Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implicit Programming Viktor Kuncak PhD MIT, 2007

Published byAlan Wilkerson Modified over 6 years ago

Similar presentations

Presentation on theme: "Implicit Programming Viktor Kuncak PhD MIT, 2007"— Presentation transcript:

1 Implicit Programming Viktor Kuncak PhD MIT, 2007
As of June 2012 this research is funded with a 1.4M EUR grant from ERC Viktor Kuncak PhD MIT, 2007 I will tell you about implicit programming. I am assistant professor at the Swiss Federal Institute of Technology, where I have been since 2007 when I received my doctorate from the MIT. Swiss Federal Institute of Technology Lausanne

2 GOAL Help people construct software that does what they expect.
The goal of this work is to help people construct software, and more specifically software that meets their expectations. We are thus motivated by both productivity of developers, but also correctness of the constructed software. Personal approach: embrace PL techniques focus on algorithms and tools

3 Problem (elephant in the room)
Programming is hard, because computation is given explicitly (how) Claim: We can make it easier, if we support implicit computation If you ever wrote a program then you know that programming is hard, in the sense of being tedious and error prone. This is in part because programmers must still specify programs through explicit computation steps. We claim that we can make programming much easier by allowing implicit computation. In this way, we will allow people to focus more on WHAT goals they wish to achieve instead of HOW they wish to achieve them. (what)

4 computational realizations
human intentions Implicit Programming GAP functional languages Existing Technology Our effort addresses a long-standing challenge of bridging the gap between human intentions and their realizations on computing devices. Over past decades the community has made great progress on this front by building hardware and software abstractions and languages. We no longer need to program in assembly or manually manage memory in programs. Yet a significant gap remains, and this is what we plan to address. By making progress in this direction, we aim to not only increase the productivity of today’s developers, but also help many more people in the society do a form of programming, and thus help them realize the potential of computing technologies. So, how do we plan to do this? computational realizations

5 computational realizations
human intentions 2) Empowering Users specifications IMPRO 1) Synthesis Procedures functional languages At the center of our approach are specifications, as a precise language for expressing computational intentions. Using these specifications as a bridge, we will establish connections with current high-level programming languages on the one side, and with the less formal notion of human intentions on the other side. We will bridge the gap between specifications and high-level languages using the concept of synthesis procedures, which are based on the satisfiability modulo theories technology. Synthesis procedures are the core concept of this proposal. computational realizations

6 1) Synthesis Procedures
= compiler for specifications constraint between inputs and outputs (from a decidable class) spec(I,O) Synthesis Procedure for this class O = f(I) computable function from inputs to outputs In a nutshell, synthesis procedure is a compiler for specifications. Each synthesis procedure is specialized for a particular class of constraints (much like the related concept of decision procedure). A synthesis procedure takes a constraint expressing a relationship between inputs and outputs, and produces a computable function that maps inputs to outputs. We aim to systematically study synthesis procedures for a number of classes, or domains. This includes numeric domains, such as integer linear arithmetic, where we already have initial results. Due to their application to cyber-physical systems, I am excited about synthesis for approximations of real numbers as well, where we made first steps in automating rigorous bounds on approximation when using floating point numbers. Symbolic computation is equally important, and here we have experience in new decision procedures and their combination methods that we plan to leverage. How do we plan to design synthesis procedures? Numeric domains: linear integers, reals (PLDI’10, OOPSLA’11) Symbolic domains: Calculus of Data Structures (VMCAI’10,CSL’10)

7 Synthesis Procedures: Methodology
SMT = Satisfiability Modulo Theories Extended SAT solving to constraint solving on infinite domains Led to a revolution in software verification and testing We propose: use SMT for computation Partial evaluation: lift satisfiability technology to synthesis Analogous to compilation, but more difficult Specialize a decision procedure invocation to a given constraint Quantifier elimination Constructive proof gives witness terms, which act as programs Feasibility studies: PLDI’10, STTT’12, CACM’12 Modular construction of synthesis procedures 1) Lift Nelson-Oppen combination method to synthesis (Nelson’80) 2) Merge ranked streams of solutions – solution set synthesis Logic Programming : Resolution = Implicit Programming : SMT One reason why it is good time to do this research now are the advances in the field of automated reasoning, specifically in “Satisfiability Modulo Theories” solvers. These solvers leverage the success in SAT solvers and extend them with constraint solving over specialized, often infinite, domains, such as integers and trees. This technology has already revolutionized verification and testing, and what we propose is to use it for computation itself. Much like logic programming is based on resolution for first-order logic, implicit programming will be based on SMT solving technology. To transfer this technology from satisfiability checking to synthesis, we will approach the problem analogously to compilation. A constraint solver can be viewed as an interpreter for a constraint. To obtain a synthesis procedure, we transform this interpreter into a compiler, applying the ideas of partial evaluation. A particular class of constraints are those admitting quantifier elimination; here we can perform synthesis by collecting witness terms of quantified variables. We have shown feasibility of this approach already. Much like SMT technology, the key to feasibility of synthesis procedures as a research direction is the ability to construct them modularly, by composing synthesis procedures for simpler parts. (To achieve this, we can both lift the combination method for SMT, but also develop synthesis of procedures that enumerate all solutions, which makes them more composable.)

