Embed Size (px)
Citation preview
Gagandeep Singh Markus Püschel Martin Vechev
Department of Computer Science
ETH Zurich
Fast Polyhedra Abstract Domain
Polyhedra Domain AnalysisAutomatic Discovery of Linear Restraints Among Variables of a Program, POPL’78
Polyhedra Domain AnalysisAutomatic Discovery of Linear Restraints Among Variables of a Program, POPL’78
Introduced by Patrick Cousot and Nicolas Halbwachs
Represents linear constraints between program variables
Patrick Cousot Nicolas Halbwachs
Polyhedra Domain AnalysisAutomatic Discovery of Linear Restraints Among Variables of a Program, POPL’78
Introduced by Patrick Cousot and Nicolas Halbwachs
Represents linear constraints between program variables
y ≤ 3
-x ≤
2
Patrick Cousot Nicolas Halbwachs
Polyhedra Domain Analysis
Polyhedra Domain Analysis
if(*){
y:=2x-1;
}
else{
y:=2x-2;
}
assert(y<=2x);
Polyhedra Domain Analysis
if(*){
y:=2x-1;
}
else{
y:=2x-2;
}
Abstract
Domain
Can Prove the
Assertion?
Interval ❌
Pentagon ❌
Zones ❌
Octagon ❌
Polyhedra ✅assert(y<=2x);
Polyhedra Domain Analysis
if(*){
y:=2x-1;
}
else{
y:=2x-2;
}
Abstract
Domain
Can Prove the
Assertion?
Interval ❌
Pentagon ❌
Zones ❌
Octagon ❌
Polyhedra ✅assert(y<=2x);
Polyhedra analysis: time and space exponential in number of variables
This work: contributions
This work: contributions
Online decomposition: reduction in space and time without losing precision
This work: contributions
Online decomposition: reduction in space and time without losing precision
Constant factor improvements via reduced operation count and cache optimizations
This work: contributions
Online decomposition: reduction in space and time without losing precision
Constant factor improvements via reduced operation count and cache optimizations
elina.ethz.ch
Complete end-to-end
implementation
This work: contributions
Online decomposition: reduction in space and time without losing precision
Constant factor improvements via reduced operation count and cache optimizations
elina.ethz.ch
Complete end-to-end
implementation
Driver NewPolka PPL ELINA
500 var
39K LOC
OOM
(> 12 GB)
OOM
(> 12 GB)
4 sec
0.9 GB
650 var
25K LOC
TO
(> 4 hr)
TO
(> 4 hr)
2 sec
0.4 GB
Double Representation of Polyhedron
x1
x2 = 2
x2
𝒞 = {-x2 ≤ -2, x2 ≤ 2x1}
m: number of constraints
Constraints(⊔) easy
with the Generators
Double Representation of Polyhedron
x1
x2 = 2
x2
𝒞 = {-x2 ≤ -2, x2 ≤ 2x1}
m: number of constraints
