cse507
play

CSE507 Computer-Aided Reasoning for Software Solver-Aided Languages - PowerPoint PPT Presentation

Jun 06, 2023 •477 likes •1.77k views

CSE507 Computer-Aided Reasoning for Software Solver-Aided Languages courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Program synthesis 2 Today Last lecture Program

  1. Layers of solver-aided languages spatial programming Chlorophyll solver-aided domain-specific data-parallel programming language (SDSL) SynthCL web scraping WebSynth library interpreter secure stack machines IFC ROSETTE solver-aided host language [Torlak & Bodik, Onward’13 , PLDI’14 ] symbolic virtual machine 20

  2. SDSLs developed with ROSETTE 16 development time (weeks) 12 8 4 0 Chlorophyll SynthCL WebSynth IFC (first-year grad) (expert) (undergrad) (expert) 21

  3. SDSLs developed with ROSETTE Spatial programming for a low-power x + z chip, using synthesis to partition code and data across 144 tiny cores. 16 development time (weeks) GreenArrays 12 GA144 8 4 0 Chlorophyll SynthCL WebSynth IFC (first-year grad) (expert) (undergrad) (expert) 21

  4. SDSLs developed with ROSETTE x + z Optimal partitioning synthesized in Spatial programming for a low-power x + z minutes, while manual partitioning chip, using synthesis to partition code x + z and data across 144 tiny cores. takes days [Phothilimthana et al., PLDI’14 ]. 16 development time (weeks) GreenArrays 12 GA144 8 4 0 Chlorophyll SynthCL WebSynth IFC (first-year grad) (expert) (undergrad) (expert) 21

  5. SDSLs developed with ROSETTE 16 Verification and synthesis for development time (weeks) data-parallel programming 12 with OpenCL. 8 4 0 Chlorophyll SynthCL WebSynth IFC (first-year grad) (expert) (undergrad) (expert) 21

  6. SDSLs developed with ROSETTE 16 Verification and synthesis for Used by a novice to develop development time (weeks) new vectorized kernels that data-parallel programming 12 with OpenCL. are as fast as expert code. 8 4 0 Chlorophyll SynthCL WebSynth IFC (first-year grad) (expert) (undergrad) (expert) 21

  7. SDSLs developed with ROSETTE 16 development time (weeks) 12 Synthesis of web scraping 8 scripts from examples (PBE). 4 0 Chlorophyll SynthCL WebSynth IFC (first-year grad) (expert) (undergrad) (expert) 21

  8. SDSLs developed with ROSETTE 16 development time (weeks) 12 Works on real web pages Synthesis of web scraping 8 scripts from examples (PBE). (e.g., iTunes) in seconds. 4 0 Chlorophyll SynthCL WebSynth IFC (first-year grad) (expert) (undergrad) (expert) 21

  9. SDSLs developed with ROSETTE 16 development time (weeks) 12 8 Verification for executable specifications 4 of secure stack machines. 0 Chlorophyll SynthCL WebSynth IFC (first-year grad) (expert) (undergrad) (expert) 21

  10. SDSLs developed with ROSETTE 16 development time (weeks) 12 8 Verification for Finds all bugs reported by a specialized tool executable specifications 4 [Hritcu et al., ICFP’13 ] . of secure stack machines. 0 Chlorophyll SynthCL WebSynth IFC (first-year grad) (expert) (undergrad) (expert) 21

  11. Anatomy of a solver-aided host language Modern descendent of Scheme with macro-based metaprogramming. Racket 22

  12. Anatomy of a solver-aided host language ( define-symbolic id type) ( assert expr) ( verify expr) ( debug [expr] expr) ( solve expr) ( synthesize [expr] expr) ROSETTE 22

  13. A tiny example SDSL def bvmax(r0, r1) : BV : A tiny assembly-like r2 = bvge(r0, r1) language for writing fast, low- r3 = bvneg(r2) level library functions. r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 debug synth 23

  14. A tiny example SDSL def bvmax(r0, r1) : BV : A tiny assembly-like r2 = bvge(r0, r1) language for writing fast, low- r3 = bvneg(r2) level library functions. r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 debug test synth verify 23

  15. A tiny example SDSL def bvmax(r0, r1) : BV : A tiny assembly-like r2 = bvge(r0, r1) language for writing fast, low- r3 = bvneg(r2) level library functions. r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 1. interpreter [10 LOC] 2. verifier [free] debug test 3. debugger [free] synth verify 4. synthesizer [free] 23

