Transitive Closures of Affine Integer Tuple Relations and their - - PowerPoint PPT Presentation

transitive closures of affine integer tuple relations and
SMART_READER_LITE
LIVE PREVIEW

Transitive Closures of Affine Integer Tuple Relations and their - - PowerPoint PPT Presentation

Mar 18, 2023 380 likes •925 views

Transitive Closures of Affine Integer Tuple Relations and their Overapproximations Sven Verdoolaege Albert Cohen Anna Beletska PARKAS group, INRIA and Ecole Normale Sup erieure de Paris, France September 15, 2011 1 / 30 Outline 1

slide-1
SLIDE 1

Transitive Closures of Affine Integer Tuple Relations and their Overapproximations

Sven Verdoolaege Albert Cohen Anna Beletska

PARKAS group, INRIA and ´ Ecole Normale Sup´ erieure de Paris, France

September 15, 2011

1 / 30

slide-2
SLIDE 2

Outline

1

Motivating Applications Iteration Space Slicing Equivalence Checking

2

Problem Formulation

3

Reachability Analysis

4

Technical Contribution

5

Experimental Results

6

Conclusion and Perspectives

2 / 30

slide-3
SLIDE 3

Iteration Space Slicing: Beletska et al.

Can we parallelize this code? for (i = 1; i <= n; ++i) a[i] = f(a[i-3]);

3 / 30

slide-4
SLIDE 4

Iteration Space Slicing: Beletska et al.

Can we parallelize this code? for (i = 1; i <= n; ++i) a[i] = f(a[i-3]); Dependences: i

3 / 30

slide-5
SLIDE 5

Iteration Space Slicing: Beletska et al.

Can we parallelize this code? for (i = 1; i <= n; ++i) a[i] = f(a[i-3]); Dependences: i

3 / 30

slide-6
SLIDE 6

Iteration Space Slicing: Beletska et al.

Can we parallelize this code? for (i = 1; i <= n; ++i) a[i] = f(a[i-3]); Dependences: i for (i = 1; i <= min(n-3,3); ++i) { // parallel loop a[i] = f(a[i-3]); for (j = i + 3; j <= n; j += 3) a[j] = f(a[j-3]); }

⇒ partition iterations according to dependences ⇒ compute transitive closure of dependences

3 / 30

slide-7
SLIDE 7

Equivalence Checking: Barthou et al.

Are the following two programs equivalent?

for (i = 0; i < 10; ++i)

b[i] = f(a[i]);

for (i = 10; i < 20; ++i)

b[i] = f(a[i]); c[0] = 0;

for (i = 1; i < 20; ++i)

c[i] = b[i-1]; c[0] = 0; b[0] = f(a[0]);

for (i = 0; i < 19; ++i) {

i1 = i+1; b[i1] = f(a[i1]); c[i1] = b[i]; }

4 / 30

slide-8
SLIDE 8

Equivalence Checking: Barthou et al.

Are the following two programs equivalent?

for (i = 0; i < 10; ++i)

b[i] = f(a[i]);

for (i = 10; i < 20; ++i)

b[i] = f(a[i]); c[0] = 0;

for (i = 1; i < 20; ++i)

c[i] = b[i-1]; c[0] = 0; b[0] = f(a[0]);

for (i = 0; i < 19; ++i) {

i1 = i+1; b[i1] = f(a[i1]); c[i1] = b[i]; }

1

Construct Minsky machine ( cross product of dependence graphs)

◮ initial state: outputs are equal ◮ transition: exiting state equality requires entering state equality ◮ final failure states (e.g., different function called) ◮ final success states: inputs are equal

4 / 30

slide-9
SLIDE 9

Equivalence Checking: Barthou et al.

Are the following two programs equivalent?

for (i = 0; i < 10; ++i)

b[i] = f(a[i]);

for (i = 10; i < 20; ++i)

b[i] = f(a[i]); c[0] = 0;

for (i = 1; i < 20; ++i)

c[i] = b[i-1]; c[0] = 0; b[0] = f(a[0]);

for (i = 0; i < 19; ++i) {

i1 = i+1; b[i1] = f(a[i1]); c[i1] = b[i]; }

1

Construct Minsky machine ( cross product of dependence graphs)

◮ initial state: outputs are equal ◮ transition: exiting state equality requires entering state equality ◮ final failure states (e.g., different function called) ◮ final success states: inputs are equal

2

Derive accessibility relation from regular expression

concatenation → composition branches → union cycles → transitive closure

4 / 30

slide-10
SLIDE 10

Equivalence Checking: Barthou et al.

