Growing Solver-Aided Languages with ROSETTE Emina Torlak & - PowerPoint PPT Presentation

Growing Solver-Aided Languages with ROSETTE Emina Torlak & Rastislav Bodik U.C. Berkeley

solver-aided domain-specific language Solver-aided DSL (SDSL) Noun 1. A high-level language in which partially implemented programs can be executed , verified , debugged and synthesized with the aid of a constraint solver. 2

programming … assume pre(x) P(x) { specification … } assert post(P(x)) 3

programming … assume pre(x) formula, input/ P(x) { output pairs, … traces, another } program, … assert post(P(x)) 3

programming with a solver assume pre(x) assume pre(x) ? P(x) { … } assert post(P(x)) assert post(P(x)) SAT/SMT translate(…) solver 4

programming with a solver: code checking assume pre(x) Is there a valid P(x) { input x for which … P(x) violates the } spec? assert post(P(x)) SAT/SMT ∃ x . pre(x) ⋀ solver ¬post( P (x)) CBMC [Oxford], Dafny [MSR], Jahob [EPFL], 5 Miniatur / MemSAT [IBM], etc.

programming with a solver: code checking assume pre(x) Is there a valid P(x) { input x for which … P(x) violates the } spec? assert post(P(x)) SAT/SMT ∃ x . pre(x) ⋀ solver ¬post( P (x)) x = 42 counterexample model CBMC [Oxford], Dafny [MSR], Jahob [EPFL], 5 Miniatur / MemSAT [IBM], etc.

programming with a solver: localizing faults assume pre(x) Given x and x ′ , P(x) { what subset of P v = x + 2 is responsible for … } P(x) ≠ x ′ ? assert post(P(x)) pre(x) ⋀ post(x ′ ) ∧ SAT/SMT solver x ′ = P (x) 6 BugAssist [UCLA / MPI-SWS]

programming with a solver: localizing faults assume pre(x) Given x and x ′ , P(x) { what subset of P v = x + 2 is responsible for … } P(x) ≠ x ′ ? assert post(P(x)) pre(x) ⋀ post(x ′ ) ∧ SAT/SMT solver x ′ = P (x) repair MIN CORE / candidates MAXSAT 6 BugAssist [UCLA / MPI-SWS]

programming with a solver: angelic execution assume pre(x) Given x, choose v P(x) { at runtime so that v = choose() P(x, v) satisfies … } the spec. assert post(P(x)) SAT/SMT ∃ v . pre(x) ⋀ solver post( P (x, v)) Kaplan [EPFL], PBnJ [UCLA], Skalch 7 [Berkeley], Squander [MIT], etc.

programming with a solver: angelic execution assume pre(x) Given x, choose v P(x) { at runtime so that v = choose() P(x, v) satisfies … } the spec. assert post(P(x)) SAT/SMT ∃ v . pre(x) ⋀ solver post( P (x, v)) v = 0, … trace model Kaplan [EPFL], PBnJ [UCLA], Skalch 7 [Berkeley], Squander [MIT], etc.

programming with a solver: synthesis Replace ?? with assume pre(x) expression e so P(x) { that P e (x) satisfies v = ?? the spec on all … } valid inputs. assert post(P(x)) SAT/SMT ∃ e . ∀ x . pre(x) ⇒ solver post( P e (x)) Comfusy [EPFL], 8 Sketch [Berkeley / MIT]

programming with a solver: synthesis Replace ?? with assume pre(x) expression e so P(x) { that P e (x) satisfies v = ?? x − 2 the spec on all … } valid inputs. assert post(P(x)) SAT/SMT ∃ e . ∀ x . pre(x) ⇒ solver post( P e (x)) expressions model Comfusy [EPFL], 8 Sketch [Berkeley / MIT]

but building solver-aided languages is hard … Each new SDSL created by careful ?? ? P(x) { … } custom compilation to constraints, requiring years of (Q x …) training and experience. R(x) : … translate(…) SAT/SMT translate(…) solver translate(…) 9

a solver-aided framework for building SDSLs interpret(…) ?? ? P(x) { … } interpret(…) API(…) (Q x …) R(x) : … ROSETTE Implement a library or an interpreter for your SDSL, and get a synthesizer, verifier, debugger and angelic oracle for programs in that SDSL. 10

a tiny solver-aided extension of racket … top-level-form = general-top-level-form | (#%expression expr ) ( define-symbolic id expr) | (module id name-id (#%plain-module-begin ( define-symbolic* id expr) module-level-form ...)) | (begin top-level-form ...) | (begin-for-syntax top-level-form ...) ( assert expr) module-level-form = general-top-level-form | (#%provide raw-provide-spec ...) | (begin-for-syntax module-level-form ...) ( solve expr) general-top-level-form = expr ( verify expr) | (define-values ( id ...) expr ) | (define-syntaxes ( id ...) expr ) ( debug [expr ...+] expr) | (#%require raw-require-spec ...) expr = id ( synthesize | (#%plain-lambda formals expr ...+) | (case-lambda ( formals expr ...+) ...) #:forall expr | (if expr expr expr ) | (begin expr ...+) #:guarantee expr) | (begin0 expr expr ...) | (let-values ([( id ...) expr ] ...) expr ...+) ROSETTE | (letrec-values ([( id ...) expr ] ...) expr ...+) Racket | (set! id expr ) | (quote datum ) | (quote-syntax datum ) | (with-continuation-mark expr expr expr ) | (#%plain-app expr ...+) | (#%top . id ) | (#%variable-reference id ) | (#%variable-reference (#%top . id )) | (#%variable-reference) formals = ( id ...) | ( id ...+ . id ) | id 11