  16. ROSETTE A tiny example SDSL: def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 > bvmax(-2, -1) 24

  17. ROSETTE A tiny example SDSL: def bvmax(r0, r1) : ( define bvmax r2 = bvge(r0, r1) `((2 bvge 0 1) r3 = bvneg(r2) (3 bvneg 2) parse r4 = bvxor(r0, r2) (4 bvxor 0 2) r5 = bvand(r3, r4) (5 bvand 3 4) r6 = bvxor(r1, r5) (6 bvxor 1 5))) return r6 > bvmax(-2, -1) 24

  18. ROSETTE A tiny example SDSL: def bvmax(r0, r1) : ( define bvmax ( define bvmax r2 = bvge(r0, r1) `((2 bvge 0 1) `((2 bvge 0 1) r3 = bvneg(r2) (3 bvneg 2) (3 bvneg 2) parse r4 = bvxor(r0, r2) (4 bvxor 0 2) (4 bvxor 0 2) r5 = bvand(r3, r4) (5 bvand 3 4) (5 bvand 3 4) r6 = bvxor(r1, r5) (6 bvxor 1 5))) (6 bvxor 1 5))) return r6 ( out opcode in ... ) > bvmax(-2, -1) 24

  19. ROSETTE A tiny example SDSL: def bvmax(r0, r1) : ( define bvmax r2 = bvge(r0, r1) `((2 bvge 0 1) r3 = bvneg(r2) (3 bvneg 2) r4 = bvxor(r0, r2) (4 bvxor 0 2) r5 = bvand(r3, r4) (5 bvand 3 4) r6 = bvxor(r1, r5) (6 bvxor 1 5))) `(-2 -1) return r6 interpret ( define (interpret prog inputs) > bvmax(-2, -1) -1 (make-registers prog inputs) ( for ([stmt prog]) ( match stmt [(list out opcode in ...) ( define op (eval opcode)) ( define args (map load in)) (store out (apply op args))])) (load (last))) 25

  20. ROSETTE A tiny example SDSL: 0 -2 def bvmax(r0, r1) : ( define bvmax 1 -1 r2 = bvge(r0, r1) `((2 bvge 0 1) 2 0 r3 = bvneg(r2) (3 bvneg 2) 3 0 r4 = bvxor(r0, r2) (4 bvxor 0 2) 4 -2 r5 = bvand(r3, r4) (5 bvand 3 4) 5 0 6 -1 r6 = bvxor(r1, r5) (6 bvxor 1 5))) return r6 interpret ( define (interpret prog inputs) > bvmax(-2, -1) -1 (make-registers prog inputs) ( for ([stmt prog]) ( match stmt [(list out opcode in ...) ( define op (eval opcode)) ( define args (map load in)) (store out (apply op args))])) (load (last))) 25

  21. ROSETTE A tiny example SDSL: 0 -2 def bvmax(r0, r1) : ( define bvmax 1 -1 r2 = bvge(r0, r1) `((2 bvge 0 1) (2 bvge 0 1) 2 0 r3 = bvneg(r2) (3 bvneg 2) 3 0 r4 = bvxor(r0, r2) (4 bvxor 0 2) 4 -2 r5 = bvand(r3, r4) (5 bvand 3 4) 5 0 6 -1 r6 = bvxor(r1, r5) (6 bvxor 1 5))) return r6 interpret ( define (interpret prog inputs) > bvmax(-2, -1) -1 (make-registers prog inputs) ( for ([stmt prog]) ( match stmt [(list out opcode in ...) ( define op (eval opcode)) ( define args (map load in)) (store out (apply op args))])) (load (last))) 25

  22. ROSETTE A tiny example SDSL: 0 -2 def bvmax(r0, r1) : ( define bvmax 1 -1 r2 = bvge(r0, r1) `((2 bvge 0 1) (2 bvge 0 1) 2 0 r3 = bvneg(r2) (3 bvneg 2) 3 0 r4 = bvxor(r0, r2) (4 bvxor 0 2) 4 -2 r5 = bvand(r3, r4) (5 bvand 3 4) 5 0 6 -1 r6 = bvxor(r1, r5) (6 bvxor 1 5))) return r6 interpret ( define (interpret prog inputs) > bvmax(-2, -1) -1 (make-registers prog inputs) ( for ([stmt prog]) ( match stmt [(list out opcode in ...) ( define op (eval opcode)) ( define args (map load in)) (store out (apply op args))])) (load (last))) 25

