Bonsai: synthesis-based reasoning for type systems

Chandra, Kartik; Bodík, Rastislav

doi:10.1145/3158150

Cited by 9 publications

(7 citation statements)

References 55 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As we show later, to bypass the challenge of complex SMT constraints that are generated by a faithful interpretation of a traversal's semantics, a scalable approach to solve the placement and resource allocation problems is to use ILP to map the computation rules to the available slots in the traversal [15,36]. Definition 3.7.…”

Section: Domainsmentioning

confidence: 99%

See 1 more Smart Citation

Tree traversal synthesis using domain-specific symbolic compilation

Chen

Liu

et al. 2022

Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

Self Cite

View full text Add to dashboard Cite

Efficient computation on tree data structures is important in compilers, numeric computations, and web browser layout engines. Efficiency is achieved by statically scheduling the computation into a small number of tree traversals and by performing the traversals in parallel when possible. Manual design of such traversals leads to bugs, as observed in web browsers. Automatic schedulers avoid these bugs but they currently cannot explore a space of legal traversals, which prevents exploring the trade-offs between parallelism and minimizing the number of traversals.We describe Hecate, a synthesizer of tree traversals that can produce both serial and parallel traversals. A key feature is that the synthesizer is extensible by the programmer who can define a template for new kinds of traversals. Hecate is constructed as a solver-aided domain-specific language, meaning that the synthesizer is generated automatically by translating the tree traversal DSL to an SMT solver that synthesizes the traversals. We improve on the general-purpose solver-aided architecture with a schedulingspecific symbolic evaluation that maintains the engineering advantages solver-aided design but generates efficient ILP encoding that is much more efficient to solve than SMT constraints.On the set of Grafter problems, Hecate synthesizes traversals that trade off traversal fusion to exploit parallelism. Additionally, Hecate allows defining a tree data structure with an arbitrary number of children. Together, parallelism and data structure improvements accelerate the computation 2× on a tree rendering problem. Finally, Hecate's domain-specific symbolic compilation accelerates synthesis 3× compared to the general-purpose compilation to an SMT solver; when scheduling a CSS engine traversal, this ILP-based synthesis executes orders of magnitude faster. CCS CONCEPTS• Software and its engineering → Automatic programming.

show abstract

Section: Domainsmentioning

confidence: 99%

“…If the formula is satisfiable, the verifier then returns a counterexample to the synthesizer that will look for another candidate. Similar to prior work in Neo [20] and Bonsai [15], our symbolic tree t𝑟 is encoded as a bounded 𝑚-ary tree derived from the attribute grammar. We omit the details since it is not the main contribution.…”

Section: System Overviewmentioning

confidence: 99%

Tree traversal synthesis using domain-specific symbolic compilation

Chen

Liu

et al. 2022

Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…One approach is to sample from these domains, and this can be done relatively easily. Unfortunately, this is rarely fruitful as, with high probability, all programs sampled are invalid (i.e., do not type and borrow check) [30]. Thus, a borrow checker that returned £ ¢ ¡ false in all cases would appear effective.…”

Section: Constrained Program Domainsmentioning

confidence: 99%

A Lightweight Formalism for Reference Lifetimes and Borrowing in Rust

Pearce

2021

ACM Trans. Program. Lang. Syst.

