Gagandeep Singh Markus Püschel Martin Vechev
Department of Computer Science
ETH Zurich
Fast Polyhedra Abstract Domain
Polyhedra Domain AnalysisAutomatic Discovery of Linear Restraints Among Variables of a Program, POPL’78
Polyhedra Domain AnalysisAutomatic Discovery of Linear Restraints Among Variables of a Program, POPL’78
Introduced by Patrick Cousot and Nicolas Halbwachs
Represents linear constraints between program variables
Patrick Cousot Nicolas Halbwachs
Polyhedra Domain AnalysisAutomatic Discovery of Linear Restraints Among Variables of a Program, POPL’78
Introduced by Patrick Cousot and Nicolas Halbwachs
Represents linear constraints between program variables
y ≤ 3
-x ≤
2
Patrick Cousot Nicolas Halbwachs
Polyhedra Domain Analysis
Polyhedra Domain Analysis
if(*){
y:=2x-1;
}
else{
y:=2x-2;
}
assert(y<=2x);
Polyhedra Domain Analysis
if(*){
y:=2x-1;
}
else{
y:=2x-2;
}
Abstract
Domain
Can Prove the
Assertion?
Interval ❌
Pentagon ❌
Zones ❌
Octagon ❌
Polyhedra ✅assert(y<=2x);
Polyhedra Domain Analysis
if(*){
y:=2x-1;
}
else{
y:=2x-2;
}
Abstract
Domain
Can Prove the
Assertion?
Interval ❌
Pentagon ❌
Zones ❌
Octagon ❌
Polyhedra ✅assert(y<=2x);
Polyhedra analysis: time and space exponential in number of variables
This work: contributions
This work: contributions
Online decomposition: reduction in space and time without losing precision
This work: contributions
Online decomposition: reduction in space and time without losing precision
Constant factor improvements via reduced operation count and cache optimizations
This work: contributions
Online decomposition: reduction in space and time without losing precision
Constant factor improvements via reduced operation count and cache optimizations
elina.ethz.ch
Complete end-to-end
implementation
This work: contributions
Online decomposition: reduction in space and time without losing precision
Constant factor improvements via reduced operation count and cache optimizations
elina.ethz.ch
Complete end-to-end
implementation
Driver NewPolka PPL ELINA
500 var
39K LOC
OOM
(> 12 GB)
OOM
(> 12 GB)
4 sec
0.9 GB
650 var
25K LOC
TO
(> 4 hr)
TO
(> 4 hr)
2 sec
0.4 GB
Double Representation of Polyhedron
x1
x2 = 2
x2
𝒞 = {-x2 ≤ -2, x2 ≤ 2x1}
m: number of constraints
Constraints(⊔) easy
with the Generators
Double Representation of Polyhedron
x1
x2 = 2
x2
𝒞 = {-x2 ≤ -2, x2 ≤ 2x1}
m: number of constraints
x1
x2
Vertices 𝒱 = {(1,2)},