  23. ROSETTE A tiny example SDSL: 0 -2 def bvmax(r0, r1) : ( define bvmax 1 -1 r2 = bvge(r0, r1) `((2 bvge 0 1) (2 bvge 0 1) 2 0 r3 = bvneg(r2) (3 bvneg 2) 3 0 r4 = bvxor(r0, r2) (4 bvxor 0 2) 4 -2 r5 = bvand(r3, r4) (5 bvand 3 4) 5 0 6 -1 r6 = bvxor(r1, r5) (6 bvxor 1 5))) return r6 interpret ( define (interpret prog inputs) > bvmax(-2, -1) -1 (make-registers prog inputs) ( for ([stmt prog]) ( match stmt [(list out opcode in ...) ( define op (eval opcode)) ( define args (map load in)) (store out (apply op args))])) (load (last))) 25

  24. ROSETTE A tiny example SDSL: 0 -2 def bvmax(r0, r1) : ( define bvmax 1 -1 r2 = bvge(r0, r1) `((2 bvge 0 1) (2 bvge 0 1) 2 0 r3 = bvneg(r2) (3 bvneg 2) 3 0 r4 = bvxor(r0, r2) (4 bvxor 0 2) 4 -2 r5 = bvand(r3, r4) (5 bvand 3 4) 5 0 6 -1 r6 = bvxor(r1, r5) (6 bvxor 1 5))) return r6 interpret ( define (interpret prog inputs) > bvmax(-2, -1) -1 (make-registers prog inputs) ( for ([stmt prog]) ( match stmt [(list out opcode in ...) ( define op (eval opcode)) ( define args (map load in)) (store out (apply op args))])) (load (last))) 25

  25. ROSETTE A tiny example SDSL: 0 -2 def bvmax(r0, r1) : ( define bvmax ( define bvmax 1 -1 r2 = bvge(r0, r1) `((2 bvge 0 1) `((2 bvge 0 1) (2 bvge 0 1) 2 0 r3 = bvneg(r2) (3 bvneg 2) (3 bvneg 2) 3 0 r4 = bvxor(r0, r2) (4 bvxor 0 2) (4 bvxor 0 2) 4 -2 r5 = bvand(r3, r4) (5 bvand 3 4) (5 bvand 3 4) 5 0 6 -1 r6 = bvxor(r1, r5) (6 bvxor 1 5))) (6 bvxor 1 5))) return r6 interpret ( define (interpret prog inputs) > bvmax(-2, -1) -1 (make-registers prog inputs) ( for ([stmt prog]) ( match stmt [(list out opcode in ...) ( define op (eval opcode)) ( define args (map load in)) (store out (apply op args))])) (load (last))) 25

  26. ROSETTE A tiny example SDSL: 0 -2 def bvmax(r0, r1) : ( define bvmax ( define bvmax 1 -1 r2 = bvge(r0, r1) `((2 bvge 0 1) `((2 bvge 0 1) (2 bvge 0 1) 2 0 r3 = bvneg(r2) (3 bvneg 2) (3 bvneg 2) 3 0 r4 = bvxor(r0, r2) (4 bvxor 0 2) (4 bvxor 0 2) 4 -2 r5 = bvand(r3, r4) (5 bvand 3 4) (5 bvand 3 4) 5 0 6 -1 r6 = bvxor(r1, r5) (6 bvxor 1 5))) (6 bvxor 1 5))) return r6 interpret ( define (interpret prog inputs) > bvmax(-2, -1) -1 (make-registers prog inputs) ( for ([stmt prog]) ( match stmt [(list out opcode in ...) ( define op (eval opcode)) ( define args (map load in)) (store out (apply op args))])) (load (last))) 25

  27. ROSETTE A tiny example SDSL: def bvmax(r0, r1) : ( define bvmax ‣ pattern matching r2 = bvge(r0, r1) `((2 bvge 0 1) ‣ dynamic evaluation ‣ first-class & r3 = bvneg(r2) (3 bvneg 2) higher-order r4 = bvxor(r0, r2) (4 bvxor 0 2) procedures r5 = bvand(r3, r4) (5 bvand 3 4) ‣ side effects r6 = bvxor(r1, r5) (6 bvxor 1 5))) return r6 ( define (interpret prog inputs) > bvmax(-2, -1) -1 (make-registers prog inputs) ( for ([stmt prog]) ( match stmt [(list out opcode in ...) ( define op (eval opcode)) ( define args (map load in)) (store out (apply op args))])) (load (last))) 26

