Cache-a-lot: Pushing the Limits of Unsatisfiable Core Reuse in SMT-Based Program Analysis
Rustam Sadykov, Azat Abdullin, Marat Akhin
TL;DR
Cache-a-lot addresses the high cost of SMT solver invocations in program analysis by extending unsat-core reuse through systematic variable substitutions, moving beyond reliance on formula canonization. The method introduces a two-stage pipeline (candidate selection via hash footprints and Bloom filters, followed by substitution collection and joining) to determine if a complete substitution σ exists such that σ(s) ⊆ F, enabling unsat detection without new solver calls. Empirical results on two benchmark families show substantial gains, especially for complex formulas, with up to 74% unsat-core reuse and meaningful time savings, while remaining solver-agnostic and not requiring preprocessing. The work also analyzes canonization effects, memory behavior, and optimisation impacts, concluding that broad substitution-based reuse significantly improves SMT-based program analysis performance and that Cache-a-lot's approach is robust across benchmarks and adaptable to incremental settings in the future.
Abstract
Satisfiability Modulo Theories (SMT) solvers are integral to program analysis techniques like concolic and symbolic execution, where they help assess the satisfiability of logical formulae to explore execution paths of the program under test. However, frequent solver invocations are still the main performance bottleneck of these techniques. One way to mitigate this challenge is through optimizations such as caching and reusing solver results. While current methods typically focus on reusing results from fully equivalent or closely related formulas, they often miss broader opportunities for reuse. In this paper, we propose a novel approach, Cache-a-lot, that extends the reuse of unsatisfiable (unsat) results by systematically considering all possible variable substitutions. This enables more extensive reuse of results, thereby reducing the number of SMT solver invocations and improving the overall efficiency of concolic and symbolic execution. Our evaluation, conducted against the state-of-the-art Utopia solution using two benchmark sets, shows significant improvements, particularly with more complex formulas. Our method achieves up to 74% unsat core reuse, compared to Utopia's 41%, and significant increase in the time savings. These results demonstrate that, despite the additional computational complexity, the broader reuse of unsat results significantly enhances performance, offering valuable advancements for formal verification and program analysis.