Abstract
Solver-aided domain-specific languages (SDSLs) are an emerging class of computer-aided programming systems. They ease the construction of programs by using satisfiability solvers to automate tasks such as verification, debugging, synthesis, and non-deterministic execution. But reducing programming tasks to satisfiability problems involves translating programs to logical constraints, which is an engineering challenge even for domain-specific languages.
We have previously shown that translation to constraints can be avoided if SDSLs are implemented by (traditional) embedding into a host language that is itself solver-aided. This paper describes how to implement a symbolic virtual machine (SVM) for such a host language. Our symbolic virtual machine is lightweight because it compiles to constraints only a small subset of the host's constructs, while allowing SDSL designers to use the entire language, including constructs for DSL embedding. This lightweight compilation employs a novel symbolic execution technique with two key properties: it produces compact encodings, and it enables concrete evaluation to strip away host constructs that are outside the subset compilable to constraints. Our symbolic virtual machine architecture is at the heart of Rosette, a solver-aided language that is host to several new SDSLs.
- AMD. Samples & demos. http://developer.amd.com/tools-and-sdks/heterogeneous-computing/amd-accelerated-parallel-processing-app-sdk/samples-demos/, 2013.Google Scholar
- J. Arndt. Matters Computational: Ideas, Algorithms, Source Code. Springer, 2011. Google Scholar
Digital Library
- D. Babic and A. J. Hu. Calysto: scalable and precise extended static checking. In ICSE, 2008. Google Scholar
Digital Library
- M. Barnett and K. R. M. Leino. Weakest-precondition of unstructured programs. In PASTE, 2005. Google Scholar
Digital Library
- M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In CASSIS, 2004. Google Scholar
Digital Library
- R. W. Blanc, E. Kneuss, V. Kuncak, and P. Suter. On Verification by Translation to Recursive Functions. Technical Report 186233, EPFL, 2013.Google Scholar
- C. Cadar and K. Sen. Symbolic execution for software testing: three decades later. Commun. ACM, 56(2):82--90, Feb. 2013. Google Scholar
Digital Library
- C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill, and D. R. Engler. EXE: automatically generating inputs of death. In CCS, 2006. Google Scholar
Digital Library
- C. Cadar, D. Dunbar, and D. Engler. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, 2008. Google Scholar
Digital Library
- S. Chandra, E. Torlak, S. Barman, and R. Bodik. Angelic debugging. In ICSE, 2011. Google Scholar
Digital Library
- E. Clarke, D. Kroening, and F. Lerda. A tool for checking ANSI-C programs. In TACAS, 2004.Google Scholar
Cross Ref
- P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, 1977. Google Scholar
Digital Library
- L. De Moura and N. Bjørner. Z3: an efficient SMT solver. In TACAS, 2008. Google Scholar
Digital Library
- G. Dennis. A relational framework for bounded program verification. PhD thesis, Massachusetts Institute of Technology, 2009.Google Scholar
- G. Dennis, F. S.-H. Chang, and D. Jackson. Modular verification of code with SAT. In ISSTA, 2006. Google Scholar
Digital Library
- J. Dolby, M. Vaziri, and F. Tip. Finding bugs efficiently with a SAT solver. In FSE, 2007. Google Scholar
Digital Library
- J. C. Filliâtre and C. Marché. The Why/Krakatoa/Caduceus platform for deductive program verification. In CAV, 2007. Google Scholar
Digital Library
- J. P. Galeotti. Software Verification Using Alloy. PhD thesis, University of Buenos Aires, 2010.Google Scholar
- C. Hritcu, J. Hughes, B. C. Pierce, A. Spector-Zabusky, D. Vytiniotis, A. Azevedo de Amorim, and L. Lampropoulos. Testing noninterference, quickly. In ICFP, 2013. Google Scholar
Digital Library
- M. Jose and R. Majumdar. Bug-Assist: assisting fault localization in ANSI-C programs. In CAV, 2011. Google Scholar
Digital Library
- The OpenCL Specification, Version 1.2. Khronos OpenCL Working Group, November 2012.Google Scholar