  28. ROSETTE A tiny example SDSL: def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) ( define-symbolic n0 n1 number?) return r6 ( define inputs (list n0 n1)) query ( verify > verify (bvmax, max) (0, -2) ( assert (= (interpret bvmax inputs) (interpret max inputs)))) > bvmax(0, -2) -1 27

  29. ROSETTE A tiny example SDSL: Creates two fresh symbolic def bvmax(r0, r1) : constants of type number r2 = bvge(r0, r1) and binds them to variables r3 = bvneg(r2) n0 and n1. r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) ( define-symbolic n0 n1 number?) ( define-symbolic n0 n1 number?) return r6 ( define inputs (list n0 n1)) ( define inputs (list n0 n1)) query ( verify ( verify > verify (bvmax, max) (0, -2) ( assert (= (interpret bvmax inputs) ( assert (= (interpret bvmax inputs) (interpret max inputs)))) (interpret max inputs)))) > bvmax(0, -2) -1 27

  30. ROSETTE A tiny example SDSL: def bvmax(r0, r1) : Symbolic values can be used r2 = bvge(r0, r1) just like concrete values of r3 = bvneg(r2) the same type. r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) ( define-symbolic n0 n1 number?) ( define-symbolic n0 n1 number?) ( define-symbolic n0 n1 number?) return r6 ( define inputs (list n0 n1)) ( define inputs (list n0 n1)) ( define inputs (list n0 n1)) query ( verify ( verify ( verify > verify (bvmax, max) (0, -2) ( assert (= (interpret bvmax inputs) ( assert (= (interpret bvmax inputs) ( assert (= (interpret bvmax inputs) (interpret max inputs)))) (interpret max inputs)))) (interpret max inputs)))) > bvmax(0, -2) -1 27

  31. ROSETTE A tiny example SDSL: def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) ( define-symbolic n0 n1 number?) ( define-symbolic n0 n1 number?) ( define-symbolic n0 n1 number?) return r6 ( define-symbolic n0 n1 number?) ( define inputs (list n0 n1)) ( define inputs (list n0 n1)) ( define inputs (list n0 n1)) ( define inputs (list n0 n1)) query ( verify ( verify ( verify ( verify > verify (bvmax, max) (0, -2) ( assert (= (interpret bvmax inputs) ( assert (= (interpret bvmax inputs) ( assert (= (interpret bvmax inputs) ( assert (= (interpret bvmax inputs) (interpret max inputs)))) (interpret max inputs)))) (interpret max inputs)))) (interpret max inputs)))) > bvmax(0, -2) -1 (verify expr ) searches for a concrete interpretation of symbolic constants that causes expr to fail. 27

  32. ROSETTE A tiny example SDSL: def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) ( define-symbolic n0 n1 number?) ( define-symbolic n0 n1 number?) ( define-symbolic n0 n1 number?) return r6 ( define-symbolic n0 n1 number?) ( define inputs (list n0 n1)) ( define inputs (list n0 n1)) ( define inputs (list n0 n1)) ( define inputs (list n0 n1)) query ( verify ( verify ( verify ( verify > verify (bvmax, max) (0, -2) ( assert (= (interpret bvmax inputs) ( assert (= (interpret bvmax inputs) ( assert (= (interpret bvmax inputs) ( assert (= (interpret bvmax inputs) (interpret max inputs)))) (interpret max inputs)))) (interpret max inputs)))) (interpret max inputs)))) > bvmax(0, -2) -1 27

  33. ROSETTE A tiny example SDSL: def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor(r0, r2) r5 = bvand(r3, r4) r6 = bvxor(r1, r5) return r6 ( define inputs (list 0 -2)) query ( debug [input-register?] > debug (bvmax, max, (0, -2)) ( assert (= (interpret bvmax inputs) (interpret max inputs)))) 28

  34. ROSETTE A tiny example SDSL: def bvmax(r0, r1) : def bvmax(r0, r1) : r2 = bvge(r0, r1) r2 = bvge(r0, r1) r3 = bvneg(r2) r3 = bvneg(r2) r4 = bvxor( r0 , r2 ) r4 = bvxor(r0, r2) r5 = bvand(r3, r4 ) r5 = bvand(r3, r4) r6 = bvxor( r1 , r5 ) r6 = bvxor(r1, r5) return r6 return r6 ( define inputs (list 0 -2)) query ( debug [input-register?] > debug (bvmax, max, (0, -2)) ( assert (= (interpret bvmax inputs) (interpret max inputs)))) 28

