solver. In: Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings, pp. 337–340 (2008). Scholar
  21. 21.
    Nadel, A.: Bit-vector rewriting with automatic rule generation. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 663–679. Springer, Cham (2014). Scholar
  22. 22.
    Niemetz, A., Preiner, M., Biere, A.: Boolector 2.0 system description. J. Satis. Boolean Model. Comput. 9, 53–58 (2014, published 2015)Google Scholar
  23. 23.
    Niemetz, A., Preiner, M., Biere, A.: Model-Based API Testing for SMT Solvers. In: Brain, M., Hadarean, L. (eds.) Proceedings of the 15th International Workshop on Satisfiability Modulo Theories, SMT 2017), affiliated with the 29th International Conference on Computer Aided Verification, CAV 2017, Heidelberg, Germany, 24–28 July 2017, p. 10 (2017)Google Scholar
  24. 24.
    Niemetz, A., Preiner, M., Reynolds, A., Barrett, C., Tinelli, C.: Solving quantified bit-vectors using invertibility conditions. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10982, pp. 236–255. Springer, Cham (2018). Scholar
  25. 25.
    Reynolds, A., Barbosa, H., Nötzil, A., Barrett, C., Tinelli, C.: CVC4Sy: Smart and fast term enumeration for syntax-guided synthesis. In: Dilig, I., Tasiran, S. (eds.) Computer Aided Verification (CAV) - 31st International Conference. Lecture Notes in Computer Science, Springer (2019, Accepted for publication)Google Scholar
  26. 26.
    Reynolds, A., Deters, M., Kuncak, V., Tinelli, C., Barrett, C.: Counterexample-guided quantifier instantiation for synthesis in SMT. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9207, pp. 198–216. Springer, Cham (2015). Scholar
  27. 27.
    Reynolds, A., Tinelli, C.: SyGuS techniques in the core of an SMT solver. In: Proceedings Sixth Workshop on Synthesis, SYNT@CAV 2017, Heidelberg, Germany, 22nd July 2017, pp. 81–96 (2017). Scholar
  28. 28.
    Reynolds, A., Woo, M., Barrett, C., Brumley, D., Liang, T., Tinelli, C.: Scaling Up DPLL(T) string solvers using context-dependent simplification. In: Majumdar, R., Kunčak, V. (eds.) CAV 2017. LNCS, vol. 10427, pp. 453–474. Springer, Cham (2017). Scholar
  29. 29.
    Romano, A., Engler, D.: Expression reduction from programs in a symbolic binary executor. In: Bartocci, E., Ramakrishnan, C.R. (eds.) SPIN 2013. LNCS, vol. 7976, pp. 301–319. Springer, Heidelberg (2013). Scholar
  30. 30.
    Schkufza, E., Sharma, R., Aiken, A.: Stochastic superoptimization. In: Sarkar, V., Bodík, R. (eds.) Architectural Support for Programming Languages and Operating Systems, ASPLOS 2013, Houston, TX, USA - 16–20 March 2013, pp. 305–316. ACM (2013).
  31. 31.
    Singh, R., Solar-Lezama, A.: SWAPPER: A framework for automatic generation of formula simplifiers based on conditional rewrite rules. In: Piskac, R., Talupur, M. (eds.) 2016 Formal Methods in Computer-Aided Design, FMCAD 2016, Mountain View, CA, USA, 3–6 October 2016, pp. 185–192. IEEE (2016).
  32. 32.
    Tinelli, C., Barrett, C., Fontaine, P.: Unicode Strings (Draft 1.0) (2018).
  33. 33.
    Udupa, A., Raghavan, A., Deshmukh, J.V., Mador-Haim, S., Martin, M.M.K., Alur, R.: TRANSIT: specifying protocols with concolic snippets. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2013, Seattle, WA, USA, 16–19 June 2013, pp. 287–296 (2013).

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Stanford UniversityStanfordUSA
  2. 2.University of IowaIowa CityUSA

Personalised recommendations