A lightweight symbolic virtual machine for solver-aided host languages

  title={A lightweight symbolic virtual machine for solver-aided host languages},
  author={Emina Torlak and Rastislav Bod{\'i}k},
  journal={Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation},
  • E. Torlak, R. Bodík
  • Published 9 June 2014
  • Computer Science
  • Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation
Solver-aided domain-specific languages (SDSLs) are an emerging class of computer-aided programming systems. [] Key Method Our symbolic virtual machine is lightweight because it compiles to constraints only a small subset of the host's constructs, while allowing SDSL designers to use the entire language, including constructs for DSL embedding. This lightweight compilation employs a novel symbolic execution technique with two key properties: it produces compact encodings, and it enables concrete evaluation to…

Figures and Tables from this paper

2 : 2 Domain-Specific Symbolic Compilation
This work introduces symbolic languages that encapsulate domain-specific encodings under abstractions that behave as their non-symbolic counterparts: client code using the abstractions can be tested and debugged on concrete inputs.
Finding code that explodes under symbolic evaluation
Symbolic profiling, a new approach to identifying and diagnosing performance bottlenecks in programs under symbolic evaluation, is presented and 8 previously undiagnosed performance issues are discovered.
Towards Partially Evaluating Symbolic Interpreters for All (Short Paper)
This paper constructs variants of staged symbolic interpreters that can be partially evaluated using the Lightweight Modular Staging (LMS) framework and demonstrates a unifying methodology that can been applied to compiling diverse flavors of symbolic execution.
Practical formal techniques and tools for developing LLVM’s peephole optimizations
This dissertation presents Alive, a domain-specific language for specifying peephole optimizations in LLVM, and the Alive-NJ toolkit, which automatically checks the correctness of integerand floating point-based optimizations.
SpaceSearch: a library for building and verifying solver-aided tools
SpaceSearch is a new library for developing solver-aided tools within a proof assistant that combines the strong correctness guarantees of developing a tool in a proofAssistant with the high performance of modern SMT solvers.
Bonsai: synthesis-based reasoning for type systems
The bonsai tree is a novel symbolic representation of programs and program states that addresses efficiency challenges, which are caused by having to merge execution paths of the various possible input programs.
Using human-in-the-loop synthesis to author functional reactive programs
An efficient encoding of functional reactive programming (FRP) semantics based on functional programming over lists lifted in Rosette is written and it is demonstrated that this technique is state-of-the-art.
CirC: Compiler infrastructure for proof systems, software verification, and more
This work shows that building shared compiler infrastructure for compiling to constraint representations is possible, and shows that this shared infrastructure is useful, because it allows compilers for proof systems to benefit from decades of work on constraint compilation techniques for software verification.
PLDI : U : Type Assisted Synthesis of Recursive Transformers on Algebraic Datatypes
This work wants to explore if automated program synthesis can help generate these transformations directly from the semantics of the languages and thus, reducing a lot of burden off the programmers.
rtlv: push-button verification of software on hardware
This paper presents rtlv, an approach for push-button formal verification of properties that involve software running on hardware for many cycles. For example, rtlv can be used to prove that


Growing solver-aided languages with rosette
ROSETTE is introduced, a framework for designing solver-aided languages that frees designers from having to compile their languages to constraints and describes three case studies of using ROSETTE to implement languages and synthesizers for web scraping, spatial programming, and superoptimization of bitvector programs.
Generalized Symbolic Execution for Model Checking and Testing
A source to source translation to instrument a program is defined, which enables standard model checkers to perform symbolic execution of the program, and a novel symbolic execution algorithm is given that handles dynamically allocated structures, method preconditions and concurrency.
Finding bugs efficiently with a SAT solver
A soundness proof for the slicing algorithm and a general condition under which relational formulae may be sliced are presented and a new encoding of the program that effectively slices it at the logical level with respect to the specification is presented.
Dafny: An Automatic Program Verifier for Functional Correctness
A tour of the language and verifier Dafny, which has been used to verify the functional correctness of a number of challenging pointer-based programs, is given and the full functional specification of the Schorr-Waite algorithm is shown.
On Verification by Translation to Recursive Functions
A generational unrolling strategy for recursive templates that yields smaller satisfiable formulas and ensures completeness for counter-examples is described, which is the core solving engine of Leon.
Modular verification of code with SAT
A variety of implementations of the Java Collections Framework's List interface were checked against existing JML specifications, and the analysis revealed bugs in the implementations, as well as errors in the specifications themselves.
Symbolic execution and program testing
A particular system called EFFIGY which provides symbolic execution for program testing and debugging is described, which interpretively executes programs written in a simple PL/I style programming language.
Saturn: A scalable framework for error detection using Boolean satisfiability
Saturn is a general framework for building precise and scalable static error detection systems that exploits recent advances in Boolean satisfiability (SAT) solvers and is path sensitive, precise down to the bit level, and models pointers and heap data.
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs
A new symbolic execution tool, KLEE, capable of automatically generating tests that achieve high coverage on a diverse set of complex and environmentally-intensive programs, and significantly beat the coverage of the developers' own hand-written test suite is presented.
A Symbolic Execution Framework for JavaScript
This paper builds an automatic end-to-end tool, Kudzu, and applies it to the problem of finding client-side code injection vulnerabilities, and designs a new language of string constraints and implements a solver for it.