Rays ℛ = {(1,2), (1,0)},
Lines 𝒵 = ∅g: number of generators
(1,2) (1,0)
Generators (⊔) easy
with the GeneratorsConstraints(⊔) easy
with the Generators
Double Representation of Polyhedron
Asymptotic Time Complexity of Polyhedra
Asymptotic Time Complexity of Polyhedra
Operator Constraints Generators Both
Join (⊔) exp(n,m) Ο(𝑛𝑔) Ο(𝑛𝑔)
Meet (⊓) Ο(𝑛𝑚) exp(n,g) Ο(𝑛𝑚)
Inclusion (⊑) exp(n,m) exp(n,g) Ο(𝑛𝑔𝑚)
Assignment Ο(𝑛𝑚2) Ο(𝑛𝑔) Ο(𝑛𝑔)
Conditional Ο(𝑛) exp(n,g) Ο(𝑛)
Asymptotic Time Complexity of Polyhedra
Operator Constraints Generators Both
Join (⊔) exp(n,m) Ο(𝑛𝑔) Ο(𝑛𝑔)
Meet (⊓) Ο(𝑛𝑚) exp(n,g) Ο(𝑛𝑚)
Inclusion (⊑) exp(n,m) exp(n,g) Ο(𝑛𝑔𝑚)
Assignment Ο(𝑛𝑚2) Ο(𝑛𝑔) Ο(𝑛𝑔)
Conditional Ο(𝑛) exp(n,g) Ο(𝑛)
Constraints Generators
exp(n,m)
exp(n,g)
Key Idea: Online Decomposition
Key Idea: Online Decomposition
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
Polyhedron
Key Idea: Online Decomposition
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
Polyhedron {𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
Set of factors
Key Idea: Online Decomposition
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
Polyhedron {𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
Set of factors
Partition (𝜋) =
set of blocks
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
Key Idea: Online Decomposition
working on smaller Polyhedra enables reduction in space and time
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
Polyhedron {𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
Set of factors
Partition (𝜋) =
set of blocks
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
Permissible Partitions
Permissible Partitions
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
Polyhedron
Permissible Partitions
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
PolyhedronBest (finest)
partition (𝜋)
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
Permissible Partitions
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
PolyhedronBest (finest)
partition (𝜋)
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓, 𝒙𝟔}
Permissible
partition (𝜋)
Permissible Partitions
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
PolyhedronBest (finest)
partition (𝜋)
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓, 𝒙𝟔}
Permissible
partition (𝜋)
Invalid
partition
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑, 𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
