Results 1  10
of
10
From Program Verification to Program Synthesis
"... This paper describes a novel technique for the synthesis of imperative programs. Automated program synthesis has the potential to make programming and the design of systems easier by allowing programs to be specified at a higherlevel than executable code. In our approach, which we call prooftheore ..."
Abstract

Cited by 50 (21 self)
 Add to MetaCart
This paper describes a novel technique for the synthesis of imperative programs. Automated program synthesis has the potential to make programming and the design of systems easier by allowing programs to be specified at a higherlevel than executable code. In our approach, which we call prooftheoretic synthesis, the user provides an inputoutput functional specification, a description of the atomic operations in the programming language, and a specification of the synthesized program’s looping structure, allowed stack space, and bound on usage of certain operations. Our technique synthesizes a program, if there exists one, that meets the inputoutput specification and uses only the given resources. The insight behind our approach is to interpret program synthesis as generalized program verification, which allows us to bring verification tools and techniques to program synthesis. Our synthesis
Synthesizing Switching Logic using Constraint Solving
"... A new approach based on constraint solving techniques was recently proposed for verification of hybrid systems. This approach works by searching for inductive invariants of a given form. In this paper, we extend that work to automatic synthesis of safe hybrid systems. Starting with a multimodal d ..."
Abstract

Cited by 14 (13 self)
 Add to MetaCart
A new approach based on constraint solving techniques was recently proposed for verification of hybrid systems. This approach works by searching for inductive invariants of a given form. In this paper, we extend that work to automatic synthesis of safe hybrid systems. Starting with a multimodal dynamical system and a safety property, we present a sound technique for synthesizing a switching logic for changing modes so as to preserve the safety property. By construction, the synthesized hybrid system is wellformed and is guaranteed safe. Our approach is based on synthesizing a controlled invariant that is sufficient to prove safety. The generation of the controlled invariant is cast as a constraint solving problem. When the system, the safety property, and the controlled invariant are all expressed only using polynomials, the generated constraint is an ∃ ∀ formula in the theory of reals, which we solve using SMT solvers. The generated controlled invariant is then used to arrive at the maximally liberal switching logic.
Efficiently Solving Quantified BitVector Formulas
"... Abstract—In recent years, bitprecise reasoning has gained importance in hardware and software verification. Of renewed interest is the use of symbolic reasoning for synthesising loop invariants, ranking functions, or whole program fragments and hardware circuits. Solvers for the quantifierfree fra ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
Abstract—In recent years, bitprecise reasoning has gained importance in hardware and software verification. Of renewed interest is the use of symbolic reasoning for synthesising loop invariants, ranking functions, or whole program fragments and hardware circuits. Solvers for the quantifierfree fragment of bitvector logic exist and often rely on SAT solvers for efficiency. However, many techniques require quantifiers in bitvector formulas to avoid an exponential blowup during construction. Solvers for quantified formulas usually flatten the input to obtain a quantified Boolean formula, losing much of the wordlevel information in the formula. We present a new approach based on a set of effective wordlevel simplifications that are traditionally employed in automated theorem proving, heuristic quantifier instantiation methods used in SMT solvers, and model finding techniques based on skeletons/templates. Experimental results on two different types of benchmarks indicate that our method outperforms the traditional flattening approach by multiple orders of magnitude of runtime. I.
DIFC Programs by Automatic Instrumentation ∗
"... Decentralized information flow control (DIFC) operating systems provide applications with mechanisms for enforcing informationflow policies for their data. However, significant obstacles keep such operating systems from achieving widespread adoption. One key obstacle is that DIFC operating systems ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
Decentralized information flow control (DIFC) operating systems provide applications with mechanisms for enforcing informationflow policies for their data. However, significant obstacles keep such operating systems from achieving widespread adoption. One key obstacle is that DIFC operating systems provide only lowlevel mechanisms for allowing application programmers to enforce their desired policies. It can be difficult for the programmer to ensure that their use of these mechanisms enforces their highlevel policies, while at the same time not breaking the underlying functionality of the application. These are issues both for programmers who would develop new applications for a DIFC operating system and for programmers who would port existing applications to a DIFC operating system. Our work significantly eases these tasks. We present an automatic technique that takes as input a program with no DIFC code, and two policies: one that specifies prohibited information flows and one that specifies flows that must be allowed. Our technique then produces a new version of the input program that satisfies the two policies. To evaluate our technique, we created an automatic tool, called Swim (for Secure What I Mean), that implements the technique, and applied it to a set of realworld programs and policies. The results of our evaluation demonstrate that the technique is sufficiently expressive to generate code for realworld policies, and that it can generate such code efficiently. It thus represents a significant contribution towards developing systems with strong endtoend informationflow guarantees. Also affiliated with GrammaTech, Inc.