Are the following two programs equivalent?

for (i = 0; i < 10; ++i)

b[i] = f(a[i]);

for (i = 10; i < 20; ++i)

b[i] = f(a[i]); c[0] = 0;

for (i = 1; i < 20; ++i)

c[i] = b[i-1]; c[0] = 0; b[0] = f(a[0]);

for (i = 0; i < 19; ++i) {

i1 = i+1; b[i1] = f(a[i1]); c[i1] = b[i]; }

1

Construct Minsky machine ( cross product of dependence graphs)

◮ initial state: outputs are equal ◮ transition: exiting state equality requires entering state equality ◮ final failure states (e.g., different function called) ◮ final success states: inputs are equal

2

Derive accessibility relation from regular expression

concatenation → composition branches → union cycles → transitive closure

3

Equivalent iff

  • failure states:

empty relation success states: relation covered by equality of array indices

4 / 30

slide-11
SLIDE 11

Outline

1

Motivating Applications

2

Problem Formulation Quasi-affine Integer Tuple Sets and Relations Powers and Transitive Closures Approximation

3

Reachability Analysis

4

Technical Contribution

5

Experimental Results

6

Conclusion and Perspectives

5 / 30

slide-12
SLIDE 12

Quasi-affine Integer Tuple Sets and Relations

Quasi-affine integer sets and relations S(s) = {x ∈ Zd | ∃z ∈ Ze : Ax+ Bs+ Dz ≥ c} R(s) = {x1 → x2 ∈ Zd1 ×Zd2 | ∃z ∈ Ze : A1x1 + A2x2 + Bs+ Dz ≥ c} “basic” types: “convex” sets and maps (relations)

◮ affine equality + inequality constraints ◮ parameters s ◮ (optional) explicit representation of existentially quantified variables as

integer divisions

union types: sets and maps ⇒ (disjoint) unions of basic sets/maps Note: any relation in Presburger arithmetic can be put into this form

6 / 30

slide-13
SLIDE 13

Quasi-affine Integer Tuple Sets and Relations

Quasi-affine integer sets and relations S(s) = {x ∈ Zd | ∃z ∈ Ze : Ax+ Bs+ Dz ≥ c} R(s) = {x1 → x2 ∈ Zd1 ×Zd2 | ∃z ∈ Ze : A1x1 + A2x2 + Bs+ Dz ≥ c} “basic” types: “convex” sets and maps (relations)

◮ affine equality + inequality constraints ◮ parameters s ◮ (optional) explicit representation of existentially quantified variables as

integer divisions

union types: sets and maps ⇒ (disjoint) unions of basic sets/maps Note: any relation in Presburger arithmetic can be put into this form

6 / 30

slide-14
SLIDE 14

Quasi-affine Integer Tuple Sets and Relations

Quasi-affine integer sets and relations S(s) = {x ∈ Zd | ∃z ∈ Ze : Ax+ Bs+ Dz ≥ c} R(s) = {x1 → x2 ∈ Zd1 ×Zd2 | ∃z ∈ Ze : A1x1 + A2x2 + Bs+ Dz ≥ c} “basic” types: “convex” sets and maps (relations)

◮ affine equality + inequality constraints ◮ parameters s ◮ (optional) explicit representation of existentially quantified variables as

integer divisions

union types: sets and maps ⇒ (disjoint) unions of basic sets/maps Note: any relation in Presburger arithmetic can be put into this form

6 / 30

slide-15
SLIDE 15

Quasi-affine Integer Tuple Sets and Relations

Quasi-affine integer sets and relations S(s) = {x ∈ Zd | ∃z ∈ Ze : Ax+ Bs+ Dz ≥ c} R(s) = {x1 → x2 ∈ Zd1 ×Zd2 | ∃z ∈ Ze : A1x1 + A2x2 + Bs+ Dz ≥ c} “basic” types: “convex” sets and maps (relations)