Permissible Partitions
Definition: A partition 𝜋 is permissible for Polyhedron P, if there are no two variables 𝒙𝒊 and 𝒙𝒋 in different blocks of 𝜋 related by a constraint in P
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟔 = 𝟐}
PolyhedronBest (finest)
partition (𝜋)
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓, 𝒙𝟔}
Permissible
partition (𝜋)
Invalid
partition
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑, 𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
Partition of Variable Set: Summary
Partition of Variable Set: Summary
The set of all partitions of variable set 𝒳 form a lattice ordered by “finer than” (<) relation
The best (finest) partition 𝜋𝑃 for Polyhedron P is unique
Any 𝜋, s.t., 𝜋𝑃 < 𝜋, is permissible
An unconstrained variable 𝑥𝑖 yields a singleton set {𝑥𝑖} in the partition
Partition of Variable Set: Summary
The set of all partitions of variable set 𝒳 form a lattice ordered by “finer than” (<) relation
The best (finest) partition 𝜋𝑃 for Polyhedron P is unique
Any 𝜋, s.t., 𝜋𝑃 < 𝜋, is permissible
An unconstrained variable 𝑥𝑖 yields a singleton set {𝑥𝑖} in the partition
Challenge: maintain permissible partitions for > 30 operators
Operator: Conditional
Operator: Conditional
Definition: Let 𝜋 be a partition and ℬ be a block, then 𝜋 ↑ ℬ is the finest partition 𝜋’ such that 𝜋 ⊑ 𝜋’ and ℬ is a subset of an element of 𝜋’
Theorem (finest partition after conditional):
If O ≠⊥ and let ℬ be block containing all variables appearing in the conditional,then 𝜋𝑂 = 𝜋𝑃 ↑ ℬ
Operator: Conditional
Definition: Let 𝜋 be a partition and ℬ be a block, then 𝜋 ↑ ℬ is the finest partition 𝜋’ such that 𝜋 ⊑ 𝜋’ and ℬ is a subset of an element of 𝜋’
Theorem (finest partition after conditional):
If O ≠⊥ and let ℬ be block containing all variables appearing in the conditional,then 𝜋𝑂 = 𝜋𝑃 ↑ ℬ
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
Operator: Conditional
Definition: Let 𝜋 be a partition and ℬ be a block, then 𝜋 ↑ ℬ is the finest partition 𝜋’ such that 𝜋 ⊑ 𝜋’ and ℬ is a subset of an element of 𝜋’
Theorem (finest partition after conditional):
If O ≠⊥ and let ℬ be block containing all variables appearing in the conditional,then 𝜋𝑂 = 𝜋𝑃 ↑ ℬ
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
if( 𝒙𝟐 ≤ 𝟐𝒙𝟒)
Operator: Conditional
Definition: Let 𝜋 be a partition and ℬ be a block, then 𝜋 ↑ ℬ is the finest partition 𝜋’ such that 𝜋 ⊑ 𝜋’ and ℬ is a subset of an element of 𝜋’