x1
x2
Vertices 𝒱 = {(1,2)},
Rays ℛ = {(1,2), (1,0)},
Lines 𝒵 = ∅g: number of generators
(1,2) (1,0)
Generators (⊔) easy
with the GeneratorsConstraints(⊔) easy
with the Generators
Double Representation of Polyhedron
Asymptotic Time Complexity of Polyhedra
Asymptotic Time Complexity of Polyhedra
Operator Constraints Generators Both
Join (⊔) exp(n,m) Ο(𝑛𝑔) Ο(𝑛𝑔)
Meet (⊓) Ο(𝑛𝑚) exp(n,g) Ο(𝑛𝑚)
Inclusion (⊑) exp(n,m) exp(n,g) Ο(𝑛𝑔𝑚)
Assignment Ο(𝑛𝑚2) Ο(𝑛𝑔) Ο(𝑛𝑔)
Conditional Ο(𝑛) exp(n,g) Ο(𝑛)
Asymptotic Time Complexity of Polyhedra
Operator Constraints Generators Both
Join (⊔) exp(n,m) Ο(𝑛𝑔) Ο(𝑛𝑔)
Meet (⊓) Ο(𝑛𝑚) exp(n,g) Ο(𝑛𝑚)
Inclusion (⊑) exp(n,m) exp(n,g) Ο(𝑛𝑔𝑚)
Assignment Ο(𝑛𝑚2) Ο(𝑛𝑔) Ο(𝑛𝑔)
Conditional Ο(𝑛) exp(n,g) Ο(𝑛)
Constraints Generators
exp(n,m)
exp(n,g)
Key Idea: Online Decomposition
Key Idea: Online Decomposition
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
Polyhedron
Key Idea: Online Decomposition
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
Polyhedron {𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
Set of factors
Key Idea: Online Decomposition
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
Polyhedron {𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
Set of factors
Partition (𝜋) =
set of blocks
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
Key Idea: Online Decomposition
working on smaller Polyhedra enables reduction in space and time
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
Polyhedron {𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
Set of factors
Partition (𝜋) =
set of blocks
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
Permissible Partitions
Permissible Partitions
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
Polyhedron
Permissible Partitions
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
PolyhedronBest (finest)
partition (𝜋)
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
Permissible Partitions
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
PolyhedronBest (finest)
partition (𝜋)
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓, 𝒙𝟔}
Permissible
partition (𝜋)
Permissible Partitions
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
PolyhedronBest (finest)
partition (𝜋)
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓, 𝒙𝟔}
Permissible
partition (𝜋)
Invalid
partition