◮ affine equality + inequality constraints ◮ parameters s ◮ (optional) explicit representation of existentially quantified variables as

integer divisions

union types: sets and maps ⇒ (disjoint) unions of basic sets/maps Note: any relation in Presburger arithmetic can be put into this form

6 / 30

slide-16
SLIDE 16

Remarks

need not be a function Example

{x → y | y ≥ 3+ x ∧ y ≤ 4+ x }

7 / 30

slide-17
SLIDE 17

Remarks

need not be a function Example

{x → y | y ≥ 3+ x ∧ y ≤ 4+ x }

may involve parameters Example n → {(x,y) → (1+ x,1− n + y) | n ≥ 2}

7 / 30

slide-18
SLIDE 18

Remarks

need not be a function Example

{x → y | y ≥ 3+ x ∧ y ≤ 4+ x }

may involve parameters Example n → {(x,y) → (1+ x,1− n + y) | n ≥ 2} may involve existentially quantified variables Example n → {x → y | ∃α,β : 7α = −2+ n ∧ 5β = −1− x + y ∧ y ≥ 6+ x }

7 / 30

slide-19
SLIDE 19

Remarks

need not be a function Example

{x → y | y ≥ 3+ x ∧ y ≤ 4+ x }

may involve parameters Example n → {(x,y) → (1+ x,1− n + y) | n ≥ 2} may involve existentially quantified variables Example n → {x → y | ∃α,β : 7α = −2+ n ∧ 5β = −1− x + y ∧ y ≥ 6+ x } may involve unions

7 / 30

slide-20
SLIDE 20

Powers

Definition (Power of a Relation) Let R ∈ Zn → 2Zd→Zd be a relation and k ∈ Z≥1 a positive number, then power k of relation R is defined as Rk

=

  • R

if k = 1 R ◦ Rk−1 if k ≥ 2

8 / 30

slide-21
SLIDE 21

Powers

Definition (Power of a Relation) Let R ∈ Zn → 2Zd→Zd be a relation and k ∈ Z≥1 a positive number, then power k of relation R is defined as Rk

=

  • R

if k = 1 R ◦ Rk−1 if k ≥ 2 Example R = {x → x + 1} Rk = {x → x + k | k ≥ 1}

8 / 30

slide-22
SLIDE 22

Transitive Closures

Definition (Transitive Closure of a Relation) Let R ∈ Zn → 2Zd→Zd be a relation, then the transitive closure R+ of R is the union of all positive powers of R, R+ △

=

  • k≥1

Rk State of the art: algorithm by Kelly et al. implemented in Omega calculator

9 / 30

slide-23
SLIDE 23

Transitive Closures

Definition (Transitive Closure of a Relation) Let R ∈ Zn → 2Zd→Zd be a relation, then the transitive closure R+ of R is the union of all positive powers of R, R+ △

=

  • k≥1

Rk State of the art: algorithm by Kelly et al. implemented in Omega calculator Example R = {x → x + 1} Rk = {x → x + k | k ≥ 1} R+ = {x → y | ∃k ≥ 1 : y = x + k } = {x → y | y ≥ x + 1}

9 / 30

slide-24
SLIDE 24

Approximation

Fact Given an affine relation R, the power Rk (with k a parameter) and the transitive closure R+ may not be affine relations, or even computable Example R = {x → 2x } Rk = {x → 2k x }

10 / 30

slide-25
SLIDE 25

Approximation

Fact Given an affine relation R, the power Rk (with k a parameter) and the transitive closure R+ may not be affine relations, or even computable Example R = {x → 2x } Rk = {x → 2k x }

⇒ we need to accept approximate results

Our target applications require overapproximations

⇒ compute relation T (R) such that R+ ⊆ T (R)

T (R) should be as close to R+ as possible

we want to know when the result is exact, i.e., when T (R) = R+

10 / 30

slide-26
SLIDE 26

Outline

1

Motivating Applications

2

Problem Formulation

3

Reachability Analysis

4

Technical Contribution

5

Experimental Results

6

Conclusion and Perspectives

11 / 30

slide-27
SLIDE 27

Reachability Analysis using Transitive Closures

Given transition relation T initial states S0 Set of reachable states is described by T +(S0) We compute overapproximation of transitive closure

