Symbolic optimization with SMT solvers

The rise in efficiency of Satisfiability Modulo Theories (SMT) solvers has created numerous uses for them in software verification, program synthesis, functional programming, refinement types, etc. In all of these applications, SMT solvers are used for generating satisfying assignments (e.g., a witness for a bug) or proving unsatisfiability/validity(e.g., proving that a subtyping relation holds). We are often interested in finding not just an arbitrary satisfying assignment, but one that optimizes (minimizes/maximizes) certain criteria. For example, we might be interested in detecting program executions that maximize energy usage (performance bugs), or synthesizing short programs that do not make expensive API calls. Unfortunately, none of the available SMT solvers offer such optimization capabilities. In this paper, we present SYMBA, an efficient SMT-based optimization algorithm for objective functions in the theory of linear real arithmetic (LRA). Given a formula φ and an objective function t, SYMBA finds a satisfying assignment of φthat maximizes the value of t. SYMBA utilizes efficient SMT solvers as black boxes. As a result, it is easy to implement and it directly benefits from future advances in SMT solvers. Moreover, SYMBA can optimize a set of objective functions, reusing information between them to speed up the analysis. We have implemented SYMBA and evaluated it on a large number of optimization benchmarks drawn from program analysis tasks. Our results indicate the power and efficiency of SYMBA in comparison with competing approaches, and highlight the importance of its multi-objective-function feature.

[1]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[2]  Sanjit A. Seshia,et al.  Combinatorial sketching for finite programs , 2006, ASPLOS XII.

[3]  Thomas G. Dietterich What is machine learning? , 2020, Archives of Disease in Childhood.

[4]  Alberto Griggio,et al.  The MathSAT5 SMT Solver , 2013, TACAS.

[5]  HriţcuCătălin,et al.  Semantic subtyping with an smt solver , 2012 .

[6]  Viktor Kuncak,et al.  Constraints as control , 2012, POPL '12.

[7]  Egon Balas,et al.  programming: Properties of the convex hull of feasible points * , 1998 .

[8]  Clark W. Barrett,et al.  The SMT-LIB Standard Version 2.0 , 2010 .

[9]  Mary Sheeran,et al.  A Tutorial on Stålmarck's Proof Procedure for Propositional Logic , 2000, Formal Methods Syst. Des..

[10]  Sumit Gulwani,et al.  Synthesis of loop-free programs , 2011, PLDI '11.

[11]  Andrew D. Gordon,et al.  Semantic subtyping with an SMT solver , 2010, ICFP '10.

[12]  William R. Harris,et al.  Program analysis via satisfiability modulo path programs , 2010, POPL '10.

[13]  Ashutosh Gupta,et al.  Solving Recursion-Free Horn Clauses over LI+UIF , 2011, APLAS.

[14]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[15]  Andrey Rybalchenko,et al.  Synthesizing software verifiers from proof rules , 2012, PLDI.

[16]  Sagar Chaki,et al.  Efficient Predicate Abstraction of Program Summaries , 2011, NASA Formal Methods.

[17]  Ralph E. Gomory,et al.  Outline of an Algorithm for Integer Solutions to Linear Programs and An Algorithm for the Mixed Integer Problem , 2010, 50 Years of Integer Programming.

[18]  Bruno Dutertre,et al.  A Fast Linear-Arithmetic Solver for DPLL(T) , 2006, CAV.

[19]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[20]  David Monniaux,et al.  Automatic modular abstractions for template numerical constraints , 2009, Log. Methods Comput. Sci..

[21]  John C. Platt,et al.  Fast training of support vector machines using sequential minimal optimization, advances in kernel methods , 1999 .

[22]  Sriram K. Rajamani,et al.  Compositional may-must program analysis: unleashing the power of alternation , 2010, POPL '10.

[23]  Ruzica Piskac,et al.  Automating Separation Logic Using SMT , 2013, CAV.

