Shaukat Ali,Tao Yue

DOI: https://doi.org/10.1007/978-3-662-44857-1_2

2014-01-01

Abstract:The use of search algorithms requires the definition of a fitness function that guides the algorithms to find an optimal solution. The definition of a fitness function may require the use of a normalization function for various purposes such as assigning equal importance to various factors constituting a fitness function and normalizing only one factor of a fitness function to give it less/more importance than the others. In our previous work, we defined various branch distance functions (a commonly used heuristic in the literature at the code-level) corresponding to the constructs defined in the Object Constraint Language (OCL) to solve OCL constraints to generate test data for supporting automated Model-Based Testing (MBT). The definition of several of these distance functions required the use of a normalization function. In this paper, we extend the empirical evaluation reported in one of the works in the literature that compares the impact of using various normalization functions for calculating branch distances at the code-level on the performance of search algorithms.The empirical evaluation reported in this paper assesses the impact of the commonly used normalization functions for the branch distance calculation of OCL constraints at the model-level. Results show that for one of the newly studied algorithms Harmony Search (HS) and Random Search (RS), the use of the normalization functions has no impact on the performance of the search. However, HS achieved 100% success rates for all the problems, where RS obtained very poor success rates (less than 38%). Based on the results, we conclude that the randomness in creating a solution in search algorithms may mask the impact of using a normalization function.

Jian Cao,Liyong Lin,Lele Li

2024-08-24

Abstract:Mathematical optimization is ubiquitous in modern applications. However, in practice, we often need to use nonlinear optimization models, for which the existing optimization tools such as Cplex or Gurobi may not be directly applicable and an (error-prone) manual transformation often has to be done. Thus, to address this issue, in this paper we investigate the problem of automatically verifying and synthesizing reductions, the solution of which may allow an automatic linearization of nonlinear models. We show that the synthesis of reductions can be formulated as an $\exists^* \forall^*$ synthesis problem, which can be solved by an SMT solver via the counter-example guided inductive synthesis approach (CEGIS).

Logic in Computer Science,Systems and Control,Optimization and Control

Jianhui Chen,Fei He

DOI: https://doi.org/10.1145/3446211

IF: 3.685

2021-01-01

ACM Transactions on Software Engineering and Methodology

Abstract:Satisfiability modulo theories (SMT) solvers have been widely applied as the reasoning engine for diverse software analysis and verification technologies. The efficiency of the SMT solver has significant effects on the performance of these technologies. However, current SMT solvers are designed for the general purpose of constraint solving. Lots of useful knowledge of programs cannot be utilized during SMT solving. As a result, the SMT solver may spend much effort to explore redundant search space. In this article, we propose a novel approach to utilizing control-flow knowledge in SMT solving. With this technique, the search space can be considerably reduced, and the efficiency of SMT solving is observably improved. We conducted extensive experiments on credible benchmarks. The results show significant improvements of our approach.

Jianhui Chen,Fei He

DOI: https://doi.org/10.1145/3238147.3238218

2018-01-01

Abstract:Satisfiability modulo theories (SMT) solvers have been widely applied as the reasoning engine for diverse software analysis and verification technologies. The efficiency of the SMT solver has significant effects on the performance of these technologies. However, the current SMT solvers are designed for the general purpose of constraint solving. Many useful knowledge of programs cannot be utilized during the SMT solving. As a result, the SMT solver may spend a lot of effort to explore redundant search space. In this paper, we propose a novel approach for utilizing control-flow knowledge in SMT solving. With this technique, the search space can be considerably reduced and the efficiency of SMT solving is observably improved. We conducted extensive experiments on credible benchmarks, the results show orders of magnitude improvements of our approach.

F. Brglez,Matthias F. Stallmann,Xiao Yu,Qing Li

2003-01-01

Abstract:Analysis of our recent experiments for a group of SAT solvers and several classes of problem instances suggests a common mathemat- ical framework with experiments in component reliability. In the latter, we observe the distribution of component lifetime; in the former, we observe the distribution of execution time (runtime). A lifetime distri- bution for hardware components is frequently found to have an expo- nential, Weibull, Pareto, or gamma distribution. Our experiments with state-of-the-art SAT solvers reveal normal distributions and exponential distributions of runtime and other related random variables, as well as other distributions commonly observed in reliability applications. SATbed, an experimental testbed for SAT solvers, emulates the reli- ability framework: equivalence classes of isomorphic problem instances (replicated hardware components), subjected to tests with specific SAT solvers (specifically controlled environments), observations of runtime, implications, etc. (lifetime), statistical analysis and modeling, based on random variable samples. The testbed not only facilitates systematic study and reliable improvement of any SAT solver but also supports the introduction and validation of new problem instance classes.