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑, 𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
Permissible Partitions
Definition: A partition 𝜋 is permissible for Polyhedron P, if there are no two variables 𝒙𝒊 and 𝒙𝒋 in different blocks of 𝜋 related by a constraint in P
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
PolyhedronBest (finest)
partition (𝜋)
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓, 𝒙𝟔}
Permissible
partition (𝜋)
Invalid
partition
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑, 𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
Partition of Variable Set: Summary
Partition of Variable Set: Summary
The set of all partitions of variable set 𝒳 form a lattice ordered by “finer than” (<) relation
The best (finest) partition 𝜋𝑃 for Polyhedron P is unique
Any 𝜋, s.t., 𝜋𝑃 < 𝜋, is permissible
An unconstrained variable 𝑥𝑖 yields a singleton set {𝑥𝑖} in the partition
Partition of Variable Set: Summary
The set of all partitions of variable set 𝒳 form a lattice ordered by “finer than” (<) relation
The best (finest) partition 𝜋𝑃 for Polyhedron P is unique
Any 𝜋, s.t., 𝜋𝑃 < 𝜋, is permissible
An unconstrained variable 𝑥𝑖 yields a singleton set {𝑥𝑖} in the partition
Challenge: maintain permissible partitions for > 30 operators
Operator: Conditional
Operator: Conditional
Definition: Let 𝜋 be a partition and ℬ be a block, then 𝜋 ↑ ℬ is the finest partition 𝜋’ such that 𝜋 ⊑ 𝜋’ and ℬ is a subset of an element of 𝜋’
Theorem (finest partition after conditional):
If O ≠⊥ and let ℬ be block containing all variables appearing in the conditional,then 𝜋𝑂 = 𝜋𝑃 ↑ ℬ
Operator: Conditional
Definition: Let 𝜋 be a partition and ℬ be a block, then 𝜋 ↑ ℬ is the finest partition 𝜋’ such that 𝜋 ⊑ 𝜋’ and ℬ is a subset of an element of 𝜋’
Theorem (finest partition after conditional):
If O ≠⊥ and let ℬ be block containing all variables appearing in the conditional,then 𝜋𝑂 = 𝜋𝑃 ↑ ℬ
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
Operator: Conditional
Definition: Let 𝜋 be a partition and ℬ be a block, then 𝜋 ↑ ℬ is the finest partition 𝜋’ such that 𝜋 ⊑ 𝜋’ and ℬ is a subset of an element of 𝜋’
Theorem (finest partition after conditional):
If O ≠⊥ and let ℬ be block containing all variables appearing in the conditional,then 𝜋𝑂 = 𝜋𝑃 ↑ ℬ
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
if( 𝒙𝟐 ≤ 𝟐𝒙𝟒)
Operator: Conditional
