Making Numerical Program Analysis Fast Gagandeep Singh Markus - - PowerPoint PPT Presentation

making numerical program analysis fast
SMART_READER_LITE
LIVE PREVIEW

Making Numerical Program Analysis Fast Gagandeep Singh Markus - - PowerPoint PPT Presentation

Oct 08, 2023 171 likes •639 views

Making Numerical Program Analysis Fast Gagandeep Singh Markus Pschel Martin Vechev Department of Computer Science ETH Zrich Static Program Analysis Static Program Analysis public static void verify() { int[] ptr = new int[8]; int start

slide-1
SLIDE 1

Making Numerical Program Analysis Fast

Gagandeep Singh Markus Püschel Martin Vechev Department of Computer Science ETH Zürich

slide-2
SLIDE 2

Static Program Analysis

slide-3
SLIDE 3

Static Program Analysis

public static void verify() { int[] ptr = new int[8]; int start = 0; for(int i0 = 0; i0 < 8; ++i0) { int x1 = i0 | start; for(int x2 = 0; x2<100000;++x2) } int y3 = * 2 x1; int index4 = 0; if (y3 == 0) { index4 = 1; } if (y3 == 49) { index4 = 8; } if (y3 == 36) { index4 = 8; } if (y3 == -1) { index4 = 0; } if (y3 == 50) { index4 = 9; } ptr[index4] = 1; } } }

slide-4
SLIDE 4

Numerical

Static Program Analysis

public static void verify() { int[] ptr = new int[8]; int start = 0; for(int i0 = 0; i0 < 8; ++i0) { int x1 = i0 | start; for(int x2 = 0; x2<100000;++x2) } int y3 = * 2 x1; int index4 = 0; if (y3 == 0) { index4 = 1; } if (y3 == 49) { index4 = 8; } if (y3 == 36) { index4 = 8; } if (y3 == -1) { index4 = 0; } if (y3 == 50) { index4 = 9; } ptr[index4] = 1; } } }

Heap String Other Abstract Domains

slide-5
SLIDE 5

Numerical

Static Program Analysis

Buffer Overflow Division by Zero Integer Overflow Alias Analysis Data Races

public static void verify() { int[] ptr = new int[8]; int start = 0; for(int i0 = 0; i0 < 8; ++i0) { int x1 = i0 | start; for(int x2 = 0; x2<100000;++x2) } int y3 = * 2 x1; int index4 = 0; if (y3 == 0) { index4 = 1; } if (y3 == 49) { index4 = 8; } if (y3 == 36) { index4 = 8; } if (y3 == -1) { index4 = 0; } if (y3 == 50) { index4 = 9; } ptr[index4] = 1; } } }

Heap String Other Abstract Domains

slide-6
SLIDE 6

Numerical

Static Program Analysis

Octagon Interval Polyhedra Other

Buffer Overflow Division by Zero Integer Overflow Alias Analysis Data Races

public static void verify() { int[] ptr = new int[8]; int start = 0; for(int i0 = 0; i0 < 8; ++i0) { int x1 = i0 | start; for(int x2 = 0; x2<100000;++x2) } int y3 = * 2 x1; int index4 = 0; if (y3 == 0) { index4 = 1; } if (y3 == 49) { index4 = 8; } if (y3 == 36) { index4 = 8; } if (y3 == -1) { index4 = 0; } if (y3 == 50) { index4 = 9; } ptr[index4] = 1; } } }

Heap String Other Pentagon Abstract Domains

slide-7
SLIDE 7

Octagon Abstract Domain

(Miné, HOSC, 2006)

  • Octagonal Inequalities:
  • Binary: ±x ± y ≤ c, 𝑦 ≠ 𝑧
  • Unary: ±2x ≤ 2d
  • c, d ∈ ℝ ∪ {∞}
slide-8
SLIDE 8

Octagon Abstract Domain

(Miné, HOSC, 2006)

  • Octagonal Inequalities:
  • Binary: ±x ± y ≤ c, 𝑦 ≠ 𝑧
  • Unary: ±2x ≤ 2d
  • c, d ∈ ℝ ∪ {∞}

Octagon

slide-9
SLIDE 9

Octagon Abstract Domain

(Miné, HOSC, 2006)

  • Octagonal Inequalities:
  • Binary: ±x ± y ≤ c, 𝑦 ≠ 𝑧
  • Unary: ±2x ≤ 2d
  • c, d ∈ ℝ ∪ {∞}

𝑦+ 𝑦− 𝑧+ 𝑧− 𝑦+ 𝑦− 𝑧+ 𝑧− 2 4 1 2 2 3 4 2 Difference Bound Matrix (DBM) Octagon 3 2 2 1

slide-10
SLIDE 10

Octagon Analysis is Expensive

Using APRON

Octagon

262s

Other

4s

Single Core

Example: Static analyzer for TouchDevelop

(Brutschy et al. OOPSLA, 2014)

slide-11
SLIDE 11

Octagon Analysis is Expensive

Using APRON Using ELINA

Octagon

262s

Octagon

10s

Other

4s

Other

4s

Single Core Single Core

Example: Static analyzer for TouchDevelop

(Brutschy et al. OOPSLA, 2014)

slide-12
SLIDE 12

Octagon Analysis is Expensive

Using APRON Using ELINA

Octagon

262s

Octagon

10s

Other

4s

Other

4s

Single Core Single Core

Our Contribution: drop-in replacement for APRON Example: Static analyzer for TouchDevelop

