ruzica piskac max planck institute for software systems, germany
TRANSCRIPT
![Page 1: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/1.jpg)
Software Synthesis
Ruzica Piskac
Max Planck Institute for Software Systems, Germany
![Page 2: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/2.jpg)
What is a Program?
• Program = a sequence of commands describing what needs to be done
val bigSet = ....
val (setA, setB) = choose((a: Set, b: Set) ) => ( a.size == b.size && a union b == bigSet && a intersect b == empty))
Codeval n = bigSet.size/2val setA = take(n, bigSet)val setB = bigSet −− setA
![Page 3: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/3.jpg)
What is a Program?
• Program = a sequence of commands describing what needs to be done
val bigSet = ....
val (setA, setB) = choose((a: Set, b: Set) ) => ( a.size == b.size && a union b == bigSet && a intersect b == empty))
Codeassert (bigSet.size is an even number)val n = bigSet.size/2val setA = take(n, bigSet)val setB = bigSet −− setA
![Page 4: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/4.jpg)
Sorting algorithm
• Why should we sort data?
• Practical exercise:– Form a line, where you are sorted by your first
name, from Aaron to Zoe
![Page 5: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/5.jpg)
Arrays
• Data structure:
• A[0] = 23, A[1]=4, A[2]=6, A[3]=15, A[4]=5, A[5]=7
![Page 6: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/6.jpg)
Specification
• Array a2 is a sorted version of array a1
• Define the counting function
∀ 𝑖 , 𝑗 .𝑖≤ 𝑗→𝑎2 [ 𝑖 ] ≤𝑎2[ 𝑗]
∀ 𝑖 .𝑐𝑜𝑢𝑛𝑡 (𝑎1 [ 𝑖 ] ,𝑎1 )=𝑐𝑜𝑢𝑛𝑡 (𝑎2 [ 𝑖 ] ,𝑎2 )and
𝑐𝑜𝑢𝑛𝑡 (𝑒 ,𝑎)=∑𝑖
𝑖𝑡𝑒 (𝑎 [𝑖 ]¿¿𝑒 ;1,0)¿
![Page 7: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/7.jpg)
• decision procedure answers whether the input formula is satisfiable or not formula is satisfiable for x=0, y=1 formula is unsatisfiable
Automated Reasoning
7
formula in some logic
theorem proverbased on
DECISION PROCEDURES
satisfiable(model)
unsatisfiable (proof)
11 yxyx
yx
![Page 8: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/8.jpg)
Synthesis for Linear Integer Arithmetic
choose((h: Int, m: Int, s: Int) (⇒ h * 3600 + m * 60 + s == totalSeconds && h ≥ 0 && m ≥ 0 && m < 60 && s ≥ 0 && s < 60 ))
Returned code:
assert (totalSeconds ≥ 0) val h = totalSeconds div 3600val temp = totalSeconds + (-3600) * hval m = min(temp div 60, 59)val s = totalSeconds + (-3600) * h + (-60) * m
![Page 9: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/9.jpg)
Linear Integer Arithmetic - Equalities
9
Z
dstotalSecons
m
h
,|0
0
60
1
0
3600
0
1
Code:<further code will come here>val h = lambdaval m = muval val s = totalSeconds + (-3600) * lambda + (-60) * mu
h * 3600 + m * 60 + s == totalSeconds
![Page 10: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/10.jpg)
Linear Integer Arithmetic - Equalities
10
h * 3600 + m * 60 + s == totalSeconds
10
Z
dstotalSecons
m
h
,|0
0
60
1
0
3600
0
1
Resulting formula (new specifications):
0 ≤ λ, 0 ≤ μ, μ ≤ 59, 0 ≤ totalSeconds – 3600λ - 60μ,totalSeconds – 3600λ - 60μ ≤ 59
![Page 11: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/11.jpg)
Linear Integer Arithmetic - Inequalities
expressing constraints as bounds on μ
0 ≤ λ, 0 ≤ μ, μ ≤ 59, 0 ≤ totalSeconds – 3600λ - 60μ,totalSeconds – 3600λ - 60μ ≤ 59
0 ≤ λ, 0 ≤ μ, μ ≤ 59, μ ≤ (⌊ totalSeconds – 3600λ)/60⌋ ,⌈(totalSeconds – 3600λ – 59)/60⌉ ≤ μ
Code:
val mu = min(59, (totalSeconds -3600* lambda) div 60)11
![Page 12: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/12.jpg)
Linear Integer Arithmetic - Inequalities
combine each lower and upper bound
basic simplifications Code:
val lambda = totalSeconds div 3600
Preconditions: 0 ≤ totalSeconds
0 ≤ λ, 0 ≤ μ, μ ≤ 59, μ ≤ (⌊ totalSeconds – 3600λ)/60⌋ ,⌈(totalSeconds – 3600λ – 59)/60⌉ ≤ μ
0 ≤ λ, 0 ≤ 59, 0 ≤ (⌊ totalSeconds – 3600λ)/60⌋ ,⌈(totalSeconds – 3600λ – 59)/60⌉ ≤ (⌊ totalSeconds – 3600λ)/60⌋ ,⌈(totalSeconds – 3600λ – 59)/60⌉ ≤ 59
0 ≤ λ, 60λ ≤ ⌊totalSeconds /60⌋,⌈(totalSeconds –59)/60⌉ – 59 ≤ 60λ
12
![Page 13: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/13.jpg)
Synthesis for Sets
• Observation:– Reasoning about collections reduces to
reasoning about linear integer arithmetic!
13
a.size == b.size && a union b == bigSet && a intersect b == empty
ab
bigSet
![Page 14: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/14.jpg)
Synthesis for Sets
• Observation:– Reasoning about collections reduces to
reasoning about linear integer arithmetic!
a.size == b.size && a union b == bigSet && a intersect b == empty
ab
bigSet
![Page 15: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/15.jpg)
Synthesis for Sets
• Observation:– Reasoning about collections reduces to
reasoning about linear integer arithmetic!
15
a.size == b.size && a union b == bigSet && a intersect b == empty
ab
bigSet
![Page 16: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/16.jpg)
Synthesis for Sets
• Observation:– Reasoning about collections reduces to
reasoning about linear integer arithmetic!
16
a.size == b.size && a union b == bigSet && a intersect b == empty
ab
bigSet
New specification:
kA = kB
![Page 17: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/17.jpg)
Synthesis for Sets
• Observation:– Reasoning about collections reduces to
reasoning about linear integer arithmetic!
17
a.size == b.size && a union b == bigSet && a intersect b == empty
ab
bigSet
New specification:
kA = kB && kA +kB = |bigSet|
![Page 18: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/18.jpg)
Synthesis: Applications
• Automatic code completion• Flash Fill feature in the new Microsoft
Excell (video!)– Available at: http
://research.microsoft.com/en-us/um/people/sumitg/flashfillextensions.wmv
![Page 19: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/19.jpg)
![Page 20: Ruzica Piskac Max Planck Institute for Software Systems, Germany](https://reader034.vdocument.in/reader034/viewer/2022042718/56649f335503460f94c5094c/html5/thumbnails/20.jpg)
InSynth
• InSynth – a tool for synthesis of code fragments (snippets)– interactive
• getting results in a short amount of time• multiple solutions – a user needs to select
– component based• assemble program from given components (local
values, API)
– partial specification • hard constraints – type constraints• soft constraints - use of components “most likely” to
be useful