Theorem (finest partition after conditional):
If O ≠⊥ and let ℬ be block containing all variables appearing in the conditional,then 𝜋𝑂 = 𝜋𝑃 ↑ ℬ
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
O 𝜋𝑂{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟐 ≤ 𝟐𝒙𝟒}
{𝒙𝟔 = 𝟐} {𝒙𝟔}
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑,
𝒙𝟒, 𝒙𝟓}if( 𝒙𝟐 ≤ 𝟐𝒙𝟒)
Operator: Conditional
Definition: Let 𝜋 be a partition and ℬ be a block, then 𝜋 ↑ ℬ is the finest partition 𝜋’ such that 𝜋 ⊑ 𝜋’ and ℬ is a subset of an element of 𝜋’
Theorem (finest partition after conditional):
If O ≠⊥ and let ℬ be block containing all variables appearing in the conditional,then 𝜋𝑂 = 𝜋𝑃 ↑ ℬ
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
O 𝜋𝑂{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓,
𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟐 ≤ 𝟐𝒙𝟒}
{𝒙𝟔 = 𝟐} {𝒙𝟔}
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑,
𝒙𝟒, 𝒙𝟓}if( 𝒙𝟐 ≤ 𝟐𝒙𝟒)
𝓑 = {𝒙𝟐, 𝒙𝟒}
Operator: Assignment
Operator: Assignment
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
Operator: Assignment
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
𝒙𝟐∶= 𝟐𝒙𝟒
Operator: Assignment
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
O 𝜋𝑂
{𝒙𝟏 ≤ 𝟒,
𝒙𝟏 + 𝟐𝒙𝟑 ≤ 𝟑,
{𝒙𝟔 = 𝟐} {𝒙𝟔}
{𝒙𝟏, 𝒙𝟑}
𝒙𝟐∶= 𝟐𝒙𝟒{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟐= 𝟐𝒙𝟒}
{𝒙𝟐, 𝒙𝟒, 𝒙𝟓}
Operator: Assignment
Theorem (finest partition after assignment):
Let ℬ be block containing all variables appearing for assignment 𝒙𝒊 ≔ 𝒆 , and let 𝜋𝒊 = {𝒳 ∖{𝒙𝒊}, {𝒙𝒊}}, then 𝜋𝑂 = (𝜋𝑃 ⊓ 𝜋𝒊) ↑ ℬ
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
O 𝜋𝑂
{𝒙𝟏 ≤ 𝟒,
𝒙𝟏 + 𝟐𝒙𝟑 ≤ 𝟑,
{𝒙𝟔 = 𝟐} {𝒙𝟔}
{𝒙𝟏, 𝒙𝟑}
𝒙𝟐∶= 𝟐𝒙𝟒{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟐= 𝟐𝒙𝟒}
{𝒙𝟐, 𝒙𝟒, 𝒙𝟓}
Operator: Assignment
Theorem (finest partition after assignment):
Let ℬ be block containing all variables appearing for assignment 𝒙𝒊 ≔ 𝒆 , and let 𝜋𝒊 = {𝒳 ∖{𝒙𝒊}, {𝒙𝒊}}, then 𝜋𝑂 = (𝜋𝑃 ⊓ 𝜋𝒊) ↑ ℬ
{𝒙𝟏 ≤ 𝟐𝒙𝟐,
𝒙𝟐 = 𝟐,𝒙𝟏 + 𝒙𝟐 + 𝟐𝒙𝟑 ≤ 𝟓}
{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏}
{𝒙𝟔 = 𝟐}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐, 𝒙𝟑}
{𝒙𝟒, 𝒙𝟓}
{𝒙𝟔}
O 𝜋𝑂
{𝒙𝟏 ≤ 𝟒,
𝒙𝟏 + 𝟐𝒙𝟑 ≤ 𝟑,
{𝒙𝟔 = 𝟐} {𝒙𝟔}
{𝒙𝟏, 𝒙𝟑}
𝒙𝟐∶= 𝟐𝒙𝟒{𝒙𝟒 - 𝒙𝟓 ≤ 𝟑,
𝒙𝟓 = 𝟏,
𝒙𝟐= 𝟐𝒙𝟒}
{𝒙𝟐, 𝒙𝟒, 𝒙𝟓}𝓑 = {𝒙𝟐, 𝒙𝟒}
Lattice Operators
Lattice Operators
Theorem (finest partition for ⊑):
If 𝑃 ⊑ 𝑄 and 𝑃 ≠⊥, then 𝜋𝑄 ⊑ 𝜋𝑃
Theorem: (finest partition after ⊓):
If 𝑃 ⊓ 𝑄 ≠⊥ , then 𝜋𝑂 = 𝜋𝑃 ⊔ 𝜋𝑄