- S. Khurshid, C. S. Păsăreanu, and W. Visser. Generalized symbolic execution for model checking and testing. In TACAS, 2003. Google Scholar
Digital Library
- J. C. King. Symbolic execution and program testing. Commun. ACM, 19(7):385--394, 1976. Google Scholar
Digital Library
- E. Kohlbecker, D. P. Friedman, M. Felleisen, and B. Duba. Hygienic macro expansion. In LFP, 1986. Google Scholar
Digital Library
- A. S. Köksal, V. Kuncak, and P. Suter. Constraints as control. In POPL, 2012. Google Scholar
Digital Library
- A. S. Köksal, Y. Pu, S. Srivastava, R. Bodík, J. Fisher, and N. Piterman. Synthesis of biological models from mutation experiments. In POPL, 2013. Google Scholar
Digital Library
- S. Krishnamurthi. Educational pearl: Automata via macros. J. Funct. Program., 16(3):253--267, 2006. Google Scholar
Digital Library
- V. Kuznetsov, J. Kinder, S. Bucur, and G. Candea. Efficient state merging in symbolic execution. In PLDI, 2012. Google Scholar
Digital Library
- K. R. M. Leino. Dafny: an automatic program verifier for functional correctness. In LPAR, 2010. Google Scholar
Digital Library
- K. R. M. Leino and P. Rümmer. A polymorphic intermediate verification language: Design and logical encoding. In TACAS, 2010. Google Scholar
Digital Library
- J. P. Near and D. Jackson. Rubicon: bounded verification of web applications. In FSE, 2012. Google Scholar
Digital Library
- Racket. The Racket programming language. racket-lang.org.Google Scholar
- J. D. Ramsdell. An operational semantics for scheme. SIGPLAN Lisp Pointers, V(2):6--10, Apr. 1992. Google Scholar
Digital Library
- M. Sagiv, T. Reps, and S. Horwitz. Precise interprocedural dataflow analysis with applications to constant propagation. In TAPSOFT, 1996. Google Scholar
Digital Library
- P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant, and D. Song. A symbolic execution framework for JavaScript. In SP, 2010. Google Scholar
Digital Library
- L. Segal and P. Chalin. A comparison of intermediate verification languages: Boogie and Sireum/Pilar. In VSTTE, 2012. Google Scholar
Digital Library
- A. Solar-Lezama, L. Tancau, R. Bodik, V. Saraswat, and S. A. Seshia. Combinatorial sketching for finite programs. In ASPLOS, 2006. Google Scholar
Digital Library
- B. Steffen. Property-oriented expansion. In SAS, 1996. Google Scholar
Digital Library
- E. Torlak and R. Bodik. Growing solver-aided languages with Rosette. In Onward!, 2013. Google Scholar
Digital Library
- E. Torlak, M. Vaziri, and J. Dolby. MemSAT: checking axiomatic specifications of memory models. In PLDI, 2010. Google Scholar
Digital Library
- Y. Xie and A. Aiken. Saturn: A scalable framework for error detection using boolean satisfiability. ACM Trans. Program. Lang. Syst., 2007. Google Scholar
Digital Library
Index Terms
A lightweight symbolic virtual machine for solver-aided host languages
Recommendations
A lightweight symbolic virtual machine for solver-aided host languages
PLDI '14: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and ImplementationSolver-aided domain-specific languages (SDSLs) are an emerging class of computer-aided programming systems. They ease the construction of programs by using satisfiability solvers to automate tasks such as verification, debugging, synthesis, and non-...
Growing solver-aided languages with rosette
Onward! 2013: Proceedings of the 2013 ACM international symposium on New ideas, new paradigms, and reflections on programming & softwareSAT and SMT solvers have automated a spectrum of programming tasks, including program synthesis, code checking, bug localization, program repair, and programming with oracles. In principle, we obtain all these benefits by translating the program (once) ...
Symbolic types for lenient symbolic execution
We present lambda_sym, a typed λ-calculus for lenient symbolic execution, where some language constructs do not recognize symbolic values. Its type system, however, ensures safe behavior of all symbolic values in a program. Our calculus extends a base ...







Comments