  35. ROSETTE A tiny example SDSL: def bvmax(r0, r1) : r2 = bvge(r0, r1) r3 = bvneg(r2) r4 = bvxor( ?? , ?? ) r5 = bvand(r3, ?? ) r6 = bvxor( ?? , ?? ) ( define-symbolic n0 n1 number?) return r6 ( define inputs (list n0 n1)) query ( synthesize [inputs] > synthesize (bvmax, max) ( assert (= (interpret bvmax inputs) (interpret max inputs))))) 29

  36. ROSETTE A tiny example SDSL: def bvmax(r0, r1) : def bvmax(r0, r1) : r2 = bvge(r0, r1) r2 = bvge(r0, r1) r3 = bvneg(r2) r3 = bvneg(r2) r4 = bvxor(r0, r1) r4 = bvxor( ?? , ?? ) r5 = bvand(r3, r4) r5 = bvand(r3, ?? ) r6 = bvxor( ?? , ?? ) r6 = bvxor(r1, r5) ( define-symbolic n0 n1 number?) return r6 return r6 ( define inputs (list n0 n1)) query ( synthesize [inputs] > synthesize (bvmax, max) ( assert (= (interpret bvmax inputs) (interpret max inputs))))) 29

  37. tech symbolic virtual machine (SVM)

  38. How it all works: a big picture view query program SDSL ROSETTE symbolic solver virtual machine [Torlak & Bodik, [Torlak & Bodik, PLDI’14 ] Onward’13 ] 31

  39. How it all works: a big picture view result program SDSL ROSETTE symbolic solver virtual machine [Torlak & Bodik, [Torlak & Bodik, PLDI’14 ] Onward’13 ] 31

  40. How it all works: a big picture view result ‣ pattern matching program ‣ dynamic evaluation ‣ first-class procedures theory of ‣ higher-order procedures bitvectors ‣ side effects ‣ macros SDSL ROSETTE symbolic solver virtual machine [Torlak & Bodik, [Torlak & Bodik, PLDI’14 ] Onward’13 ] 31

  41. Translation to constraints by example solve : ps = () vs ps reverse and filter, keeping for v in vs: (3, 1, -2) (1, 3) only positive numbers if v > 0: ps = insert(v, ps) assert len(ps) == len(vs) 32

  42. Translation to constraints by example solve : ps = () vs ps for v in vs: (3, 1, -2) (1, 3) if v > 0: ps = insert(v, ps) assert len(ps) == len(vs) 32

  43. Translation to constraints by example solve : ps = () vs constraints ps for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs) 32

  44. Translation to constraints by example solve : ps = () vs constraints ps for v in vs: (a, b) a>0 ∧ b>0 if v > 0: ps = insert(v, ps) assert len(ps) == len(vs) 32

  45. Design space of precise symbolic encodings solve : bounded model checking ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs) symbolic execution 33

  46. Design space of precise symbolic encodings solve : bounded model checking ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs) symbolic execution vs ↦ (a, b) ps ↦ ( ) a > 0 ps ↦ (a) b ≤ 0 ps ↦ (a) { } a > 0 b ≤ 0 false 33

  47. Design space of precise symbolic encodings solve : bounded model checking ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs) symbolic execution vs ↦ (a, b) ps ↦ ( ) a ≤ 0 a > 0 ps ↦ (a) ps ↦ ( ) b ≤ 0 b ≤ 0 b > 0 b > 0 ps ↦ (a) ps ↦ (b, a) ps ↦ ( ) ps ↦ (b) { } { } { } { } a ≤ 0 a ≤ 0 a > 0 a > 0 ∨ ∨ ∨ b ≤ 0 b ≤ 0 b > 0 b > 0 true false false false 33

  48. Design space of precise symbolic encodings solve : bounded model checking ps = () vs ↦ (a, b) for v in vs: ps ↦ ( ) if v > 0: a ≤ 0 a > 0 ps = insert(v, ps) assert len(ps) == len(vs) ps ↦ ( ) ps ↦ (a) symbolic execution ps ↦ ps 0 vs ↦ (a, b) ps ↦ ( ) a ≤ 0 a > 0 ps ↦ (a) ps ↦ ( ) b ≤ 0 b ≤ 0 b > 0 b > 0 ps ↦ (a) ps ↦ (b, a) ps ↦ ( ) ps ↦ (b) ps 0 = ite(a > 0, (a), ( )) { } { } { } { } a ≤ 0 a ≤ 0 a > 0 a > 0 ps 1 = insert(b, ps 0 ) ∨ ∨ ∨ b ≤ 0 b ≤ 0 b > 0 b > 0 ps 2 = ite(b > 0, ps 0 , ps 1 ) true false false false assert len(ps 2 ) = 2 33

