Federico Mora scite author profile

Abstract. In this paper, we introduce StringFuzz: a modular SMT-LIB problem instance transformer and generator for string solvers. We supply a repository of instances generated by StringFuzz in SMT-LIB 2.0/2.5 format. We systematically compare Z3str3, CVC4, Z3str2, and Norn on groups of such instances, and identify those that are particularly challenging for some solvers. We briefly explain our observations and show how StringFuzz helped discover causes of performance degradations in Z3str3.

show abstract

An SMT Solver for Regular Expressions and Linear Arithmetic over String Length

Berzish

Kulczynski

Mora

et al. 2021

View full text Add to dashboard Cite

We present a novel length-aware solving algorithm for the quantifier-free first-order theory over regex membership predicate and linear arithmetic over string length. We implement and evaluate this algorithm and related heuristics in the Z3 theorem prover. A crucial insight that underpins our algorithm is that real-world regex and string formulas contain a wealth of information about upper and lower bounds on lengths of strings, and such information can be used very effectively to simplify operations on automata representing regular expressions. Additionally, we present a number of novel general heuristics, such as the prefix/suffix method, that can be used to make a variety of regex solving algorithms more efficient in practice. We showcase the power of our algorithm and heuristics via an extensive empirical evaluation over a large and diverse benchmark of 57256 regex-heavy instances, almost 75% of which are derived from industrial applications or contributed by other solver developers. Our solver outperforms five other state-of-the-art string solvers, namely, CVC4, OSTRICH, Z3seq, Z3str3, and Z3-Trau, over this benchmark, in particular achieving a speedup of 2.4$$\times $$ × over CVC4, 4.4$$\times $$ × over Z3seq, 6.4$$\times $$ × over Z3-Trau, 9.1$$\times $$ × over Z3str3, and 13$$\times $$ × over OSTRICH.

show abstract

Client-specific equivalence checking

Mora

Rubin

et al. 2018

View full text Add to dashboard Cite

Software is often built by integrating components created by different teams or even different organizations. With little understanding of changes in dependent components, it is challenging to maintain correctness and robustness of the entire system. In this paper, we investigate the effect of component changes on the behavior of their clients. We observe that changes in a component are often irrelevant to a particular client and thus can be adopted without any delays or negative effects. Following this observation, we formulate the notion of client-specific equivalence checking (CSE) and develop an automated technique optimized for checking such equivalence. We evaluate our technique on a set of benchmarks, including those from the existing literature on equivalence checking, and show its applicability and effectiveness.

show abstract

Z3str4: A Multi-armed String Solver

Mora

Berzish

Kulczynski

et al. 2021

View full text Add to dashboard Cite

String Theories Involving Regular Membership Predicates: From Practice to Theory and Back

Berzish

Day

Kulczynski

et al. 2021

View full text Add to dashboard Cite

Widespread use of string solvers in formal analysis of stringheavy programs has led to a growing demand for more efficient and reliable techniques which can be applied in this context, especially for real-world cases. Designing an algorithm for the (generally undecidable) satisfiability problem for systems of string constraints requires a thorough understanding of the structure of constraints present in the targeted cases. In this paper, we investigate benchmarks presented in the literature containing regular expression membership predicates, extract different first order logic theories, and prove their decidability, resp. undecidability. Notably, the most common theories in real-world benchmarks are PSPACEcomplete and directly lead to the implementation of a more efficient algorithm to solving string constraints.

show abstract

BanditFuzz: A Reinforcement-Learning Based Performance Fuzzer for SMT Solvers

Scott

Mora

2020

View full text Add to dashboard Cite

BanditFuzz: Fuzzing SMT Solvers with Multi-agent Reinforcement Learning

Scott

Sudula

Rehman

et al. 2021

View full text Add to dashboard Cite

MedleySolver: Online SMT Algorithm Selection

Pimpalkhare

Mora

Polgreen

et al. 2021

View full text Add to dashboard Cite

Satisfiability modulo theories (SMT) solvers implement a wide range of optimizations that are often tailored to a particular class of problems, and that differ significantly between solvers. As a result, one solver may solve a query quickly while another might be flummoxed completely. Predicting the performance of a given solver is difficult for users of SMT-driven applications, particularly when the problems they have to solve do not fall neatly into a well-understood category. In this paper, we propose an online algorithm selection framework for SMT called MedleySolver that predicts the relative performances of a set of SMT solvers on a given query, distributes time amongst the solvers, and deploys the solvers in sequence until a solution is obtained. We evaluate MedleySolver against the best available alternative, an offline learning technique, in terms of pure performance and practical usability for a typical SMT user. We find that with no prior training, MedleySolver solves 93.9% of the queries solved by the virtual best solver selector achieving 59.8% of the par-2 score of the most successful individual solver, which solves 87.3%. For comparison, the best available alternative takes longer to train than MedleySolver takes to solve our entire set of 2000 queries.

show abstract

12 3

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Federico Mora

StringFuzz: A Fuzzer for String Solvers

An SMT Solver for Regular Expressions and Linear Arithmetic over String Length

Client-specific equivalence checking

Z3str4: A Multi-armed String Solver

String Theories Involving Regular Membership Predicates: From Practice to Theory and Back

BanditFuzz: A Reinforcement-Learning Based Performance Fuzzer for SMT Solvers

BanditFuzz: Fuzzing SMT Solvers with Multi-agent Reinforcement Learning

MedleySolver: Online SMT Algorithm Selection

Contact Info

Product

Resources

About