Ross Tate,Michael Stepp,Zachary Tatlock,Sorin Lerner

DOI: https://doi.org/10.2168/lmcs-7(1:10)2011

2011-03-28

Logical Methods in Computer Science

Abstract:Optimizations in a traditional compiler are applied sequentially, with each optimization destructively modifying the program to produce a transformed program that is then passed to the next optimization. We present a new approach for structuring the optimization phase of a compiler. In our approach, optimizations take the form of equality analyses that add equality information to a common intermediate representation. The optimizer works by repeatedly applying these analyses to infer equivalences between program fragments, thus saturating the intermediate representation with equalities. Once saturated, the intermediate representation encodes multiple optimized versions of the input program. At this point, a profitability heuristic picks the final optimized program from the various programs represented in the saturated representation. Our proposed way of structuring optimizers has a variety of benefits over previous approaches: our approach obviates the need to worry about optimization ordering, enables the use of a global optimization heuristic that selects among fully optimized programs, and can be used to perform translation validation, even on compilers other than our own. We present our approach, formalize it, and describe our choice of intermediate representation. We also present experimental results showing that our approach is practical in terms of time and space overhead, is effective at discovering intricate optimization opportunities, and is effective at performing translation validation for a realistic optimizer.

computer science, theory & methods,logic

Maolin Sun,Yibiao Yang,Yang Wang,Ming Wen,Haoxiang Jia,Yuming Zhou

DOI: https://doi.org/10.1109/ase56229.2023.00180

2024-01-01

Abstract:SMT solvers are utilized to check the satisfiability of logic formulas and have been applied in various crucial domains, including software verification, test case generation, and program synthesis. However, bugs hidden in SMT solvers can lead to severe consequences, causing erroneous results in these domains. Therefore, ensuring the reliability and robustness of SMT solvers is of critical importance. Despite several testing approaches proposed for SMT solvers, generating effective test formulas to comprehensively test SMT solvers remains a challenge. To address this challenge, in this study, we propose to port large language models (LLMs) to generate SMT formulas for fuzzing solvers. Specifically, the study presents a novel retrain-finetune pipeline to unleash the potential of language models to generate effective SMT formulas and improve their generation performance through data augmentation. We implemented our approach as a practical fuzzing tool, named LasT,and then extensively tested the state-of-the-art SMT solvers, namely Z3, cvc5, and Bitwuzla. To date, Last has successfully uncovered 65 genuine bugs for the solvers, of which 45 have been fixed by the developers.

Xi Cheng,Min Zhou,Xiaoyu Song,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1016/j.artint.2018.01.001

IF: 14.4

2018-01-01

Artificial Intelligence

Abstract:Satisfiability Modulo Theories (SMT) is the satisfiability problem for first-order formulae with respect to background theories. SMT extends the propositional satisfiability by introducing various underlying theories. To improve the efficiency of SMT solving, many efforts have been made on low-level algorithms but they generally cannot leverage the capability of parallel hardware. We propose a high-level and flexible framework, namely lazy decomposition and conciliation (LDC), to parallelize solving for quantifier-free SMT problems. Overall, a SMT problem is firstly decomposed into subproblems, then local reasoning inside each subproblem is conciliated with the global reasoning over the shared symbols across subproblems in parallel. LDC can be built on any existing solver without tuning its internal implementation, and is flexible as it is applicable to various underlying theories. We instantiate LDC in the theory of equality with uninterpreted functions, and implement a parallel solver PZ3 based on Z3. Experiment results on the QF_UF benchmarks from SMT-LIB as well as random problems show the potential of LDC, as (1) PZ3 generally outperforms Z3 in 4 out of 8 problem subcategories under various core configurations; (2) PZ3 usually achieves super-linear speed-up over Z3 on problems with sparse structures, which makes it possible to choose an appropriate solver from Z3 and PZ3 in advance according to the structure of input problem; (3) compared to PCVC4, a state-of-the-art portfolio-based parallel SMT solver, PZ3 achieves speed-up on a larger portion of problems and has better overall speed-up ratio.