[24]  Roberto Bruttomesso,et al.  The MathSAT 4SMT Solver , 2008, CAV.

[25]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[26]  Henny B. Sipma,et al.  Scalable Analysis of Linear Systems Using Mathematical Programming , 2005, VMCAI.

[27]  Christopher Ré,et al.  Tuffy: Scaling up Statistical Inference in Markov Logic Networks using an RDBMS , 2011, Proc. VLDB Endow..

[28]  Laure Gonnord,et al.  Using Bounded Model Checking to Focus Fixpoint Iterations , 2011, SAS.

[29]  Nikolaj Bjørner,et al.  Program Verification as Satisfiability Modulo Theories , 2013, SMT@IJCAR.

[30]  Albert Oliveras,et al.  On SAT Modulo Theories and Optimization Problems , 2006, SAT.

[31]  Aws Albarghouthi,et al.  Beautiful Interpolants , 2013, CAV.

[32]  Sumit Gulwani,et al.  Oracle-guided component-based program synthesis , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[33]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[34]  Dirk Beyer,et al.  Software model checking via large-block encoding , 2009, 2009 Formal Methods in Computer-Aided Design.

[35]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[36]  Viorica Sofronie-Stokkermans,et al.  Constraint solving for interpolation , 2007, J. Symb. Comput..

[37]  Roberto Sebastiani,et al.  Optimization in SMT with LA(Q) Cost Functions , 2012 .

[38]  R. Raman,et al.  Modelling and computational techniques for logic based integer programming , 1994 .

[39]  Sriram K. Rajamani,et al.  The SLAM Toolkit , 2001, CAV.

[40]  David Monniaux,et al.  Automatic modular abstractions for linear constraints , 2008, POPL '09.

[41]  Java Binding,et al.  GNU Linear Programming Kit , 2011 .

[42]  Thomas W. Reps,et al.  A Method for Symbolic Computation of Abstract Operations , 2012, CAV.

[43]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, POPL.

[44]  P. Barth A Davis-Putnam based enumeration algorithm for linear pseudo-Boolean optimization , 1995 .

[45]  Cesare Tinelli,et al.  Satisfiability Modulo Theories , 2021, Handbook of Satisfiability.

[46]  Patrick Maxim Rondon,et al.  Liquid types , 2008, PLDI '08.

[47]  Dirk Beyer,et al.  Competition on Software Verification - (SV-COMP) , 2012, TACAS.

[48]  Thomas W. Reps,et al.  Bilateral Algorithms for Symbolic Abstraction , 2012, SAS.

[49]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[50]  Sriram K. Rajamani,et al.  Combining Relational Learning with SMT Solvers Using CEGAR , 2013, CAV.

[51]  Alberto Griggio,et al.  Satisfiability Modulo the Theory of Costs: Foundations and Applications , 2010, TACAS.

[52]  Marsha Chechik,et al.  Ufo: A Framework for Abstraction- and Interpolation-Based Software Verification , 2012, CAV.

[53]  Patrice Godefroid,et al.  SAGE: Whitebox Fuzzing for Security Testing , 2012, ACM Queue.

[54]  Juan Chen,et al.  Secure distributed programming with value-dependent types , 2011, Journal of Functional Programming.

[55]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[56]  Carsten Sinz,et al.  LLBMC: Improved Bounded Model Checking of C Programs Using LLVM - (Competition Contribution) , 2013, TACAS.

[57]  K. Rustan M. Leino,et al.  BoogiePL: A typed procedural language for checking object-oriented programs , 2005 .

[58]  Thomas W. Reps,et al.  Symbolic Implementation of the Best Transformer , 2004, VMCAI.

[59]  Ignacio E. Grossmann,et al.  A cutting plane method for solving linear generalized disjunctive programming problems , 2005, Comput. Chem. Eng..

[60]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[61]  Cesare Tinelli,et al.  DPLL( T): Fast Decision Procedures , 2004, CAV.