(Brutschy et al. OOPSLA, 2014)

slide-13
SLIDE 13

Octagon Analysis is Expensive

Using APRON Using ELINA

  • Octagon Speedup: 26x
  • Overall Speedup: 19x
  • No loss in precision

Octagon

262s

Octagon

10s

Other

4s

Other

4s

Single Core Single Core

Our Contribution: drop-in replacement for APRON Example: Static analyzer for TouchDevelop

(Brutschy et al. OOPSLA, 2014)

slide-14
SLIDE 14

Octagon Analysis

x = 1; y = x; while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

slide-15
SLIDE 15

Octagon Analysis

x = 1; y = x; while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

slide-16
SLIDE 16

Octagon Analysis

x = 1; y = x; while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

. . . . . . . . . . . . . . . . . . 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− {}

slide-17
SLIDE 17

Octagon Analysis

x = 1; y = x; while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

. . . . . . . . . . . . . . . . . . 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− . . . . . . . . . . . . . . . 2

  • 2

𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− {} {2x ≤ 2, -2x ≤ -2 } { x ≤ 1, -x ≤ -1 } { x ≤ 1, -x ≤ -1 }

slide-18
SLIDE 18

Octagon Analysis

x = 1; y = x; while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

slide-19
SLIDE 19

Octagon Analysis

x = 1; y = x; while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

. . . . . . . . . . . . . . . .

  • 2

2 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− {2x ≤ 2, -2x ≤ -2}

slide-20
SLIDE 20

Octagon Analysis

x = 1; y = x; while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

. . . . . . . . . . . . . . . .

  • 2

2 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− . . . . . . . . . . . . . 2

  • 2

𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− {2x ≤ 2, -2x ≤ -2} {2x ≤ 2, -2x ≤ -2, y - x ≤ 0, x – y ≤ 0} { y-x ≤ 0, x-y ≤ 0 } { y -x≤ 0, x-y ≤ 0}

slide-21
SLIDE 21

Octagon Analysis

x = 1; y = x;

while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

slide-22
SLIDE 22

Octagon Analysis

x = 1; y = x;

while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

. . . . . . . . . . . . . .

  • 2

2 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− {2x ≤ 2, -2x ≤ -2, y - x ≤ 0, x – y ≤ 0}

slide-23
SLIDE 23

Octagon Analysis

x = 1; y = x;

while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

. . . . . . . . . . . . . .

  • 2

2 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− . . . . . . . . . . . . 2

  • 2

𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− {2x ≤ 2, -2x ≤ -2, y - x ≤ 0, x – y ≤ 0} {2x ≤ 2, -2x ≤ -2, y - x ≤ 0, x – y ≤ 0, x – m ≤ 0 } { x-m ≤ 0 } {x-m ≤ 0 }

slide-24
SLIDE 24

Closure (*) increases precision of Join )⊔ )operator

x = 1;

y = x; while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

slide-25
SLIDE 25

Closure (*) increases precision of Join )⊔ )operator

x = 1;

y = x; while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

. . . . . . . . . . . . . .

  • 2

2 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− {2x ≤ 2, -2x ≤ -2, y - x ≤ 0, x – y ≤ 0}

slide-26
SLIDE 26

Closure (*) increases precision of Join )⊔ )operator

x = 1;

y = x; while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

. . . . . . . . . . . . . .

  • 2

2 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛−

  • 2

2

  • 2

2 . . . . . . . . . . 2

  • 2

𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− {2x ≤ 2, -2x ≤ -2, y - x ≤ 0, x – y ≤ 0} {2x ≤ 2, -2x ≤ -2, y - x ≤ 0, x – y ≤ 0,

  • x – y ≤ -2, x + y ≤ 2, -2y ≤ -2, 2y ≤ 2 }

* *

slide-27
SLIDE 27

Join (⊔) of two closed Octagons

x = 1;

y = x; while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

slide-28
SLIDE 28

Join (⊔) of two closed Octagons

x = 1;

y = x; while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

  • 2

2

  • 2

2 . . . . . . . . . .

  • 2

2 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛−

slide-29
SLIDE 29

Join (⊔) of two closed Octagons

x = 1;

y = x; while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

  • 2

2

  • 2

2 . . . . . . . . . .

  • 2

2 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛−

  • 6

6

  • 1
  • 5

5 1 1

  • 3

. . 2

  • 4

. .

  • 2

.

  • 4

4 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛−

slide-30
SLIDE 30

Join (⊔) of two closed Octagons

x = 1;

y = x; while (x <= m( x = x + 1; y = y + x; assert (y >= m ; (

  • 2

2

  • 2

2 . . . . . . . . . .