Miquel Bofill,Víctor Muñoz,Javier Murillo

DOI: https://doi.org/10.48550/arXiv.1609.05367

IF: 14.4

2016-09-17

Artificial Intelligence

Abstract:In this paper we introduce the Wastewater Treatment Plant Problem, a real-world scheduling problem, and compare the performance of several tools on it. We show that, for a naive modeling, state-of-the-art SMT solvers outperform other tools ranging from mathematical programming to constraint programming. We use both real and randomly generated benchmarks. From this and similar results, we claim for the convenience of developing compiler front-ends being able to translate from constraint programming languages to the SMT-LIB standard language.

Maolin Sun,Yibiao Yang,Ming Wen,Yongcong Wang,Yuming Zhou,Hai Jin

DOI: https://doi.org/10.1109/icse48619.2023.00018

2023-01-01

Abstract:SMT solvers check the satisfiability of logic formulas over first-order theories, which have been utilized in a rich number of critical applications, such as software verification, test case generation, and program synthesis. Bugs hidden in SMT solvers would severely mislead those applications and further cause severe consequences. Therefore, ensuring the reliability and robustness of SMT solvers is of critical importance. Although many approaches have been proposed to test SMT solvers, it is still a challenge to discover bugs effectively. To tackle such a challenge, we conduct an empirical study on the historical bug-triggering formulas in SMT solvers' bug tracking systems. We observe that the historical bug-triggering formulas contain valuable skeletons (i.e., core structures of formulas) as well as associated atomic formulas which can cast significant impacts on formulas' ability in triggering bugs. Therefore, we propose a novel approach that utilizes the skeletons extracted from the historical bug-triggering formulas and enumerates atomic formulas under the guidance of association rules derived from historical formulas. In this study, we realized our approach as a practical fuzzing tool HistFuzz and conducted extensive testing on the wellknown SMT solvers Z3 and cvc5. To date, HistFuzz has found 111 confirmed new bugs for Z3 and cvc5, of which 108 have been fixed by the developers. More notably, out of the confirmed bugs, 23 are soundness bugs and invalid model bugs found in the solvers' default mode, which are essential for SMT solvers. In addition, our experiments also demonstrate that HistFuzz outperforms the state-of-the-art SMT solver fuzzers in terms of achieved code coverage and effectiveness.

Enyi Tang,Xiangyu Zhang,Norbert Th. Mueller,Zhenyu Chen,Xuandong Li

DOI: https://doi.org/10.1109/tse.2016.2642956

IF: 7.4

2017-01-01

IEEE Transactions on Software Engineering

Abstract:Numerical instability is a well-known problem that may cause serious runtime failures. This paper discusses the reason of instability in software development process, and presents a toolchain that not only detects the potential instability in software, but also diagnoses the reason for such instability. We classify the reason of instability into two categories. When it is introduced by software requirements, we call the instability caused by problem. In this case, it cannot be avoided by improving software development, but requires inspecting the requirements, especially the underlying mathematical properties. Otherwise, we call the instability caused by practice. We design our toolchain as four loosely-coupled tools, which combine stochastic arithmetic with infinite-precision testing. Each tool in our toolchain can be configured with different strategies according to the properties of the analyzed software. We evaluate our toolchain on subjects from literature. The results show that it effectively detects and separates the instabilities caused by problems from others. We also conduct an evaluation on the latest version of GNU Scientific Library, and the toolchain finds a few real bugs in the well-maintained and widely deployed numerical library. With the help of our toolchain, we report the details and fixing advices to the GSL buglist.

Seyedalireza Khoshsirat,Chandra Kambhamettu

2023-12-01

Abstract:Stein's paradox holds considerable sway in high-dimensional statistics, highlighting that the sample mean, traditionally considered the de facto estimator, might not be the most efficacious in higher dimensions. To address this, the James-Stein estimator proposes an enhancement by steering the sample means toward a more centralized mean vector. In this paper, first, we establish that normalization layers in deep learning use inadmissible estimators for mean and variance. Next, we introduce a novel method to employ the James-Stein estimator to improve the estimation of mean and variance within normalization layers. We evaluate our method on different computer vision tasks: image classification, semantic segmentation, and 3D object classification. Through these evaluations, it is evident that our improved normalization layers consistently yield superior accuracy across all tasks without extra computational burden. Moreover, recognizing that a plethora of shrinkage estimators surpass the traditional estimator in performance, we study two other prominent shrinkage estimators: Ridge and LASSO. Additionally, we provide visual representations to intuitively demonstrate the impact of shrinkage on the estimated layer statistics. Finally, we study the effect of regularization and batch size on our modified batch normalization. The studies show that our method is less sensitive to batch size and regularization, improving accuracy under various setups.

