Abstract. Symbolic reasoning is in the core of many software development tools such as: bug-finders, test-case generators, and verifiers. Of renewed interest is the use of symbolic reasoning for synthesing code, loop invariants and ranking functions. Satisfiability Modulo Theories (SMT) solvers have been the focus of increased recent attention thanks to technological advances and an increasing number of applications. In this paper we review some of these applications that use software verifiers as bug-finders “on steroids ” and suggest that new model finding techniques are needed to increase the set of applications supported by these solvers. 1

in partial ful llment of the requirements for the degree of

Abstract. Synthesis of program fragments from specifications can make programs easier to write and easier to reason about. We present Comfusy, a tool that extends the compiler for the general-purpose programming language Scala with (non-reactive) functional synthesis over unbounded domains. Comfusy accepts expressions with input and output variables specifying relations on integers and sets. Comfusy symbolically computes the precise domain for the given relation and generates the function from inputs to outputs. The outputs are guaranteed to satisfy the relation whenever the inputs belong to the relation domain. The core of our synthesis algorithm is an extension of quantifier elimination that generates programs to compute witnesses for eliminated variables. We present examples that demonstrate software synthesis using Comfusy and illustrate how synthesis simplifies software development. 1

In this paper, we present a novel program synthesis approach that is inspired by symbolic testing. We symbolically execute an unknown template program and constrain the program’s behavior over each executed path. As more paths are explored the space of candidate programs narrows until only the valid ones remain. Instead of randomly picking paths, we find that is possible and more efficient to direct path exploration over the unknown template program using a novel technique that parameterizes the symbolic executor by the remaining candidate solutions. We call this approach Pathbased Inductive Synthesis (PINS). We apply PINS to the problem of automatic program inversion. The specification for inversion is implicit as the combination of the original program and the inverse is the identity transform. We observe that an inverse is typically related to the original program and so the space of possible inverses can be inferred by automatically mining the original program for expressions, predicates, and control flow. Using PINS, we show we can synthesize inverses for compressors (e.g., LZ77), packers (e.g., UUEncode), and arithmetic transformers (e.g., image rotations). PINS synthesizes these inverses in a median time of 40 seconds and an average time of 293 seconds, demonstrating the viability of our testing-inspired synthesis approach. 1.

Abstract not found

Abstract. Program verification is the task of automatically generating proofs for a program’s compliance with a given specification. Program synthesis is the task of automatically generating a program that meets a given specification. Both program verification and program synthesis can be viewed as search problems, for proofs and programs, respectively. For these search problems, we present approaches based on user-provided insights in the form of templates. Templates are hints about the syntactic forms of the invariants and programs, and help guide the search for solutions. We show how to reduce the template-based search problem to satisfiability solving, which permits the use of off-the-shelf solvers to efficiently explore the search space. Template-based approaches have allowed us to verify and synthesize programs outside the abilities of previous verifiers and synthesizers. Our approach can verify and synthesize difficult algorithmic textbook programs (e.g., sorting, and dynamic programming-based algorithms, etc.), and difficult arithmetic programs. 1

Abstract. A synthesis procedure acts as a compiler for declarative specifications. It accepts a formula describing a relation between inputs and outputs, and generates a function implementing this relation. This paper presents the first synthesis procedures for 1) algebraic data types and 2) arrays. Our procedures are reductions that lift a synthesis procedure for the elements into synthesis procedures for containers storing these elements. We introduce a framework to describe synthesis procedures as systematic applications of inference rules. We show that, by interpreting both synthesis problems and programs as relations, we can derive and modularly prove widely applicable transformation rules, simplifying both the presentation and the correctness argument. 1