  49. Design space of precise symbolic encodings solve : bounded model checking ps = () vs ↦ (a, b) for v in vs: ps ↦ ( ) if v > 0: a ≤ 0 a > 0 ps = insert(v, ps) assert len(ps) == len(vs) ps ↦ ( ) ps ↦ (a) symbolic execution ps ↦ ps 0 vs ↦ (a, b) b > 0 ps ↦ ( ) ps ↦ ps 1 a ≤ 0 a > 0 ps ↦ (a) ps ↦ ( ) b ≤ 0 b ≤ 0 b > 0 b > 0 ps ↦ (a) ps ↦ (b, a) ps ↦ ( ) ps ↦ (b) ps 0 = ite(a > 0, (a), ( )) { } { } { } { } a ≤ 0 a ≤ 0 a > 0 a > 0 ps 1 = insert(b, ps 0 ) ∨ ∨ ∨ b ≤ 0 b ≤ 0 b > 0 b > 0 ps 2 = ite(b > 0, ps 0 , ps 1 ) true false false false assert len(ps 2 ) = 2 33

  50. Design space of precise symbolic encodings solve : bounded model checking ps = () vs ↦ (a, b) for v in vs: ps ↦ ( ) if v > 0: a ≤ 0 a > 0 ps = insert(v, ps) assert len(ps) == len(vs) ps ↦ ( ) ps ↦ (a) symbolic execution ps ↦ ps 0 vs ↦ (a, b) b ≤ 0 b > 0 ps ↦ ( ) ps ↦ ps 0 ps ↦ ps 1 a ≤ 0 a > 0 ps ↦ (a) ps ↦ ( ) ps ↦ ps 2 b ≤ 0 b ≤ 0 b > 0 b > 0 ps ↦ (a) ps ↦ (b, a) ps ↦ ( ) ps ↦ (b) ps 0 = ite(a > 0, (a), ( )) { } { } { } { } a ≤ 0 a ≤ 0 a > 0 a > 0 ps 1 = insert(b, ps 0 ) ∨ ∨ ∨ b ≤ 0 b ≤ 0 b > 0 b > 0 ps 2 = ite(b > 0, ps 0 , ps 1 ) true false false false assert len(ps 2 ) = 2 33

  51. A new design: type-driven state merging solve : ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs) { } a > 0 b > 0 true 34

  52. A new design: type-driven state merging solve : ps = () for v in vs: if v > 0: ps = insert(v, ps) assert len(ps) == len(vs) Merge values of ‣ primitive types: symbolically ‣ immutable types: structurally ‣ all other types: via unions { } a > 0 b > 0 true 34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSE507 Computer-Aided Reasoning for Software Symbolic Execution

CSE507 Computer-Aided Reasoning for Software Symbolic Execution

CSE507 Computer-Aided Reasoning for Software Symbolic Execution courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Bounded verification: forward VCG for finitized programs 2

851 views • 45 slides
CSE507 Computer-Aided Reasoning for Software Finite Model Finding

CSE507 Computer-Aided Reasoning for Software Finite Model Finding

CSE507 Computer-Aided Reasoning for Software Finite Model Finding courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture The DPPL(T) framework for deciding quantifier-free SMT

986 views • 69 slides
CSE507 Computer-Aided Reasoning for Software Bounded Verification

CSE507 Computer-Aided Reasoning for Software Bounded Verification

CSE507 Computer-Aided Reasoning for Software Bounded Verification courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Full functional verification with Dafny, Boogie, and Z3 2

809 views • 54 slides
CSE507 Computer-Aided Reasoning for Software Program Synthesis

CSE507 Computer-Aided Reasoning for Software Program Synthesis

CSE507 Computer-Aided Reasoning for Software Program Synthesis courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today Last lecture Angelic nondeterminism and execution Today Program synthesis:

645 views • 15 slides
CSE507 Computer-Aided Reasoning for Software Model Checking I

CSE507 Computer-Aided Reasoning for Software Model Checking I

CSE507 Computer-Aided Reasoning for Software Model Checking I courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Symbolic execution and concolic testing 2 Today Last lecture

776 views • 62 slides
CSE507 Computer-Aided Reasoning for Software Model Checking II