Computer Vision and Pattern Recognition,Machine Learning

Aboubakr Achraf El Ghazi,Mana Taghdiri

DOI: https://doi.org/10.48550/arXiv.1505.00672

2015-05-04

Abstract:This paper describes how Yices, a modern SAT Modulo theories solver, can be used to analyze the address-book problem expressed in Alloy, a first-order relational logic with transitive closure. Current analysis of Alloy models - as performed by the Alloy Analyzer - is based on SAT solving and thus, is done only with respect to finitized types. Our analysis generalizes this approach by taking advantage of the background theories available in Yices, and avoiding type finitization when possible. Consequently, it is potentially capable of proving that an assertion is a tautology - a capability completely missing from the Alloy Analyzer. This paper also reports on our experimental results that compare the performance of our analysis to that of the Alloy Analyzer for various versions of the address book problem.

Logic in Computer Science

Jan-Hendrik Lorenz,Florian Wörz

DOI: https://doi.org/10.48550/arXiv.2210.13159

2022-10-24

Abstract:The satisfiability problem is one of the most famous problems in computer science. Its NP-completeness has been used to argue that SAT is intractable. However, there have been tremendous advances that allow SAT solvers to solve instances with millions of variables. A particularly successful paradigm is stochastic local search. In most cases, there are different ways of formulating the underlying problem. While it is known that this has an impact on the runtime of solvers, finding a helpful formulation is generally non-trivial. The recently introduced GapSAT solver [Lorenz and Wörz 2020] demonstrated a successful way to improve the performance of an SLS solver on average by learning additional information which logically entails from the original problem. Still, there were cases in which the performance slightly deteriorated. This justifies in-depth investigations into how learning logical implications affects runtimes for SLS. In this work, we propose a method for generating logically equivalent problem formulations, generalizing the ideas of GapSAT. This allows a rigorous mathematical study of the effect on the runtime of SLS solvers. If the modification process is treated as random, Johnson SB distributions provide a perfect characterization of the hardness. Since the observed Johnson SB distributions approach lognormal distributions, our analysis also suggests that the hardness is long-tailed. As a second contribution, we theoretically prove that restarts are useful for long-tailed distributions. This implies that additional restarts can further refine all algorithms employing above mentioned modification technique. Since the empirical studies compellingly suggest that the runtime distributions follow Johnson SB distributions, we investigate this property theoretically. We succeed in proving that the runtimes for Schöning's random walk algorithm are approximately Johnson SB.

Data Structures and Algorithms,Artificial Intelligence,Probability

Shizhen Xu,Yuanchao Xu,Wei Xue,Xipeng Shen,Fang Zheng,Xiaomeng Huang,Guangwen Yang

DOI: https://doi.org/10.1109/IPDPS.2018.00086

2018-01-01

Abstract:This paper presents an effort for overcoming the complexities of program optimizations on SW26010, the heterogeneous many-core processor that powers Sunway TaihuLight, the world top one supercomputer. The solution centers around a precise, static performance model for modern many-core processor. Through a careful design that leverages the special properties of SW26010 and an effective treatment to massive parallelism, the model achieves a high accuracy, showing less than 5% average errors in estimating program execution performance. The precise performance model opens many opportunities for analyzing and guiding code optimizations. The paper demonstrates the usefulness by revealing a series of insights on the effects of some important code optimizations on SW26010. Moreover, it demonstrates that with such a precise performance model, it is feasible to replace empirical auto-tuning with static auto-tuning for optimizing regular loops on heterogeneous many-core systems. Such a replacement speeds up the tuning process by as much as a factor of 43 while keeping the tuning quality loss below 6%.

