Ruzica Piskac Max Planck Institute for Software Systems, Germany.

Software Synthesis

Ruzica Piskac

Max Planck Institute for Software Systems, Germany

What is a Program?

• Program = a sequence of commands describing what needs to be done

val bigSet = ....

val (setA, setB) = choose((a: Set, b: Set) ) => ( a.size == b.size && a union b == bigSet && a intersect b == empty))

Codeval n = bigSet.size/2val setA = take(n, bigSet)val setB = bigSet −− setA

What is a Program?

• Program = a sequence of commands describing what needs to be done

val bigSet = ....

val (setA, setB) = choose((a: Set, b: Set) ) => ( a.size == b.size && a union b == bigSet && a intersect b == empty))

Codeassert (bigSet.size is an even number)val n = bigSet.size/2val setA = take(n, bigSet)val setB = bigSet −− setA

Sorting algorithm

• Why should we sort data?

• Practical exercise:– Form a line, where you are sorted by your first

name, from Aaron to Zoe

Arrays

• Data structure:

• A[0] = 23, A[1]=4, A[2]=6, A[3]=15, A[4]=5, A[5]=7

Specification

• Array a2 is a sorted version of array a1

• Define the counting function

∀ 𝑖 , 𝑗 .𝑖≤ 𝑗→𝑎2 [ 𝑖 ] ≤𝑎2[ 𝑗]

∀ 𝑖 .𝑐𝑜𝑢𝑛𝑡 (𝑎1 [ 𝑖 ] ,𝑎1 )=𝑐𝑜𝑢𝑛𝑡 (𝑎2 [ 𝑖 ] ,𝑎2 )and

𝑐𝑜𝑢𝑛𝑡 (𝑒 ,𝑎)=∑𝑖

𝑖𝑡𝑒 (𝑎 [𝑖 ]¿¿𝑒 ;1,0)¿

• decision procedure answers whether the input formula is satisfiable or not formula is satisfiable for x=0, y=1 formula is unsatisfiable

Automated Reasoning

7

formula in some logic

theorem proverbased on

DECISION PROCEDURES

satisfiable(model)

unsatisfiable (proof)

11 yxyx

yx

Synthesis for Linear Integer Arithmetic

choose((h: Int, m: Int, s: Int) (⇒ h * 3600 + m * 60 + s == totalSeconds && h ≥ 0 && m ≥ 0 && m < 60 && s ≥ 0 && s < 60 ))

Returned code:

assert (totalSeconds ≥ 0) val h = totalSeconds div 3600val temp = totalSeconds + (-3600) * hval m = min(temp div 60, 59)val s = totalSeconds + (-3600) * h + (-60) * m

Linear Integer Arithmetic - Equalities

9

Z

dstotalSecons

m

h

,|0

0

60

1

0

3600

0

1

Code:<further code will come here>val h = lambdaval m = muval val s = totalSeconds + (-3600) * lambda + (-60) * mu

h * 3600 + m * 60 + s == totalSeconds

Linear Integer Arithmetic - Equalities

10

h * 3600 + m * 60 + s == totalSeconds

10

Z

dstotalSecons

m

h

,|0

0

60

1

0

3600

0

1

Resulting formula (new specifications):

0 ≤ λ, 0 ≤ μ, μ ≤ 59, 0 ≤ totalSeconds – 3600λ - 60μ,totalSeconds – 3600λ - 60μ ≤ 59

Linear Integer Arithmetic - Inequalities

expressing constraints as bounds on μ

0 ≤ λ, 0 ≤ μ, μ ≤ 59, 0 ≤ totalSeconds – 3600λ - 60μ,totalSeconds – 3600λ - 60μ ≤ 59

0 ≤ λ, 0 ≤ μ, μ ≤ 59, μ ≤ (⌊ totalSeconds – 3600λ)/60⌋ ,⌈(totalSeconds – 3600λ – 59)/60⌉ ≤ μ

Code:

val mu = min(59, (totalSeconds -3600* lambda) div 60)11

Linear Integer Arithmetic - Inequalities

combine each lower and upper bound

basic simplifications Code:

val lambda = totalSeconds div 3600

Preconditions: 0 ≤ totalSeconds

0 ≤ λ, 0 ≤ μ, μ ≤ 59, μ ≤ (⌊ totalSeconds – 3600λ)/60⌋ ,⌈(totalSeconds – 3600λ – 59)/60⌉ ≤ μ

0 ≤ λ, 0 ≤ 59, 0 ≤ (⌊ totalSeconds – 3600λ)/60⌋ ,⌈(totalSeconds – 3600λ – 59)/60⌉ ≤ (⌊ totalSeconds – 3600λ)/60⌋ ,⌈(totalSeconds – 3600λ – 59)/60⌉ ≤ 59

0 ≤ λ, 60λ ≤ ⌊totalSeconds /60⌋,⌈(totalSeconds –59)/60⌉ – 59 ≤ 60λ

12

Synthesis for Sets

• Observation:– Reasoning about collections reduces to

reasoning about linear integer arithmetic!

13

a.size == b.size && a union b == bigSet && a intersect b == empty

ab

bigSet

Synthesis for Sets

• Observation:– Reasoning about collections reduces to

reasoning about linear integer arithmetic!

a.size == b.size && a union b == bigSet && a intersect b == empty

ab

bigSet

Synthesis for Sets

• Observation:– Reasoning about collections reduces to

reasoning about linear integer arithmetic!

15

a.size == b.size && a union b == bigSet && a intersect b == empty

ab

bigSet

Synthesis for Sets

• Observation:– Reasoning about collections reduces to

reasoning about linear integer arithmetic!

16

a.size == b.size && a union b == bigSet && a intersect b == empty

ab

bigSet

New specification:

kA = kB

Synthesis for Sets

• Observation:– Reasoning about collections reduces to

reasoning about linear integer arithmetic!

17

a.size == b.size && a union b == bigSet && a intersect b == empty

ab

bigSet

New specification:

kA = kB && kA +kB = |bigSet|

Synthesis: Applications

• Automatic code completion• Flash Fill feature in the new Microsoft

Excell (video!)– Available at: http

://research.microsoft.com/en-us/um/people/sumitg/flashfillextensions.wmv

InSynth

• InSynth – a tool for synthesis of code fragments (snippets)– interactive

• getting results in a short amount of time• multiple solutions – a user needs to select

– component based• assemble program from given components (local

values, API)

– partial specification • hard constraints – type constraints• soft constraints - use of components “most likely” to

be useful