CSE507 Computer-Aided Reasoning for Software Model Checking II

CSE507 Computer-Aided Reasoning for Software Model Checking II courses.cs.washington.edu/courses/cse507/14au/ Emina Torlak emina@cs.washington.edu Today 2 Today Last lecture Model checking basics 2 Today Last lecture Model

831 views • 55 slides
Experiment 6 Absorption and Emision Spectra Chlorophyll a is essential for most photosynthetic

Experiment 6 Absorption and Emision Spectra Chlorophyll a is essential for most photosynthetic

Experiment 6 Absorption and Emision Spectra Chlorophyll a is essential for most photosynthetic organisms to harvest sunlight into chemical energy Four Years Evolution

559 views • 9 slides
A stochastic model for phytoplankton dynamics in the Tyrrhenian Sea a Davide Valenti a Davide

A stochastic model for phytoplankton dynamics in the Tyrrhenian Sea a Davide Valenti a Davide

7 th International Conference on Unsolved Problems on Noise Barcelona, Casa Convalescncia, Spain, 13-17 July 2015 A stochastic model for phytoplankton dynamics in the Tyrrhenian Sea a Davide Valenti a Davide Valenti Group of

546 views • 40 slides
satin: a R package for extracting and visualizing satellite data for oceanographic applications

satin: a R package for extracting and visualizing satellite data for oceanographic applications

satin: a R package for extracting and visualizing satellite data for oceanographic applications Hctor VILLALOBOS 1 and Eduardo GONZLEZ-RODRGUEZ 2 1 Centro Interdisciplinario de Ciencias Marinas Instituto Politcnico Nacional (CICIMAR-IPN) (

522 views • 20 slides
Some EU and US experiences in Some EU and US experiences in eutrophication assessment for

Some EU and US experiences in Some EU and US experiences in eutrophication assessment for

Some EU and US experiences in Some EU and US experiences in eutrophication assessment for assessment for eutrophication transitional and coastal waters transitional and coastal waters http://www.eutro.org J.G.Ferreira S.B. Bricker EU Joint

469 views • 15 slides
Topic 1: Systems SYSTEM: an assemblage of parts and their relationship forming a functioning

Topic 1: Systems SYSTEM: an assemblage of parts and their relationship forming a functioning

Environmental Systems Mr Gs Environmental Science www.sciencebitz.com 1 Topic 1: Systems SYSTEM: an assemblage of parts and their relationship forming a functioning entirety or whole. 2 Topic 1: Systems 1970s James Lovelock

449 views • 8 slides
Building an IDE on top of a Build System The tale of a Haskell IDE How to write a compiler? +

Building an IDE on top of a Build System The tale of a Haskell IDE How to write a compiler? +

Building an IDE on top of a Build System The tale of a Haskell IDE How to write a compiler? + 1000s of papers, on every single aspect + A course at most universities + Blog posts galore How to write an IDE? Base it on a build system! The

484 views • 33 slides
Language and Vision Xavier Gir-i-Nieto Acknowledgments Santi Pascual 2 In lecture D2L6

Language and Vision Xavier Gir-i-Nieto Acknowledgments Santi Pascual 2 In lecture D2L6

Day 4 Lecture 3 Language and Vision Xavier Gir-i-Nieto Acknowledgments Santi Pascual 2 In lecture D2L6 RNNs... Language OUT Language IN Cho, Kyunghyun, Bart Van Merrinboer, Caglar Gulcehre, Dzmitry Bahdanau, Fethi Bougares, Holger

579 views • 53 slides
Translation Model Parallel corpus source target translation e f phrase phrase features

Translation Model Parallel corpus source target translation e f phrase phrase features

Translation Model Parallel corpus source target translation e f phrase phrase features Reranking Model Monolingual feature corpus Language Model weights f Held-out e f parallel corpus

1.1k views • 63 slides
Robust Decision Trees Against Adversarial Examples Honge Chen 1 , Huan Zhang 2 , Duane Boning 1 and

Robust Decision Trees Against Adversarial Examples Honge Chen 1 , Huan Zhang 2 , Duane Boning 1 and

Robust Decision Trees Against Adversarial Examples Honge Chen 1 , Huan Zhang 2 , Duane Boning 1 and Cho-Jui Hsieh 2 1 MIT 2 UCLA 36 th International Conference on Machine Learning (ICML) June 11, 2019, Long Beach, CA, USA Code (XGBoost

859 views • 31 slides
Data Quality Management Program (DQMP) Part 1: Overview of a DQMP Mike Lindsay, ICF &

Data Quality Management Program (DQMP) Part 1: Overview of a DQMP Mike Lindsay, ICF &