Xin Chen,Chao Peng,Wang Lin,Zhengfeng Yang,Yifang Zhang,Xuandong Li

DOI: https://doi.org/10.1007/978-3-030-53288-8_29

2020-01-01

Abstract:Barrier certificates generation is widely used in verifying safety properties of hybrid systems because of the relatively low computational complexity it costs. Under sum of squares (SOS) relaxation, the problem of barrier certificate generation is equivalent to that of solving a bilinear matrix inequality (BMI) with a particular type. The paper reveals the special feature of the problem, and adopts it to build a novel computational method. The proposed method introduces a sequential iterative scheme that is able to find analytical solutions, rather than the nonlinear solving procedure to produce numerical solutions used by general BMI solvers and thus is more efficient than them. In addition, different from popular LMI solving based methods, it does not make the verification conditions more conservative, and thus reduces the risk of missing feasible solutions. Benefitting from these two appealing features, it can produce barrier certificates not amenable to existing methods, which is supported by a complexity analysis as well as the experiment on some benchmarks.

Xin Chen,Chao Peng,Wang Lin,Zhengfeng Yang,Yifan Zhang,Xu,ong Li

DOI: https://doi.org/10.1007/978-3-030-53288-8_29

2020-01-01

Abstract:Barrier certificates generation is widely used in verifying safety properties of hybrid systems because of the relatively low computational complexity it costs. Under sum of squares (SOS) relaxation, the problem of barrier certificate generation is equivalent to that of solving a bilinear matrix inequality (BMI) with a particular type. The paper reveals the special feature of the problem, and adopts it to build a novel computational method. The proposed method introduces a sequential iterative scheme that is able to find analytical solutions, rather than the nonlinear solving procedure to produce numerical solutions used by general BMI solvers and thus is more efficient than them. In addition, different from popular LMI solving based methods, it does not make the verification conditions more conservative, and thus reduces the risk of missing feasible solutions. Benefitting from these two appealing features, it can produce barrier certificates not amenable to existing methods, which is supported by a complexity analysis as well as the experiment on some benchmarks.

Wang Tiantian,Su Xiaohong,Ma Peijun

DOI: https://doi.org/10.1109/csse.2008.957

2008-01-01

Abstract:Code variations are widely believed to impede program analysis. This paper introduces a program normalization approach to remove code variations. Semantic-preserving transformations are performed on the system dependence graphs of programs. As a result, various syntactically different but semantically equivalent constructs are transformed to the same system dependence graph representation, so that code variations are removed. This approach establishes a good framework for testing the semantic equivalence of source codes and it can facilitate program analysis.

Muhammad Numair Mansur,Maria Christakis,Valentin Wüstholz,Fuyuan Zhang

DOI: https://doi.org/10.48550/arXiv.2004.05934

2020-04-13

Abstract:Formal methods use SMT solvers extensively for deciding formula satisfiability, for instance, in software verification, systematic test generation, and program synthesis. However, due to their complex implementations, solvers may contain critical bugs that lead to unsound results. Given the wide applicability of solvers in software reliability, relying on such unsound results may have detrimental consequences. In this paper, we present STORM, a novel blackbox mutational fuzzing technique for detecting critical bugs in SMT solvers. We run our fuzzer on seven mature solvers and find 29 previously unknown critical bugs. STORM is already being used in testing new features of popular solvers before deployment.

Software Engineering

Zhihui Zhang,Ying Cheng,Nian Cai Liu

DOI: https://doi.org/10.1007/s11192-014-1398-0

IF: 3.801

2015-01-01

Scientometrics

Abstract:Mean-based method may be the most popular linear method for field normalization of citation impact. However, the relatively good but not ideal performance of mean-based method, plus its being a special case of the general scaling method y = kx and the more general affine method y = kx + b , implies that more effective linear methods may exist. Under the idea of making the citation distribution of each field approximate a common reference distribution through the transformation of scaling method and affine method with unknown parameters k and b , we derived the scaling and affine methods under separate unweighted and weighted optimization models for 236 Web of Science subject categories. While the unweighted-optimization-based scaling and affine methods did not show full advantages over mean-based method, the weighted-optimization-based affine method showed a decided advantage over mean-based method along most parts of the distributions. At the same time, the trivial advantage of weighted-optimization-based scaling method over mean-based method indirectly validated the good normalization performance of mean-based method. Based on these results, we conclude that mean-based method is acceptable for general field normalization, but in the face of higher demands on normalization effect, the weighted-optimization-based affine method may be a better choice.