For join (⊔), no general relationship exists between 𝜋𝑂, 𝜋𝑃 and 𝜋𝑄
Operator: Join (⊔)
Operator: Join (⊔)
{𝒙𝟏 − 𝒙𝟐 ≤ 𝟎,
𝒙𝟏 ≤ 𝟎}
{𝒙𝟑 = 𝟏}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑}
Operator: Join (⊔)
{𝒙𝟏 − 𝒙𝟐 ≤ 𝟎,
𝒙𝟏 ≤ 𝟎}
{𝒙𝟑 = 𝟏}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑}
⊔
Operator: Join (⊔)
{𝒙𝟏 − 𝒙𝟐 ≤ 𝟎,
𝒙𝟏 ≤ 𝟎}
{𝒙𝟑 = 𝟏}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑}
{𝒙𝟏 ≤ 𝟐}
{𝒙𝟑 = 𝟎}
Q 𝜋𝑄
{𝒙𝟏}
{𝒙𝟑}
⊔ ∅ {𝒙𝟐}
Operator: Join (⊔)
{𝒙𝟏 − 𝒙𝟐 ≤ 𝟎,
𝒙𝟏 ≤ 𝟎}
{𝒙𝟑 = 𝟏}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑}
{𝒙𝟏 ≤ 𝟐}
{𝒙𝟑 = 𝟎}
Q 𝜋𝑄
{𝒙𝟏}
{𝒙𝟑}
⊔ ∅ {𝒙𝟐}
{𝒙𝟏 + 𝟐𝒙𝟑 ≤ 𝟐,
−𝒙𝟑 ≤ 𝟎,
𝒙𝟑 ≤ 𝟏}
∅
O 𝜋𝑂
{𝒙𝟏, 𝒙𝟑}
{𝒙𝟐}
Operator: Join (⊔)
{𝒙𝟏 − 𝒙𝟐 ≤ 𝟎,
𝒙𝟏 ≤ 𝟎}
{𝒙𝟑 = 𝟏}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑}
{𝒙𝟏 ≤ 𝟐}
{𝒙𝟑 = 𝟎}
Q 𝜋𝑄
{𝒙𝟏}
{𝒙𝟑}
⊔ ∅ {𝒙𝟐}
{𝒙𝟏 + 𝟐𝒙𝟑 ≤ 𝟐,
−𝒙𝟑 ≤ 𝟎,
𝒙𝟑 ≤ 𝟏}
∅
O 𝜋𝑂
{𝒙𝟏, 𝒙𝟑}
{𝒙𝟐}
𝜋𝑃 ⊔ 𝜋𝑄 = 𝜋𝑃 ≠ 𝜋𝑂
Operator: Join (⊔)
{𝒙𝟏 − 𝒙𝟐 ≤ 𝟎,
𝒙𝟏 ≤ 𝟎}
{𝒙𝟑 = 𝟏}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑}
{𝒙𝟏 ≤ 𝟐}
{𝒙𝟑 = 𝟎}
Q 𝜋𝑄
{𝒙𝟏}
{𝒙𝟑}
⊔ ∅ {𝒙𝟐}
{𝒙𝟏 + 𝟐𝒙𝟑 ≤ 𝟐,
−𝒙𝟑 ≤ 𝟎,
𝒙𝟑 ≤ 𝟏}
∅
O 𝜋𝑂
{𝒙𝟏, 𝒙𝟑}
{𝒙𝟐}
𝜋𝑃 ⊔ 𝜋𝑄 = 𝜋𝑃 ≠ 𝜋𝑂
𝜋𝑃 ⊓ 𝜋𝑄 = 𝜋𝑄 ≠ 𝜋𝑂
Operator: Join (⊔)
{𝒙𝟏 − 𝒙𝟐 ≤ 𝟎,
𝒙𝟏 ≤ 𝟎}
{𝒙𝟑 = 𝟏}
P 𝜋𝑃
{𝒙𝟏, 𝒙𝟐}
{𝒙𝟑}
{𝒙𝟏 ≤ 𝟐}
{𝒙𝟑 = 𝟎}
Q 𝜋𝑄
{𝒙𝟏}
{𝒙𝟑}
⊔ ∅ {𝒙𝟐}
{𝒙𝟏 + 𝟐𝒙𝟑 ≤ 𝟐,
−𝒙𝟑 ≤ 𝟎,
𝒙𝟑 ≤ 𝟏}
∅
O 𝜋𝑂
{𝒙𝟏, 𝒙𝟑}
{𝒙𝟐}
𝜋𝑃 ⊔ 𝜋𝑄 = 𝜋𝑃 ≠ 𝜋𝑂
𝜋𝑃 ⊓ 𝜋𝑄 = 𝜋𝑄 ≠ 𝜋𝑂
For Join, 𝜋𝑂 depends on both P and Q
Operator: Join (⊔)
Operator: Join (⊔)
Theorem: Let P and Q be two Polyhedra with the same permissiblepartition 𝜋 = {𝒳1, 𝒳2, . . . , 𝒳𝑟} and let 𝜋 be a permissible partition for the join, that is, 𝜋𝑃⊔𝑄 ⊑ 𝜋. If for any block 𝒳𝑘 ∈ 𝜋,𝑃𝑘 = 𝑄𝑘 , then 𝒳𝑘 ∈ 𝜋
Operator: Join (⊔)
Theorem: Let P and Q be two Polyhedra with the same permissiblepartition 𝜋 = {𝒳1, 𝒳2, . . . , 𝒳𝑟} and let 𝜋 be a permissible partition for the join, that is, 𝜋𝑃⊔𝑄 ⊑ 𝜋. If for any block 𝒳𝑘 ∈ 𝜋,𝑃𝑘 = 𝑄𝑘 , then 𝒳𝑘 ∈ 𝜋
x2
x1=4
x2=1
x2=2
x1=3
x1=1
x1=2
x2=4
x1=2x1
x2=-2x1+10
P
Q
x1P1
Q1
P2
Q2
Operator: Join (⊔)
Theorem: Let P and Q be two Polyhedra with the same permissiblepartition 𝜋 = {𝒳1, 𝒳2, . . . , 𝒳𝑟} and let 𝜋 be a permissible partition for the join, that is, 𝜋𝑃⊔𝑄 ⊑ 𝜋. If for any block 𝒳𝑘 ∈ 𝜋,𝑃𝑘 = 𝑄𝑘 , then 𝒳𝑘 ∈ 𝜋
x2
x1=4
x2=1
x2=2
x1=3
x1=1
x1=2
x2=4
x1=2x1
x2=-2x1+10
P
Q
x1P1
Q1
x2
x1=4
x2=1
x2=2
x1=4
x1=1
x1=1
x2=4
P
Q
x1P1
Q1
P2
Q2
P2
Q2
Operators with Permissible Partitions
Operators with Permissible Partitions
Theorem (permissible partition after join):
Let 𝜋 = 𝜋𝑃 ⊔ 𝜋𝑄 and 𝒰 = {𝒳𝑘 | 𝑃𝑘 = 𝑄𝑘 , 𝒳𝑘 ∈ 𝜋}.