Definition: Let 𝜋 be a partition and ℬ be a block, then 𝜋 ↑ ℬ is the finest partition 𝜋’ such that 𝜋 ⊑ 𝜋’ and ℬ is a subset of an element of 𝜋’
Theorem (finest partition after conditional):
If O ≠⊥ and let ℬ be block containing all variables appearing in the conditional,then 𝜋𝑂 = 𝜋𝑃 ↑ ℬ
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
O 𝜋𝑂{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟐 ≤ 𝟐𝒙𝟒}
{𝒙𝟔 = 𝟐} {𝒙𝟔}
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑,
𝒙𝟒, 𝒙𝟓}if( 𝒙𝟐 ≤ 𝟐𝒙𝟒)
Operator: Conditional
Definition: Let 𝜋 be a partition and ℬ be a block, then 𝜋 ↑ ℬ is the finest partition 𝜋’ such that 𝜋 ⊑ 𝜋’ and ℬ is a subset of an element of 𝜋’
Theorem (finest partition after conditional):
If O ≠⊥ and let ℬ be block containing all variables appearing in the conditional,then 𝜋𝑂 = 𝜋𝑃 ↑ ℬ
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
O 𝜋𝑂{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟐 ≤ 𝟐𝒙𝟒}
{𝒙𝟔 = 𝟐} {𝒙𝟔}
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑,
𝒙𝟒, 𝒙𝟓}if( 𝒙𝟐 ≤ 𝟐𝒙𝟒)
𝓑 = {𝒙𝟐, 𝒙𝟒}
Operator: Assignment
Operator: Assignment
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
Operator: Assignment
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
𝒙𝟐∶= 𝟐𝒙𝟒
Operator: Assignment
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
O 𝜋𝑂
{𝒙𝟏 ≤ 𝟒,
𝒙𝟏 + 𝟐𝒙𝟑 ≤ 𝟑,
{𝒙𝟔 = 𝟐} {𝒙𝟔}
{𝒙𝟏, 𝒙𝟑}
𝒙𝟐∶= 𝟐𝒙𝟒{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟐= 𝟐𝒙𝟒}
{𝒙𝟐, 𝒙𝟒, 𝒙𝟓}
Operator: Assignment
Theorem (finest partition after assignment):
Let ℬ be block containing all variables appearing for assignment 𝒙𝒊 ≔ 𝒆 , and let 𝜋𝒊 = {𝒳 ∖{𝒙𝒊}, {𝒙𝒊}}, then 𝜋𝑂 = (𝜋𝑃 ⊓ 𝜋𝒊) ↑ ℬ
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
O 𝜋𝑂
{𝒙𝟏 ≤ 𝟒,
𝒙𝟏 + 𝟐𝒙𝟑 ≤ 𝟑,
{𝒙𝟔 = 𝟐} {𝒙𝟔}
{𝒙𝟏, 𝒙𝟑}
𝒙𝟐∶= 𝟐𝒙𝟒{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟐= 𝟐𝒙𝟒}
{𝒙𝟐, 𝒙𝟒, 𝒙𝟓}
Operator: Assignment
Theorem (finest partition after assignment):
Let ℬ be block containing all variables appearing for assignment 𝒙𝒊 ≔ 𝒆 , and let 𝜋𝒊 = {𝒳 ∖{𝒙𝒊}, {𝒙𝒊}}, then 𝜋𝑂 = (𝜋𝑃 ⊓ 𝜋𝒊) ↑ ℬ
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
O 𝜋𝑂
{𝒙𝟏 ≤ 𝟒,
𝒙𝟏 + 𝟐𝒙𝟑 ≤ 𝟑,
{𝒙𝟔 = 𝟐} {𝒙𝟔}
{𝒙𝟏, 𝒙𝟑}
𝒙𝟐∶= 𝟐𝒙𝟒{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟐= 𝟐𝒙𝟒}
{𝒙𝟐, 𝒙𝟒, 𝒙𝟓}𝓑 = {𝒙𝟐, 𝒙𝟒}
Lattice Operators
Lattice Operators
Theorem (finest partition for ⊑):
If 𝑃 ⊑ 𝑄 and 𝑃 ≠⊥, then 𝜋𝑄 ⊑ 𝜋𝑃
Theorem: (finest partition after ⊓):
If 𝑃 ⊓ 𝑄 ≠⊥ , then 𝜋𝑂 = 𝜋𝑃 ⊔ 𝜋𝑄
For join (⊔), no general relationship exists between 𝜋𝑂, 𝜋𝑃 and 𝜋𝑄