Data Quality Management Program (DQMP) Part 1: Overview of a DQMP Mike Lindsay, ICF & Natalie Matthews, Abt Associates Inc. 1 About NHSDC The National Human Services Data Consortium (NHSDC) is an organization focused on developing

869 views • 33 slides
Specialising the EDM for Digitised Manuscripts Kai Eckert 1 , Steffen Hennicke, Evelyn Drge,

Specialising the EDM for Digitised Manuscripts Kai Eckert 1 , Steffen Hennicke, Evelyn Drge,

Specialising the EDM for Digitised Manuscripts Kai Eckert 1 , Steffen Hennicke, Evelyn Drge, Julia Iwanowa, Violeta Trkulja 1 Universitt Mannheim, Humboldt-Universitt zu Berlin Semantic Web in Libraries - Hamburg, 27.11.2013

315 views • 18 slides
vESP search and delivery of talks/lectures vESP: Idea Present a video of explanations about TCP

vESP search and delivery of talks/lectures vESP: Idea Present a video of explanations about TCP

vESP search and delivery of talks/lectures vESP: Idea Present a video of explanations about TCP congestion control techniques combining slides from talks/lectures given by Van Jacobson Vinton G. Cerf Mark Allman Jitendra Padhye

344 views • 8 slides
W H W H I T N E I T N E Y S C H Y S C H M I D M I D T ( W P S 5 ) , T ( W P S 5 ) , M I C

W H W H I T N E I T N E Y S C H Y S C H M I D M I D T ( W P S 5 ) , T ( W P S 5 ) , M I C

W H W H I T N E I T N E Y S C H Y S C H M I D M I D T ( W P S 5 ) , T ( W P S 5 ) , M I C H M I C H E L L E C H E L L E C H O ( C H O ( C H O 1 O 1 9 9 3 ) 9 9 3 ) PROBLEM Mini nimu mum o m order p price De Deli

142 views • 3 slides
PASSCoDe : P arallel AS ynchronous S tochastic dual Co -ordinate De scent Cho-Jui Hsieh

PASSCoDe : P arallel AS ynchronous S tochastic dual Co -ordinate De scent Cho-Jui Hsieh

PASSCoDe : P arallel AS ynchronous S tochastic dual Co -ordinate De scent Cho-Jui Hsieh Department of Computer Science University of Texas at Austin Joint work with H.-F. Yu and I. S. Dhillon Cho-Jui Hsieh (UT Austin) PASSCoDe July 7, 2015 1

908 views • 75 slides
Hazardous Material Management in Thilawa Special Economic Zone, Myanmar Gene Peralta*, Cho Cho

Hazardous Material Management in Thilawa Special Economic Zone, Myanmar Gene Peralta*, Cho Cho

Hazardous Material Management in Thilawa Special Economic Zone, Myanmar Gene Peralta*, Cho Cho Wynn, Janis Shandro, Min Than Nyunt, Pyi Pyi Pho, Susann Roth Shwedagon Pagoda, Yangon Development in Thilawa SEZ ~100 manufacturing and service

1.05k views • 8 slides
DOI datacenters should provide Harry Enke Leibniz-Institute for Astrophysics Potsdam (AIP)

DOI datacenters should provide Harry Enke Leibniz-Institute for Astrophysics Potsdam (AIP)

DOI datacenters should provide Harry Enke Leibniz-Institute for Astrophysics Potsdam (AIP) Intro: DOI DOI digital object identifier (started in 1998) - well known entities for scientific papers - only scarcely deployed for scientific

258 views • 14 slides
for End-to-End Simulated Driving Jiakai Zhang, Kyunghyun Cho New York University Overview

for End-to-End Simulated Driving Jiakai Zhang, Kyunghyun Cho New York University Overview

Query-Efficient Imitation Learning for End-to-End Simulated Driving Jiakai Zhang, Kyunghyun Cho New York University Overview Introduction End-to-end learning for self-driving Related work Learning method Convolutional

468 views • 17 slides
Search Result Diversity for Informational Queries Michael Welch, Junghoo Cho, Christopher Olston

Search Result Diversity for Informational Queries Michael Welch, Junghoo Cho, Christopher Olston

Search Result Diversity for Informational Queries Michael Welch, Junghoo Cho, Christopher Olston mjwelch@yahoo-inc.com, cho@cs.ucla.edu, olston@yahoo-inc.com Example 2 Example 3 Example 4 5 (Lack of) Diversity in Results ! ! In the top 10

456 views • 31 slides

More recommend