SatisfiabilityBased Program REASONING AND PROGRAM SYNTHESIS
, 2010
"... Program reasoning consists of the tasks of automatically and statically verifying correctness and inferring properties of programs. Program synthesis is the task of automatically generating programs. Both program reasoning and synthesis are theoretically undecidable, but the results in this disserta ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Program reasoning consists of the tasks of automatically and statically verifying correctness and inferring properties of programs. Program synthesis is the task of automatically generating programs. Both program reasoning and synthesis are theoretically undecidable, but the results in this dissertation show that they are practically tractable. We show that there is enough structure in programs written by human developers to make program reasoning feasible, and additionally we can leverage program reasoning technology for automatic program synthesis. This dissertation describes expressive and efficient techniques for program reasoning and program synthesis. Our techniques work by encoding the underlying inference tasks as solutions to satisfiability instances. A core ingredient in the reduction of these problems to finite satisfiability instances is the assumption of templates. Templates are userprovided hints about the structural form of the desired artifact, e.g., invariant, pre and postcondition templates for reasoning; or program templates for synthesis. We propose novel algorithms, parameterized by suitable templates, that reduce the inference of these artifacts to satisfiability. We show that fixedpoint computation—the key technical challenge in program reasoning— is encodable as SAT instances. We also show that program synthesis can be viewed as generalized
Bugs, Moles and Skeletons: Symbolic Reasoning for Software Development
"... Symbolic reasoning is in the core of many software development tools such as: bugfinders, testcase generators, and verifiers. Of renewed interest is the use of symbolic reasoning for synthesing code, loop invariants and ranking functions. Satisfiability Modulo Theories (SMT) solvers have been the ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Symbolic reasoning is in the core of many software development tools such as: bugfinders, testcase generators, and verifiers. Of renewed interest is the use of symbolic reasoning for synthesing code, loop invariants and ranking functions. Satisfiability Modulo Theories (SMT) solvers have been the focus of increased recent attention thanks to technological advances and an increasing number of applications. In this paper we review some of these applications that use software verifiers as bugfinders “on steroids” and suggest that new model finding techniques are needed to increase the set of applications supported by these solvers.
Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) Templatebased Program Verification and Program Synthesis
"... Abstract. Program verification is the task of automatically generating proofs for a program’s compliance with a given specification. Program synthesis is the task of automatically generating a program that meets a given specification. Both program verification and program synthesis can be viewed as ..."
Abstract
 Add to MetaCart
Abstract. Program verification is the task of automatically generating proofs for a program’s compliance with a given specification. Program synthesis is the task of automatically generating a program that meets a given specification. Both program verification and program synthesis can be viewed as search problems, for proofs and programs, respectively. For these search problems, we present approaches based on userprovided insights in the form of templates. Templates are hints about the syntactic forms of the invariants and programs, and help guide the search for solutions. We show how to reduce the templatebased search problem to satisfiability solving, which permits the use of offtheshelf solvers to efficiently explore the search space. Templatebased approaches have allowed us to verify and synthesize programs outside the abilities of previous verifiers and synthesizers. Our approach can verify and synthesize difficult algorithmic textbook programs (e.g., sorting, and dynamic programmingbased algorithms, etc.), and difficult arithmetic programs. 1
Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) Synthesizing Switching Logic using Constraint Solving ⋆
"... Abstract. For a system that can operate in multiple different modes, we define the switching logic synthesis problem as follows: given a description of the dynamics in each mode of the system, find the conditions for switching between the modes so that the resulting system satisfies some desired pro ..."