Operator: Join (⊔)
Operator: Join (⊔)
{𝒙𝟏 − 𝒙𝟐 ≤ 𝟎,
𝒙𝟏 ≤ 𝟎}
{𝒙𝟑 = 𝟏}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑}
Operator: Join (⊔)
{𝒙𝟏 − 𝒙𝟐 ≤ 𝟎,
𝒙𝟏 ≤ 𝟎}
{𝒙𝟑 = 𝟏}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑}
⊔
Operator: Join (⊔)
{𝒙𝟏 − 𝒙𝟐 ≤ 𝟎,
𝒙𝟏 ≤ 𝟎}
{𝒙𝟑 = 𝟏}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑}
{𝒙𝟏 ≤ 𝟐}
{𝒙𝟑 = 𝟎}
Q 𝜋𝑄
{𝒙𝟏}
{𝒙𝟑}
⊔ ∅ {𝒙𝟐}
Operator: Join (⊔)
{𝒙𝟏 − 𝒙𝟐 ≤ 𝟎,
𝒙𝟏 ≤ 𝟎}
{𝒙𝟑 = 𝟏}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑}
{𝒙𝟏 ≤ 𝟐}
{𝒙𝟑 = 𝟎}
Q 𝜋𝑄
{𝒙𝟏}
{𝒙𝟑}
⊔ ∅ {𝒙𝟐}
{𝒙𝟏 + 𝟐𝒙𝟑 ≤ 𝟐,
−𝒙𝟑 ≤ 𝟎,
𝒙𝟑 ≤ 𝟏}
∅
O 𝜋𝑂
{𝒙𝟏, 𝒙𝟑}
{𝒙𝟐}
Operator: Join (⊔)
{𝒙𝟏 − 𝒙𝟐 ≤ 𝟎,
𝒙𝟏 ≤ 𝟎}
{𝒙𝟑 = 𝟏}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑}
{𝒙𝟏 ≤ 𝟐}
{𝒙𝟑 = 𝟎}
Q 𝜋𝑄
{𝒙𝟏}
{𝒙𝟑}
⊔ ∅ {𝒙𝟐}
{𝒙𝟏 + 𝟐𝒙𝟑 ≤ 𝟐,
−𝒙𝟑 ≤ 𝟎,
𝒙𝟑 ≤ 𝟏}
∅
O 𝜋𝑂
{𝒙𝟏, 𝒙𝟑}
{𝒙𝟐}
𝜋𝑃 ⊔ 𝜋𝑄 = 𝜋𝑃 ≠ 𝜋𝑂
Operator: Join (⊔)
{𝒙𝟏 − 𝒙𝟐 ≤ 𝟎,
𝒙𝟏 ≤ 𝟎}
{𝒙𝟑 = 𝟏}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑}
{𝒙𝟏 ≤ 𝟐}
{𝒙𝟑 = 𝟎}
Q 𝜋𝑄
{𝒙𝟏}
{𝒙𝟑}
⊔ ∅ {𝒙𝟐}
{𝒙𝟏 + 𝟐𝒙𝟑 ≤ 𝟐,
−𝒙𝟑 ≤ 𝟎,
𝒙𝟑 ≤ 𝟏}
∅
O 𝜋𝑂
{𝒙𝟏, 𝒙𝟑}
{𝒙𝟐}
𝜋𝑃 ⊔ 𝜋𝑄 = 𝜋𝑃 ≠ 𝜋𝑂
𝜋𝑃 ⊓ 𝜋𝑄 = 𝜋𝑄 ≠ 𝜋𝑂
Operator: Join (⊔)
{𝒙𝟏 − 𝒙𝟐 ≤ 𝟎,
𝒙𝟏 ≤ 𝟎}
{𝒙𝟑 = 𝟏}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑}
{𝒙𝟏 ≤ 𝟐}
{𝒙𝟑 = 𝟎}
Q 𝜋𝑄
{𝒙𝟏}
{𝒙𝟑}
⊔ ∅ {𝒙𝟐}
{𝒙𝟏 + 𝟐𝒙𝟑 ≤ 𝟐,
−𝒙𝟑 ≤ 𝟎,
𝒙𝟑 ≤ 𝟏}
∅
O 𝜋𝑂
{𝒙𝟏, 𝒙𝟑}
{𝒙𝟐}
𝜋𝑃 ⊔ 𝜋𝑄 = 𝜋𝑃 ≠ 𝜋𝑂
𝜋𝑃 ⊓ 𝜋𝑄 = 𝜋𝑄 ≠ 𝜋𝑂
For Join, 𝜋𝑂 depends on both P and Q
Operator: Join (⊔)
Operator: Join (⊔)
Theorem: Let P and Q be two Polyhedra with the same permissiblepartition 𝜋 = {𝒳1, 𝒳2, . . . , 𝒳𝑟} and let 𝜋 be a permissible partition for the join, that is, 𝜋𝑃⊔𝑄 ⊑ 𝜋. If for any block 𝒳𝑘 ∈ 𝜋,𝑃𝑘 = 𝑄𝑘 , then 𝒳𝑘 ∈ 𝜋
Operator: Join (⊔)
Theorem: Let P and Q be two Polyhedra with the same permissiblepartition 𝜋 = {𝒳1, 𝒳2, . . . , 𝒳𝑟} and let 𝜋 be a permissible partition for the join, that is, 𝜋𝑃⊔𝑄 ⊑ 𝜋. If for any block 𝒳𝑘 ∈ 𝜋,𝑃𝑘 = 𝑄𝑘 , then 𝒳𝑘 ∈ 𝜋
x2
x1=4
x2=1
x2=2
x1=3
x1=1
x1=2
x2=4
x1=2x1
x2=-2x1+10
P
Q
x1P1
Q1
P2
Q2
Operator: Join (⊔)
Theorem: Let P and Q be two Polyhedra with the same permissiblepartition 𝜋 = {𝒳1, 𝒳2, . . . , 𝒳𝑟} and let 𝜋 be a permissible partition for the join, that is, 𝜋𝑃⊔𝑄 ⊑ 𝜋. If for any block 𝒳𝑘 ∈ 𝜋,𝑃𝑘 = 𝑄𝑘 , then 𝒳𝑘 ∈ 𝜋
x2
x1=4
x2=1
x2=2
x1=3
x1=1
x1=2
x2=4
x1=2x1
x2=-2x1+10
P
Q
x1P1
Q1
x2
x1=4
x2=1
x2=2
x1=4
x1=1
x1=1
x2=4
P
Q
x1P1
Q1
P2
Q2
P2
Q2
Operators with Permissible Partitions
Operators with Permissible Partitions
Theorem (permissible partition after join):
Let 𝜋 = 𝜋𝑃 ⊔ 𝜋𝑄 and 𝒰 = {𝒳𝑘 | 𝑃𝑘 = 𝑄𝑘 , 𝒳𝑘 ∈ 𝜋}.
