1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford...
-
date post
19-Dec-2015 -
Category
Documents
-
view
214 -
download
0
Transcript of 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford...
1
Constraint Problems in
Program Analysis
from the sublime to the ridiculous
Alex AikenStanford University
2
Focus
• Techniques used by– Type and program analysis communities– Other than SAT
• Warning: Personal biases ahead . . .
3
Topics
• Different notions of solving
• Algorithmics and engineering
• Solving vs. entailment
• Open problems
4
What’s Different
• NP-Hard problems:SOLVE(F) = one solution
• PTIME problems:SOLVE(F) = all solutions
5
Example: Unification
a int inta
!
! !
a int
°
!
!
!
¯ ¯ Represents all solutions.
=
6
Comments
• A single representation for all solutions
• A great deal of sharing among the solutions
• Characteristic of PTIME techniques– Intuitively, this must be the case– Exponential number of incomparable solutions
requires more than PTIME• But see uses of BDD’s . . .
7
Why is This Useful?
F(a) {………return b
}
a
¯
constraints C
Conclude:
F: a! ¯ where C
8
Why is This Useful?
F(a) { … return b }
G(x) { … F(i) … }H(y) { … F(j) … }I(z) { … F(k) … }
• F: a! ¯ where C
• If all solutions of C have a compact representation, solve C once, reuse at each call site
• If solutions are not compactly representable, better to reanalyze F in each calling context
9
Two Styles of Analysis
• Whole program– Entire program needed for analysis of any piece
• Compositional– Can analyze partial or “open” programs
(libraries)
• Intimately connected to solving complexity– Leads to very different engineering issues– This is poorly understood today
10
Algorithms and Engineering
• Algorithms: PTIME is good enough
• Engineering: linear space is essential– Must also be close to linear time– These algorithms are applied at large scales– Linux kernel 6.2MLOC
11
Set Constraints (a fragment)
• Set expressions:
E ::= X | c(E1,...,En)
• Set constraints:
Æ Ej1 µ Ej2j
12
Applications
• Pointer analysis• Subtyping systems• Soft typing• Context-free reachability• Multiple reachability properties
– A context free and any regular properties• …
13
Constraints as Graphs
a b U V
c c
X YConstraints:Graph:
c(a,b) X
c(U,V)Y
µ
X Yµ
µ
Rewrite rules:
E1 µ X µ E2 ) E1 µ E2
c(E1,...,En) µ c(E1’,...En’) ) Æ Ei µ Ei’
14
Solutions
• Solution size is potentially O(n2)– May be the complete graph
• Solution time is O(n3)– Each of O(n2) edges may be added in O(n) ways
• A major engineering issue– 1996: analyze 5 KLOC– 2002: analyze 6MLOC
• now in production compilers
15
Optimization: Cycle Elimination
• Variables in a cycle are all equivalentX1 µ X2 … µ Xn µ X1
• Optimization: collapse them into one variable
…
S S
S S
S
16
Discussion
• Good techniques for cycle-elimination known– Does not change worst-case complexity– But makes 100X time difference
• Specific algorithmic/implementation techniques are critical to the success of decision procedures– Even “cheap” ones– Support for such research is important
17
Entailment
• Often want to know: Does C imply some constraint(s) C’?
• Is every solution of C a solution of C’?– Entailment– Validity (does C imply true?)
• Important for– Queries (can I perform this optimization?)– Presentation (simplification of constraints)
18
Is there an Issue?
• Consider SAT solving
• Satisfiability: NP-complete• Validity: CoNP-complete
• But we use the same implementation for both– Just need to know if there are 0 or > 0 solutions
19
The Issue
• For low complexity techniques entailment often very different from satisfiability
• Example: Conditional equality constraints
¿1 · ¿2 , ¿1 = ? Ç ¿1 = ¿2
20
Conditional Equality Constraints
• Solving– Near linear time
• Entailment– Quadratic
• Completely different algorithms– And different engineering– Big difference between linear and super-
linear . . .– . . . see previous discussion
21
Open Problems (Theory)
• The “cubic-time” set constraint fragment– Entailment is in NEXPTIME– Entailment is PSPACE-Hard
• Non-structural subtype entailment– Entailment is PSPACE-Hard– Decidability is open– First-order fragment is undecidable
• With 3 quantifier alternations
22
An Open Problem? (Engineering)
• Integer programming– NP-complete– Huge topic in analysis of software
• Parallelization, resource allocation, understanding arrays …
• ConsiderMinimize x subject to 3x+3y=4
• What do ILP solvers do?– Answer: LP-based solvers diverge. Why?
23
Combining Theories
• Many applications use multiple kinds of constraints– And there are many such constraint theories
• Need good ways of combining theories– More than Nelson-Oppen
24
Topics
• Different notions of solving
• Algorithmics and engineering
• Solving vs. entailment
• Open problems