⇒ overapproximation of reachable states

12 / 30

slide-28
SLIDE 28

Transitive Closures using Reachability Analysis

Transitive closure: relation between input and output variables Reachability analysis: invariants among variables at a control point

⇒ introduce extra set of constant variables equal to input

13 / 30

slide-29
SLIDE 29

Transitive Closures using Reachability Analysis

Transitive closure: relation between input and output variables Reachability analysis: invariants among variables at a control point

⇒ introduce extra set of constant variables equal to input

Example

{x → x + 1}

Using ASPIC syntax: var x,x0; states a; transition t0 := { from := a; to: a; action := x’ = x + 1; } Region init := { x0 = x };

13 / 30

slide-30
SLIDE 30

Transitive Closures using Reachability Analysis

Relations instead of functions

⇒ introduce extra set of variables ⇒ assign arbitrary value

(? in ASPIC; extra loop in FAST)

Existentially quantified variables

⇒ similar to handling of relations

(number of extra variables equal to maximal number of existentially quantified variables)

Parameters

⇒ handle as constant variables

14 / 30

slide-31
SLIDE 31

Outline

1

Motivating Applications

2

Problem Formulation

3

Reachability Analysis

4

Technical Contribution Algorithm Exactness Decompositions

5

Experimental Results

6

Conclusion and Perspectives

15 / 30

slide-32
SLIDE 32

Base Case: Convex, Non-Parametric, Affine Relation

Main ideas

1

Consider a relation as a (possibly infinite) union of translations

2

Take any sequence of steps from an element in the domain of the relation to an element in the range of the relation

(same Ancourt et al., generalization of Kelly et al. and Beletska et al.)

R = {x → y | y ≥ 3+ x ∧ y ≤ 4+ x } Compute offsets

∆ = {y− x | x → y ∈ R } = {d | 3 ≤ d ≤ 4}

Unbounded approximation of k ∆ for k ≥ 1

⇒ multiply constant term by k and project out k ∆′ = {d | ∃k ≥ 1 : 3k ≤ d ≤ 4k }

Construct paths and intersect with domain and range

{x → y ∈ (domR ×ranR) | ∃d ∈ ∆′ : y = x+ d}

16 / 30

slide-33
SLIDE 33

Parameters

Three options: Handle as constant variables

⇒ project out parameters from ∆

17 / 30

slide-34
SLIDE 34

Parameters

Three options: Handle as constant variables

⇒ project out parameters from ∆

Classify constraints

◮ involving only variables A1x+ c1 ≥ 0

⇒ base case:

A1x+ kc1 ≥ 0

◮ involving only parameters B2s+ c2 ≥ 0

⇒ copy:

B2s+ c2 ≥ 0

◮ involving both variables and parameters A3x+ B3s+ c3 ≥ 0

⇒ copy those rows j that satisfy ∆∩{y− x | B3,js+ c3,j > 0} = /

17 / 30

slide-35
SLIDE 35

Parameters

Three options: Handle as constant variables

⇒ project out parameters from ∆

Classify constraints

◮ involving only variables A1x+ c1 ≥ 0

⇒ base case:

A1x+ kc1 ≥ 0

◮ involving only parameters B2s+ c2 ≥ 0

⇒ copy:

B2s+ c2 ≥ 0

◮ involving both variables and parameters A3x+ B3s+ c3 ≥ 0

⇒ copy those rows j that satisfy ∆∩{y− x | B3,js+ c3,j > 0} = / Both ⇒ intersection

17 / 30

slide-36
SLIDE 36

Parameters Example

Input relation R = n → {(x,y) → (1+ x,1− n + y) | n ≥ 2} Handle as constant variables n → {(x,y) → (x′,y′) | n ≥ 2 ∧ x′ ≥ 1+ x ∧ y′ ≤ 1− n + y } Classify constraints n → {(x,y) → (x′,y′) | n ≥ 2 ∧ x′ ≥ 1+ x ∧ y′ ≤ x + y − x′ } Both ⇒ intersection n → {(x,y) → (x′,y′) | n ≥ 2 ∧ x′ ≥ 1+ x ∧ y′ ≤ 1− n + y