Then 𝜋𝑃⊔𝑄 = 𝒰 ∪ ⨃𝒯∈𝜋 ∖𝒰𝒯 is permissible for 𝑃 ⊔ 𝑄
Theorem (permissible partition after meet):
𝜋𝑃 ⊔ 𝜋𝑄 is permissible for 𝑃 ⊓ 𝑄
Theorem (permissible partition after conditional):
If output O ≠⊥, then, 𝜋𝑃 ↑ ℬ is permissible for conditional
Theorem (permissible partition after assignment):
𝜋𝑃 ↑ ℬ is permissible for the output O of assignment
Asymptotic Complexity of Operators with Permissible Partitions
r: number
of blocks
Operator Before
(using both)
Our work
(using decomposition)
Join (⊔) Ο(𝑛𝑔) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖 + 𝑛𝑚𝑎𝑥𝑚𝑚𝑎𝑥)
Meet (⊓) Ο(𝑛𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖)
Inclusion (⊑) Ο(𝑛𝑔𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖)
Assignment Ο(𝑛𝑔) Ο(𝑛𝑚𝑎𝑥𝑔𝑚𝑎𝑥)
Conditional Ο(𝑛) Ο(𝑛𝑚𝑎𝑥)
Conversion exp(n,g) exp(𝑛𝑚𝑎𝑥 , 𝑔𝑚𝑎𝑥)
Experimental Evaluation
We compared performance of ELINA against NewPolka and PPL
Using the Seahorn verification framework [CAV’15]• written in C, analyzes llvm-bitcode• produces Polyhedra invariants
> 1500 benchmarks from the software verification competition
Time limit: 4 hours
Memory limit: 12 GB
Experimental Evaluation
Experimental Evaluation
Experimental Evaluation
Experimental Evaluation
Evaluation
𝑛𝐸𝐿𝐼𝑁𝐴 < 𝑛𝑁𝑒𝑤𝑃𝑜𝑙𝑘𝑎 , large speedup as conversion is exponential in n
Related Work
Related Work
• Variable Packing • Blanchet et al. [PLDI’03]
• decomposition based on syntactic criteria
• loses precision
• Matrix based decomposition• Halbwachs et al. [FMSD’06]
• does not work with generators
• decomposition too coarse for join
Conclusion
Conclusion
Conclusion
Operator Both Online
decomposition
Join (⊔) Ο(𝑛𝑔) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖
+ 𝑛𝑚𝑎𝑥𝑚𝑚𝑎𝑥)
Meet (⊓) Ο(𝑛𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖)
Inclusion (⊑) Ο(𝑛𝑔𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖)
Assignment Ο(𝑛𝑔) Ο(𝑛𝑚𝑎𝑥𝑔𝑚𝑎𝑥)
Conditional Ο(𝑛) Ο(𝑛𝑚𝑎𝑥)
Conclusion
Operator Both Online
decomposition
Join (⊔) Ο(𝑛𝑔) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖
+ 𝑛𝑚𝑎𝑥𝑚𝑚𝑎𝑥)
Meet (⊓) Ο(𝑛𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖)
Inclusion (⊑) Ο(𝑛𝑔𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖)
Assignment Ο(𝑛𝑔) Ο(𝑛𝑚𝑎𝑥𝑔𝑚𝑎𝑥)
Conditional Ο(𝑛) Ο(𝑛𝑚𝑎𝑥)
http://elina.ethz.ch
Conclusion
Operator Both Online
decomposition
Join (⊔) Ο(𝑛𝑔) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖
+ 𝑛𝑚𝑎𝑥𝑚𝑚𝑎𝑥)
Meet (⊓) Ο(𝑛𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖)
Inclusion (⊑) Ο(𝑛𝑔𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖)
Assignment Ο(𝑛𝑔) Ο(𝑛𝑚𝑎𝑥𝑔𝑚𝑎𝑥)
Conditional Ο(𝑛) Ο(𝑛𝑚𝑎𝑥)
http://elina.ethz.ch
Driver NewPolka PPL ELINA
500 var
39K LOC
OOM
(> 12 GB)
OOM
(> 12 GB)
4 sec
0.9 GB
650 var
25K LOC
TO
(> 4 hr)
TO
(> 4 hr)
2 sec
0.4 GB
