Modular Synthesis of Sketches Using Models

Transcription

1 Modular Synthesis of Sketches Using Models Rohit Singh, Rishabh Singh, Zhilei Xu, Rebecca Krosnick and Armando Solar-Lezama March 10-11, 2014 Berkeley, CA, USA Rohit Singh., Rishabh Singh, Zhilei Xu, Armando Solar-Lezama, Rebecca Krosnick Modular Synthesis of Sketches using Models

2 Synthesis with Sketch Extend a C-like language with one construct Constant hole:?? int bar (int x) { int t = x *??; assert t == x + x; return t; int bar (int x) { int t = x * 2; assert t == x + x; return t; Manifests as huge sketch problems in general (SQL, Auto-grader, MPI etc)

3 More Complex Sketches Main(){ Bar();??; Baz(); Baz(){ Qux();??; Bar(){??; Baz(); Qux(??); Qux(){ Application Structure: Sketch based Synthesis

4 More complex Sketches Main(){ Bar();??; Baz(); Bar(){??; Baz(); Qux(??); Baz(){ Qux();??; Baz(){??; Qux(){ Qux(){ Need to reason about this Popular way potentially of solving: huge piece Contracts of code (Verification)

5 Modularity through Contracts Main(){ Bar(); Baz(); ContractBaz() Baz(){ Qux(); ContractBar() Bar(){ Baz(); Qux(); ContractQux() Qux(){ Application Structure

6 Modularity through Contracts Foo(){ ContractBar() Bar(); ContractBaz() Baz(); Baz(){ ContractQux() Qux(); Bar(){ ContractBaz() Baz(); ContractQux() Qux(); Qux(){ Application to Formulae with Contracts: Can Reason Separately ContractQux()

7 Contracts for Synthesis? Foo(){ Bar();??; Baz(); Baz(){ Qux();??; Bar(){??; Baz(); Qux(??); Qux(){ Application Structure: Sketch based Synthesis??s: Control Bits Or Constant Holes

8 Contracts for Verification {Pre(in) rv = Foo(in){ Bar(); Baz(); return ; {Post(rv, in, temp) Precondition Postcondition Easily combined as a predicate for analysis

9 Contracts for Synthesis We call our contracts Models Partially interpreted functions Canonicalization step Un-interpreted function Post-condition

10 Example: Sq. Root for Primality Test harness bool void fastprimalitycheck(int p) { bool isprime = false; if (p > 1 ) { isprime = true; minrepeat { if (p %?? == 0) isprime = false; int bnd = linexp(sqrt(linexp(p))) /??; optimize(bnd, p); for (int i =?? ; i < bnd; ++i) { Checking if an integer p is prime or not Some exceptions to the prime linear expressions rule All linear expressions representing primes should be p bnd expression minrepeat { minrepeat{s linexp(i) repeat??*i ±?? if (p % linexp(i) == 0) Check only a bounded Only statements a few linear {s expressions minimum (modulo a isprime = false; number of divisors big number) of are times candidates needed for primes assert isprime == checkprimalitylinear(p); return isprime;

11 Example: Sq. Root for Primality Test harness bool void fastprimalitycheck(int p) { bool isprime = false; if (p > 1 ) { isprime = true; minrepeat { if (p %?? == 0) isprime = false; int bnd = linexp(sqrt(linexp(p))) /?? ; optimize(bnd, p); for (int i =?? ; i < bnd; ++i) { minrepeat { if (p % linexp(i) == 0) isprime = false; assert isprime == checkprimalitylinear(p); return isprime; int msqrt(int i) models sqrt { int rv = sqrtuf(i); if (i <= 0) { assert rv == 0; else { assert rv * rv <= i; assert(rv + 1) * (rv + 1) > i; return rv; Uninterpretted Function Post Conditions on return value sqrt is also sketched (too complicated), msqrt is fairly simple Both sketches solved in < 9 mins with the model but can t be solved together (memory/time limit exceeds) otherwise

12 Example: Sq. Root for Primality Test harness void fastprimalitycheck(int p) { bool isprime = false; if (p > 1 ) { isprime = true; { if (p % 2 == 0) isprime = false; if (p % 3 == 0) isprime = false; int bnd = (sqrt(p)+ 1) / 6; for (int i = 1 ; i < bnd; ++i) { if (p % (6*i + 1) == 0) isprime = false; if (p % (6*i - 1) == 0) isprime = false; assert isprime == checkprimalitylinear(p);