View full text Add to dashboard Cite

Rust is a relatively new programming language that has gained significant traction since its v1.0 release in 2015. Rust aims to be a systems language that competes with C/C++. A claimed advantage of Rust is a strong focus on memory safety without garbage collection. This is primarily achieved through two concepts, namely, reference lifetimes and borrowing . Both of these are well-known ideas stemming from the literature on region-based memory management and linearity / uniqueness . Rust brings both of these ideas together to form a coherent programming model. Furthermore, Rust has a strong focus on stack-allocated data and, like C/C++ but unlike Java, permits references to local variables. Type checking in Rust can be viewed as a two-phase process: First, a traditional type checker operates in a flow-insensitive fashion; second, a borrow checker enforces an ownership invariant using a flow-sensitive analysis. In this article, we present a lightweight formalism that captures these two phases using a flow-sensitive type system that enforces “ type and borrow safety .” In particular, programs that are type and borrow safe will not attempt to dereference dangling pointers. Our calculus core captures many aspects of Rust, including copy- and move-semantics, mutable borrowing, reborrowing, partial moves, and lifetimes. In particular, it remains sufficiently lightweight to be easily digested and understood and, we argue, still captures the salient aspects of reference lifetimes and borrowing. Furthermore, extensions to the core can easily add more complex features (e.g., control-flow, tuples, method invocation). We provide a soundness proof to verify our key claims of the calculus. We also provide a reference implementation in Java with which we have model checked our calculus using over 500B input programs. We have also fuzz tested the Rust compiler using our calculus against 2B programs and, to date, found one confirmed compiler bug and several other possible issues.

show abstract

“…Poor choice of data structures is another frequent source of performance problems in solver-aided programs. Some common programming patterns, such as tree manipulations, require careful data structure design (see, e.g., [Chandra and Bodik 2018]) to yield an effective symbolic encoding. In general, performance issues arise when the representation of a data type is irregular (e.g., a list of length one or two), increasing the number of paths that need to be evaluated to operate on a symbolic instance of that type.…”

Section: Three Anti-patterns In Solver-aided Programsmentioning

confidence: 99%

“…Type System Soundness Checking. Bonsai [Chandra and Bodik 2018] is a synthesis-based tool for checking the soundness of type systems. It uses a novel tree representation for type checking, and has been used to replicate a soundness bug in the Scala type system.…”

Section: Other Findingsmentioning

confidence: 99%

Finding code that explodes under symbolic evaluation

Bornholt

Torlak

2018

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Solver-aided tools rely on symbolic evaluation to reduce programming tasks, such as verification and synthesis, to satisfiability queries. Many reusable symbolic evaluation engines are now available as part of solver-aided languages and frameworks, which have made it possible for a broad population of programmers to create and apply solver-aided tools to new domains. But to achieve results for real-world problems, programmers still need to write code that makes effective use of the underlying engine, and understand where their code needs careful design to elicit the best performance. This task is made difficult by the all-paths execution model of symbolic evaluators, which defies both human intuition and standard profiling techniques. This paper presents symbolic profiling, a new approach to identifying and diagnosing performance bottlenecks in programs under symbolic evaluation. To help with diagnosis, we develop a catalog of common performance anti-patterns in solver-aided code. To locate these bottlenecks, we develop SymPro, a new profiling technique for symbolic evaluation. SymPro identifies bottlenecks by analyzing two implicit resources at the core of every symbolic evaluation engine: the symbolic heap and symbolic evaluation graph. These resources form a novel performance model of symbolic evaluation that is general (encompassing all forms of symbolic evaluation), explainable (providing programmers with a conceptual framework for understanding symbolic evaluation), and actionable (enabling precise localization of bottlenecks). Performant solver-aided code carefully manages the shape of these implicit structures; SymPro makes their evolution explicit to the programmer. To evaluate SymPro, we implement profilers for the Rosette solver-aided language and the Jalangi program analysis framework. Applying SymPro to 15 published solver-aided tools, we discover 8 previously undiagnosed performance issues. Repairing these issues improves performance by orders of magnitude, and our patches were accepted by the tools' developers. We also conduct a small user study with Rosette programmers, finding that SymPro helps them both understand what the symbolic evaluator is doing and identify performance issues they could not otherwise locate.

show abstract

Bonsai: synthesis-based reasoning for type systems

Cited by 9 publications

References 55 publications

Tree traversal synthesis using domain-specific symbolic compilation

Tree traversal synthesis using domain-specific symbolic compilation

A Lightweight Formalism for Reference Lifetimes and Borrowing in Rust

Finding code that explodes under symbolic evaluation

Contact Info

Product

Resources

About