8 2) Empowering Users Application customization: modify an application through feedback on its behavior, e.g. Change layout/text/parameters Change the order of actions Programming by demonstration: learning Development assistance tools Synthesis of code snippets: Ambiguous input handling Programs that are almost correct (repair) Specifications written in natural language Prototype language under development Revisit a combination of NLP and PL techniques Coming back to the overall goal of the project, the second aspect is empowering users to derive specifications from their intentions. The general strategy is to develop systems that combine automation and user interaction. The first step in this direction is to help developers directly manipulate applications by interacting with it as it is executing, which we claim is more concrete and more intuitive. We need to develop techniques that allow users to do customization without breaking things too much, by ensuring that key consistency invariants of the application are maintained. To derive complex behaviors we need to work on learning algorithms and tools that generalize concrete and symbolic demonstrations (examples) to programs. Going further, to enable developers to compose new applications from components, we will develop development environments that can automatically suggest useful combinations of existing functionalities, working interactively with users. Finally, to match the informal nature of human communication, we will explore the ability of programming systems to handle ambiguous inputs, such as programs with syntactic and semantic errors, and specifications expressed in natural language.

9 Implicit Programming Human-friendly and verification-friendly computation Programming with implicit specifications Synthesis procedures: compile implicit specs into code Build on advances in SAT and decision procedures – SMT Quantifier elimination, partial evaluation, modularity Deploy specifications into programming languages Just-in-time synthesis for efficiency Strengthening specifications using static analysis Validation of code containing implicit computation Help developers construct specifications Run-time application customization and manipulation Programming assistance tools Ambiguous inputs as specification source In conclusion, implicit programming aims both to be more accessible for humans, and to lead to reliable software. Its basis is programming with specifications, which we will make possible through the concept of synthesis procedures. We will deploy these procedures by embedding specifications into more conventional programming languages. We will develop static analysis and just-in-time compilation for specifications to make the execution efficient. The use of specifications will make the correctness arguments about the application more amenable to automation. To help developers to arrive at specifications, we will allow them to program by demonstration, provide them with code assistance tools, and allow them to use ambiguous specifications such as natural language.

10 Approach: Constraint Solving
Run-time checking: very useful: C(t) Verification that functions meet contracts or algebraic statements:  x. C(x) Falsification: produce a counterexample when the verification fails: find x such that  C(x) Computation: compute any (best) value that satisfies a given constraint: find x such that C(x) Test generation: enumerate inputs that satisfy given precondition: find all x such that C(x) Synthesis: specialize constraint solver for a given constraint: find f such that x.C(x,f(x))

11 A Hierarchy of Functional Data Types
tree bag (multiset) elems (tree fold) setof msetsize set treesize (tree fold) 7 setsize Supports most of the natural operations on data types and homomorphisms between them 3

12 Two Constraint Solving Techniques
Constraints with recursive functions: Leon algorithm for solving computable constraints (POPL’10, SAS’11, POPL’12) Constraints on bags, sets, and sizes: optimal complexity through sparse encoding into integer linear programs (JAR’06, CADE’07, VMCAI’08, CAV’08, VMCAI’10,VMCAI’11,CSL’11)

13 Results for Fully Automatic Verification
Benchmark LoC #Funs. #VCs. Time (s) ListOperations 107 15 27 0.76 AssociativeList 50 5 11 0.23 InsertionSort 99 6 0.42 RedBlackTrees 117 24 3.73 PropositionalLogic 86 9 23 2.36 AmortizedQueue 124 14 32 3.37 VSComp 94 0.79 677 71 155 11.66 - (Updated w.r.t. SAS 2011 published results.) Functional correctness properties of data structures: red-black trees implement a set and maintain height invariants, associative list has read-over-write property, insertion sort returns a sorted list of identical content, amortized queue implements a balanced queue, etc.