Abstract
 Add to MetaCart
Abstract. For a system that can operate in multiple different modes, we define the switching logic synthesis problem as follows: given a description of the dynamics in each mode of the system, find the conditions for switching between the modes so that the resulting system satisfies some desired properties. In this paper, we present an approach for solving the switching logic synthesis problem in the case when (i) the dynamics in each mode of the system are given using differential equations and, hence, the synthesized system is a hybrid system, and (ii) the desired property is a safety property. Our approach for solving the switching logic synthesis problem, called the constraintbased approach, consists of two steps. In the first constraint generation step, the synthesis problem is reduced to satisfiability of a quantified formula over the theory of reals. In the second constraint solving step, the quantified formula is solved. This paper focuses on constraint generation. The constraint generation step is based on the concept of a controlled inductive invariant. The search for controlled inductive invariant is cast as a constraint solving problem. The controlled inductive invariant is then used to arrive at the maximally liberal switching logic. We prove that the synthesized switching logic always gives us a wellformed and safe hybrid system. When the system, the safety property, and the controlled inductive invariant are all expressed only using polynomials, the generated constraint is an ∃ ∀ formula in the theory of reals, whose satisfiability is decidable.
FMSD manuscript No. (will be inserted by the editor) Efficiently Solving Quantified BitVector Formulas
"... Abstract In recent years, bitprecise reasoning has gained importance in hardware and software verification. Of renewed interest is the use of symbolic reasoning for synthesising loop invariants, ranking functions, or whole program fragments and hardware circuits. Solvers for the quantifierfree fra ..."
Abstract
 Add to MetaCart
Abstract In recent years, bitprecise reasoning has gained importance in hardware and software verification. Of renewed interest is the use of symbolic reasoning for synthesising loop invariants, ranking functions, or whole program fragments and hardware circuits. Solvers for the quantifierfree fragment of bitvector logic exist and often rely on SAT solvers for efficiency. However, many techniques require quantifiers in bitvector formulas to avoid an exponential blowup during construction. Solvers for quantified formulas usually flatten the input to obtain a quantified Boolean formula, losing much of the wordlevel information in the formula. We present a new approach based on a set of effective wordlevel simplifications that are traditionally employed in automated theorem proving, heuristic quantifier instantiation methods used in SMT solvers, and model finding techniques based on skeletons/templates. Experimental results on two different types of benchmarks indicate that our method outperforms the traditional flattening approach by multiple orders of magnitude of runtime.
Computer Sciences Department DIFC Programs by Automatic Instrumentation
"... Decentralized information flow control (DIFC) operating systems provide applications with mechanisms for enforcing informationflow policies for their data. However, significant obstacles keep such operating systems from achieving widespread adoption. One key obstacle is that DIFC operating systems p ..."
Abstract
 Add to MetaCart
Decentralized information flow control (DIFC) operating systems provide applications with mechanisms for enforcing informationflow policies for their data. However, significant obstacles keep such operating systems from achieving widespread adoption. One key obstacle is that DIFC operating systems provide only lowlevel mechanisms for allowing application programmers to enforce their desired policies. It can be difficult for the programmer to ensure that their use of these mechanisms enforces their highlevel policies, while at the same time not breaking the underlying functionality of the application. These are issues both for programmers who would develop new applications for a DIFC operating system and for programmers who would port existing applications to a DIFC operating system. Our work significantly eases this task. We present an automatic technique that takes as input a program with no DIFC code, and two policies: one that specifies prohibited information flows and one that specifies flows that must be allowed. Our technique then produces a new version of the input program that satisfies the two policies. To evaluate our technique, we created an automatic tool, called SWIM (for Secure What I Mean), that implements the technique, and applied it to a set of realworld programs and policies. The results of our evaluation demonstrate that the technique is both sufficiently expressive to generate code for realworld policies, and that it can generate such code efficiently. It thus represents a significant contribution towards developing systems with strong endtoend informationflow guarantees. 1.