Then 𝜋𝑃⊔𝑄 = 𝒰 ∪ ⨃𝒯∈𝜋 ∖𝒰𝒯 is permissible for 𝑃 ⊔ 𝑄
Theorem (permissible partition after meet):
𝜋𝑃 ⊔ 𝜋𝑄 is permissible for 𝑃 ⊓ 𝑄
Theorem (permissible partition after conditional):
If output O ≠⊥, then, 𝜋𝑃 ↑ ℬ is permissible for conditional
Theorem (permissible partition after assignment):
𝜋𝑃 ↑ ℬ is permissible for the output O of assignment
Asymptotic Complexity of Operators with Permissible Partitions
r: number
of blocks
Operator Before
(using both)
Our work
(using decomposition)
Join (⊔) Ο(𝑛𝑔) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖 + 𝑛𝑚𝑎𝑥𝑚𝑚𝑎𝑥)
Meet (⊓) Ο(𝑛𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖)
Inclusion (⊑) Ο(𝑛𝑔𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖)
Assignment Ο(𝑛𝑔) Ο(𝑛𝑚𝑎𝑥𝑔𝑚𝑎𝑥)
Conditional Ο(𝑛) Ο(𝑛𝑚𝑎𝑥)
Conversion exp(n,g) exp(𝑛𝑚𝑎𝑥 , 𝑔𝑚𝑎𝑥)
Experimental Evaluation
We compared performance of ELINA against NewPolka and PPL
Using the Seahorn verification framework [CAV’15]• written in C, analyzes llvm-bitcode• produces Polyhedra invariants
> 1500 benchmarks from the software verification competition
Time limit: 4 hours
Memory limit: 12 GB
Experimental Evaluation
Experimental Evaluation
Experimental Evaluation
Experimental Evaluation
Evaluation
𝑛𝐸𝐿𝐼𝑁𝐴 < 𝑛𝑁𝑒𝑤𝑃𝑜𝑙𝑘𝑎 , large speedup as conversion is exponential in n
Related Work
Related Work
• Variable Packing • Blanchet et al. [PLDI’03]
• decomposition based on syntactic criteria
• loses precision
• Matrix based decomposition• Halbwachs et al. [FMSD’06]
• does not work with generators
• decomposition too coarse for join
Conclusion
Conclusion
Conclusion
Operator Both Online
decomposition
Join (⊔) Ο(𝑛𝑔) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖
+ 𝑛𝑚𝑎𝑥𝑚𝑚𝑎𝑥)
Meet (⊓) Ο(𝑛𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖)
Inclusion (⊑) Ο(𝑛𝑔𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖)
Assignment Ο(𝑛𝑔) Ο(𝑛𝑚𝑎𝑥𝑔𝑚𝑎𝑥)
Conditional Ο(𝑛) Ο(𝑛𝑚𝑎𝑥)
Conclusion
Operator Both Online
decomposition
Join (⊔) Ο(𝑛𝑔) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖
+ 𝑛𝑚𝑎𝑥𝑚𝑚𝑎𝑥)
Meet (⊓) Ο(𝑛𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖)
Inclusion (⊑) Ο(𝑛𝑔𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖)
Assignment Ο(𝑛𝑔) Ο(𝑛𝑚𝑎𝑥𝑔𝑚𝑎𝑥)
Conditional Ο(𝑛) Ο(𝑛𝑚𝑎𝑥)
http://elina.ethz.ch
Conclusion
Operator Both Online
decomposition
Join (⊔) Ο(𝑛𝑔) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖
+ 𝑛𝑚𝑎𝑥𝑚𝑚𝑎𝑥)
Meet (⊓) Ο(𝑛𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖)
Inclusion (⊑) Ο(𝑛𝑔𝑚) Ο(∑𝑖=1𝑟 𝑛𝑖𝑚𝑖𝑔𝑖)
Assignment Ο(𝑛𝑔) Ο(𝑛𝑚𝑎𝑥𝑔𝑚𝑎𝑥)
Conditional Ο(𝑛) Ο(𝑛𝑚𝑎𝑥)
http://elina.ethz.ch
Driver NewPolka PPL ELINA
500 var
39K LOC
OOM
(> 12 GB)
OOM
(> 12 GB)
4 sec
0.9 GB
650 var
25K LOC
TO
(> 4 hr)
TO
(> 4 hr)
2 sec
0.4 GB