14 Executing specifications
def insert(x : Int, t : Tree) = choose(t1:Tree => isRBT(t1) && content(t1) = content(t) ++ Set(x)) def remove(x : Int, t : Tree) = choose(t1:Tree => isRBT(t1) && content(t1)=content(t) – Set(x)) The biggest expected payoff: declarative knowledge is more reusable

15 Synthesis

16 Synthesis for Arithmetic
fun secondsToTime totalSeconds = find((h: Int, m: Int, s: Int) ⇒ ( h * m * 60 + s == totalSeconds && h ≥ 0 && m ≥ 0 && m < 60 && s ≥ 0 && s < 60)).find fun secondsToTime totalSeconds = let t1 = let t2 = let t3 = let t4 = (t1, t3, t4) ? An actual example that works in our system.

17 Result of Synthesis fun secondsToTime totalSeconds =
find(fn (h, m, s) ⇒ h * m * 60 + s == totalSeconds /\ h ≥ 0 /\ m ≥ 0 /\ m < 60 /\ s ≥ 0 /\ s < ) fun secondsToTime totalSeconds = let t1 = totalSeconds div 3600 in let t2 = totalSeconds * t1 in let t3 = t2 div 60 in let t4 = totalSeconds * t * t3 in (t1, t3, t4) An actual example that works in our system. Implemented as an extension of the Scala compiler.

18 Properties of Synthesis Algorithm
For every formula in linear integer arithmetic synthesis algorithm terminates produces the most general precondition (assertion saying when result exists) generated code gives correct values whenever correct values exist If there are multiple or no solutions for some parameters, we get a warning Extended to arithmetic pattern matching Extended to sets with cardinalities Handling bitwise operations (FMCAD'10, IJCAR'12)

19 Interactive Synthesis within an IDE

20 Interactive Synthesis within an IDE

21 Conclusions http://lara.epfl.ch/~kuncak Project: Implicit Programming
requirements Project: Implicit Programming Compiling Specifications Helping People Construct Specifications Expertise: advancing constraint solving theory and practice to enable Verification Falsification Computation Test generation Synthesis Development within IDE End-user programming Constraints Solvers and synthesizers 42

22 also: Scala effect analysis tool

23 Doctoral Students Eva Darulová Tihomir Gvero Hossein Hojjat
Etienne Kneuss Giuliano Losa (with Rachid Guerraoui) Andrej Spielmann (with Christoph Koch) Philippe Suter (soon joining a research lab) PhD Alumni: Ruzica Piskac Tenure-track faculty at the Max-Planck Institute

Download ppt "Implicit Programming Viktor Kuncak PhD MIT, 2007"

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.

Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.
Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”

Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Satisfiability Modulo Theories (An introduction)

Satisfiability Modulo Theories (An introduction)
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Verification of Functional Programs in Scala Philippe Suter (joint work w/ Ali Sinan Köksal and Viktor Kuncak) ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE,

Verification of Functional Programs in Scala Philippe Suter (joint work w/ Ali Sinan Köksal and Viktor Kuncak) ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE,
Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.

Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.

1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.
Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.
Algorithms and Problem Solving-1 Algorithms and Problem Solving.

Algorithms and Problem Solving-1 Algorithms and Problem Solving.
Algorithms and Problem Solving. Learn about problem solving skills Explore the algorithmic approach for problem solving Learn about algorithm development.

Algorithms and Problem Solving. Learn about problem solving skills Explore the algorithmic approach for problem solving Learn about algorithm development.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.

1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.
End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI 48019-2122.

End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI
Maria-Cristina Marinescu Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology A Synthesis Algorithm for Modular Design of.

Maria-Cristina Marinescu Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology A Synthesis Algorithm for Modular Design of.
GENERAL CONCEPTS OF OOPS INTRODUCTION With rapidly changing world and highly competitive and versatile nature of industry, the operations are becoming.

GENERAL CONCEPTS OF OOPS INTRODUCTION With rapidly changing world and highly competitive and versatile nature of industry, the operations are becoming.

Similar presentations

Ads by Google