… with a symbolic evaluator and compiler transform, evaluate & solve compile to debug constraints SDSL + ROSETTE solver program racket verify synthesize KODKOD 12

… with a symbolic evaluator and compiler map solution to solve program debug level SDSL + ROSETTE solver program racket verify synthesize KODKOD 12

… with a symbolic evaluator and compiler map solution to solve program debug level SDSL + ROSETTE solver program racket verify synthesize KODKOD 12

rosette by example: an SDSL for circuits Bool n → Bool spec F a Why a circuit T b language? c T T d ‣ A teaching aid ‣ An oracle for Bool n → Bool testing circuit F a transformations T b in SAT -based c T solvers T d impl 13

rosette by example: an SDSL for circuits spec F a Why a circuit T b verify language? c T T d ‣ A teaching aid ∀ a, b, c, d . ‣ An oracle for impl(a, b, c, d) ≡ testing circuit spec(a, b, c, d) a F transformations T b in SAT -based c T solvers T d impl 13

rosette by example: an SDSL for circuits spec F Why a circuit T F language? T T ‣ A teaching aid ‣ An oracle for testing circuit F transformations T in SAT -based T T solvers T impl debug 13

rosette by example: an SDSL for circuits spec F a Why a circuit T b language? c T T d ‣ A teaching aid ‣ An oracle for testing circuit a F transformations T b in SAT -based c T solvers T d impl synthesize 13

a tiny circuit language (tcl) in racket spec a Warm up b verify c A classic DSL for d testing and ∀ a, b, c, d . verification of impl(a, b, c, d) ≡ circuits. spec(a, b, c, d) a b c d impl 14

a sample tcl program #lang s-exp tcl ( define-circuit (RBC-parity a b c d) ( ! ( <=> ( <=> a b) ( <=> c d)))) A circuit is a procedure that works ( define-circuit (AIG-parity a b c d) on boolean values. ( && ( ! ( && ( ! ( && ( ! ( && a b)) ( && ( ! a) ( ! b)))) ( ! ( && ( && ( ! c) ( ! d)) ( ! ( && c d)))))) ( ! ( && ( && ( ! ( && a b)) ( ! ( && ( ! a) ( ! b)))) ( && ( ! ( && ( ! c) ( ! d))) ( ! ( && c d))))))) ( verify-circuit AIG-parity RBC-parity) 15

a sample tcl program #lang s-exp tcl ( define-circuit (RBC-parity a b c d) > (RBC-parity #f #f #t #f) ( ! ( <=> ( <=> a b) ( <=> c d)))) #t ( define-circuit (AIG-parity a b c d) > (AIG-parity #f #f #t #f) ( && #t ( ! ( && ( ! ( && ( ! ( && a b)) ( && ( ! a) ( ! b)))) ( ! ( && ( && ( ! c) ( ! d)) ( ! ( && c d)))))) ( ! ( && ( && ( ! ( && a b)) ( ! ( && ( ! a) ( ! b)))) ( && ( ! ( && ( ! c) ( ! d))) ( ! ( && c d))))))) ( verify-circuit AIG-parity RBC-parity) 15

a sample tcl program #lang s-exp tcl Reduced Boolean ( define-circuit (RBC-parity a b c d) Circuit (¬, ⇔ ) ( ! ( <=> ( <=> a b) ( <=> c d)))) ( define-circuit (AIG-parity a b c d) ( && ( ! ( && ( ! ( && ( ! ( && a b)) ( && ( ! a) ( ! b)))) And Inverter Graph ( ! ( && ( && ( ! c) ( ! d)) ( ! ( && c d)))))) ( ! ( && ( && ( ! ( && a b)) ( ! ( && ( ! a) ( ! b)))) (¬, ∧ ) ( && ( ! ( && ( ! c) ( ! d))) ( ! ( && c d))))))) ( verify-circuit AIG-parity RBC-parity) 15

a sample tcl program #lang s-exp tcl ( define-circuit (RBC-parity a b c d) ( ! ( <=> ( <=> a b) ( <=> c d)))) ( define-circuit (AIG-parity a b c d) ( && ( ! ( && ( ! ( && ( ! ( && a b)) ( && ( ! a) ( ! b)))) ( ! ( && ( && ( ! c) ( ! d)) ( ! ( && c d)))))) ( ! ( && ( && ( ! ( && a b)) ( ! ( && ( ! a) ( ! b)))) ( && ( ! ( && ( ! c) ( ! d))) ( ! ( && c d))))))) ( verify-circuit AIG-parity RBC-parity) Verifies equivalence of two n-ary circuit functions. 15

a shallow embedding of tcl in racket #lang racket 1 ( define-syntax-rule ( define-circuit (RBC-parity a b c d) 3 (define-circuit (id in ...) expr) ( ! ( <=> ( <=> a b) ( <=> c d)))) 4 ( define (id in ...) expr)) 5 16

a shallow embedding of tcl in racket #lang racket 1 ( define-syntax-rule ( define (RBC-parity a b c d) 3 (define-circuit (id in ...) expr) 4 (! (<=> (<=> a b) (<=> c d)))) ( define (id in ...) expr)) 5 16