13 Example: Big Integer Multiplication harness main(int[n] x1, int[n] x2){ t = mul(x1,x2); int[n] mul(int[n] x1, int[n] x2){ Karatsuba Multiplication Sketch int[n] mmul(int[n] x1, int[n] x2) models mul { int[n] xa = min(x1,x2); int[n] xb = max(x1,x2); int[n] rv = muluf(xa,xb); if (x1 == 0 x2 == 0 ) { assert rv == 0; return rv; Uninterpretted Function Modelling Commutativity with canonicalization Post condition on return value mmul models mul (Karatsuba multiplication sketch) with a much smaller model size Underspecified model Hope that the modeled properties are sufficient for main Benchmarks: Poly-deriv Auto-Grader, Poly-eval Auto-Grader

14 Problem Formalization Rohit Singh., Rishabh Singh, Zhilei Xu, Armando Solar-Lezama, Rebecca Krosnick Modular Synthesis of Sketches using Models

15 Problem Formalization Canonicalization Function f model (in model ) models f orig { x = α(in model ); rv = f u (x); Uninterpretted Function assert P model (rv, in model ); return rv; Post Condition harness void Main(in main ) { t1 = h(in main, c); t2 = f orig (t1, c); assert P main (t2, in main, c); Model M α, f u, P model Models f orig which has holes

16 How to Solve? f model (in model ) models f orig { x = α(in model ); rv = f u (x); assert P model (rv, in model ); return rv; harness void Main(in main ) { t1 = h(in main, c); t2 = f orig (t1, c); assert P main (t2, in main, c); Goal: Solve complete sketch Main and the sketch for f orig inlined in it (without f model )

17 How to Solve using models? f model (in model ) models f orig { x = α(in model ); rv = f u (x); assert P model (rv, in model ); return rv; harness void Main(in main ) { t1 = h(in main, c); t2 = f orig (t1, c); assert P main (t2, in main, c); f orig (c orig ) P model (f u α ) Main (c main ) Find an instance of f orig in the set of functions represented by P model (Adherence) Find c main such that for any function replacing f orig in Main satisfying model property, P main is satisfied (Correctness)

18 Adherence Equation f model (in) models f orig { x = α(in); rv = f u (x); assert P model (rv, in); return rv; Adherence of original function to the model (Adherence equation) There is a candidate f orig and uninterpretted function f u f orig (c orig ) f u οα (P model ) Main (c main ) Tricky to deal with this! But we don t care what is f u c orig f u in f u α in = f orig in, c orig P model f u α in, in Model function should satisfy the model constraints P model Model function is equal to the original value function on all inputs

19 Solving the Adherence Equation No quantified functions Easy to solve using traditional CEGIS

20 Correctness f model (in model ) models f orig { x = α(in model ); rv = f u (x); f orig (c orig ) f u οα (P model ) Main (c main ) assert P model (rv, in model ); return rv; harness void Main(in main ) { t1 = h(in main, c main ); t2 = f orig (t1, c main ); assert P main (t2, in main, c main ); Correctness of main under the model (Correctness equation) in model h in main, c main rv f u α in model Find a candidate Main For each input and each uninterpretted function f u c main in f u P model rv, in model P main (rv, in, c main ) f u satisfies model constraint Main constraint P main is satisfied

21 Comparison of different approaches

22 Comparison of different approaches

23 Boolean DAG Calculator: Case Study A calculator using topological sort as a subroutine Topological sort has Complex imperative implementation Simple declarative model Complete inlined sketch times out after 5 hours Solution with model takes 30 minutes

24 Related work Library-Based Scalable Refinement Checking for Contract-Based Design Antonio Iannopollo, Pierluigi Nuzzo, Stavros Tripakis, Alberto Sangiovanni-Vincentelli New efficient LTL Assume-Guarantee refinement algorithm can solve reactive synthesis problems Contracts based design enables Compositional reasoning Hierarchical design Component reuse

25 Conclusion Existing approaches to CEGIS in the presence of models (CEGIS and Angelic approach) are inefficient and potentially incomplete A new, complete and terminating algorithm (CEGIS+) that can efficiently synthesize functions using models Preliminary evaluation of our algorithm shows how CEGIS+ enables solving of complex sketches