  • 2

2 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛−

  • 6

6

  • 1
  • 5

5 1 1

  • 3

. . 2

  • 4

. .

  • 2

.

  • 4

4 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛−

  • 2

6

  • 2

5 1 . . . . . . . . . .

  • 2

4 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛−

slide-31
SLIDE 31

Time Complexity of Octagon Operators

Octagon Operator Time Complexity Meet (⊓) O(𝑜2) Join (⊔) O(𝑜2) Inclusion (⊆) O(𝑜2) Equality (=) O(𝑜2) Widening (⊽) O(𝑜2) Closure (*) O(𝑜3)

slide-32
SLIDE 32

Key Idea: Online Decomposition

  • The set of program variables can be partitioned into disjoint subsets

called independent components.

  • Each independent component corresponds to a smaller octagon.
  • Transitive closure can be applied independently on smaller octagons.
  • Maintain the decomposition dynamically throughout the analysis.
  • 2

6

  • 2

5 1 . . . . . . . . 2 .

  • 2

4 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 2 .

  • 2

6

  • 2

5 1

  • 2

4 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑦+ 𝑦− 𝑧+ 𝑧− 𝑛+ 𝑛− 𝑛+ 𝑛−

slide-33
SLIDE 33

Other Improvements

  • We reduced operation count of closure by half.
  • We designed sparse closure for very sparse matrices that runs in O(𝑜2) time.
  • We performed cache optimizations and vectorization for all octagon operators.
  • If the matrix becomes dense, keeping decomposition is not feasible.
  • We designed different octagon types and their corresponding operators.
  • We keep track of sparsity and switch dynamically between different types.
slide-34
SLIDE 34

Implementation

  • ELINA is implemented in C using double precision.
  • Provides interface for analyzing program written in C++ and Java.
  • Supports SSE and AVX intrinsics.
  • Can be directly plugged into any existing static analyzer using APRON.
slide-35
SLIDE 35

Experimental Evaluation

  • CPAchecker (Beyer et al. CAV, 2011)
  • participates in software verification competitions.
  • TOUCHBOOST (Brutschy et al. OOPSLA, 2014)
  • analyzes eventdriven TouchDevelop applications.
  • DPS (Raychev et al. SAS, 2013)
  • analyzes parallel programs and introduces synchronization for determinism.
  • DIZY (Partush et al. SAS, 2013)
  • computes semantic differences between a program and its patched version.
slide-36
SLIDE 36

Experimental Results: CPAchecker

(Beyer et al., CAV, 2011)

Using APRON Using ELINA

15s

slide-37
SLIDE 37

Experimental Results: CPAchecker

(Beyer et al., CAV, 2011)

Using APRON Using ELINA

Octagon

87s 15s

Other

11s

Single Core

Closure

61s

Other

26s

slide-38
SLIDE 38

Experimental Results: CPAchecker

(Beyer et al., CAV, 2011)

Using APRON Using ELINA

Octagon

87s

Octagon

15s

Other

11s

Single Core Single Core

Other

11s

Closure

61s

Other

26s

Closure

7s

Other

8s

slide-39
SLIDE 39

Experimental Results: CPAchecker

(Beyer et al., CAV, 2011)

Using APRON Using ELINA

  • Closure Speedup: 8.4x
  • Octagon Speedup: 6x
  • Overall Speedup: 3.7x

Octagon

87s

Octagon

15s

Other

11s

Single Core Single Core

Other

11s

Closure

61s

Other

26s

Closure

7s

Other

8s

slide-40
SLIDE 40

Experimental Results: DPS

(Raychev et al, SAS, 2013)

Using APRON Using ELINA

slide-41
SLIDE 41

Experimental Results: DPS

(Raychev et al, SAS, 2013)

Using APRON Using ELINA

Octagon

115 s

Other

31s

Single Core

Closure Other

slide-42
SLIDE 42

Experimental Results: DPS

(Raychev et al, SAS, 2013)

Using APRON Using ELINA

Octagon

115 s

Octagon

0.8s

Other

31s 31s

Single Core Single Core

Other Closure Other Closure

0.2s

Other

0.6s

slide-43
SLIDE 43

Experimental Results: DPS

(Raychev et al, SAS, 2013)

Using APRON Using ELINA

  • Closure Speedup: 665x
  • Octagon Speedup: 146x
  • Overall Speedup: 4.2x

Octagon

115 s

Octagon

0.8s

Other

31s 31s

Single Core Single Core

Other Closure Other Closure

0.2s

Other

0.6s 102s 13s

slide-44
SLIDE 44

Related Work

  • Variable Packing (Venet et al. PLDI, 2004)
  • Loses precision, may take more iterations to converge.
  • Octagon operators on GPUs (Banterle et al. SAS, 2007)
  • Our optimized library will run much faster on GPUs.
slide-45
SLIDE 45

Conclusion

https://github.com/eth-srl/OptOctagon