∧ y′ ≤ x + y − x′ }

18 / 30

slide-37
SLIDE 37

Existentially Quantified Variables

1

Compute unique representation in terms of variables and parameters

⇒ parametric integer linear programming (PIP)

2

Classify

◮ definition only involves variables

⇒ treat as variable

◮ definition only involves parameters

⇒ treat as parameter

◮ definition involves both

⇒ ignore any constraint involving the existentially quantified variable

19 / 30

slide-38
SLIDE 38

Unions

Compute R+ =

  • i

Ri

+ ∆R

=

  • i

∆i

Handle each ∆i separately (addition is commutative) P = ((Pm ∪Id)◦···◦(P1 ∪Id))∩{x → y | k = ∑

i

ki > 0} with Pi = {x → y | ∃d ∈ ∆′

i : y = x+ d}

Compute

T (R) = P ∩(domR ×ranR)

20 / 30

slide-39
SLIDE 39

Exactness

Is approximation R+ ⊆ T (R) exact, i.e., is T (R) = R+?

21 / 30

slide-40
SLIDE 40

Exactness

Is approximation R+ ⊆ T (R) exact, i.e., is T (R) = R+? Acyclic relations: observe that R+ △

= R ∪

  • R ◦ R+

Unique fixed point for acyclic R

⇒ check T (R) ⊆ R ∪(R ◦T (R))

(check acyclicity of T (R) for a sufficient condition on acyclicity of R+)

21 / 30

slide-41
SLIDE 41

Exactness

Is approximation R+ ⊆ T (R) exact, i.e., is T (R) = R+? Acyclic relations: observe that R+ △

= R ∪

  • R ◦ R+

Unique fixed point for acyclic R

⇒ check T (R) ⊆ R ∪(R ◦T (R))

(check acyclicity of T (R) for a sufficient condition on acyclicity of R+)

Possibly cyclic relations

⇒ check exactness of approximation Pk(R) of power Rk

Pk(R) ⊆ R

for k = 1

Pk(R) ⊆ R ◦Pk−1(R)

for k ≥ 2 Note: power exact ⇒ transitive closure exact

(but not the other way around)

21 / 30

slide-42
SLIDE 42

Exactness Example

R = R1 ∪ R2 ∪ R3 R1 = {(i,j) → (i + 3,j) | ...} R2 = {(i,j) → (i,j + 3) | ...} R3 = {(i,j) → (i + 1,j + 1) | ...}

22 / 30

slide-43
SLIDE 43

Exactness Example

R = R1 ∪ R2 ∪ R3 R1 = {(i,j) → (i + 3,j) | ...} R2 = {(i,j) → (i,j + 3) | ...} R3 = {(i,j) → (i + 1,j + 1) | ...}

(1,1) → (4,4) in P2(R), but not

in R2

22 / 30

slide-44
SLIDE 44

Exactness Example

R = R1 ∪ R2 ∪ R3 R1 = {(i,j) → (i + 3,j) | ...} R2 = {(i,j) → (i,j + 3) | ...} R3 = {(i,j) → (i + 1,j + 1) | ...}

(1,1) → (4,4) in P2(R), but not

in R2

22 / 30

slide-45
SLIDE 45

Exactness Example

R = R1 ∪ R2 ∪ R3 R1 = {(i,j) → (i + 3,j) | ...} R2 = {(i,j) → (i,j + 3) | ...} R3 = {(i,j) → (i + 1,j + 1) | ...}

(1,1) → (4,4) in P2(R), but not

in R2 However (1,1) → (4,4) in R3 In fact, T (R) = R+

22 / 30

slide-46
SLIDE 46

Decompositions

Decompositions can improve accuracy Incremental computation R =

  • j

Rj compute R+ as R+ = R+

i ∪

  • ji

R∗

i ◦ Rj ◦ R∗ i

+

Similar to Kelly et al., but different profitability heuristic Strongly connected components Domain partitioning

⇒ apply Kelly et al.’s modified Floyd-Warshall algorithm

23 / 30

slide-47
SLIDE 47

Outline

1

Motivating Applications

2

Problem Formulation

3

Reachability Analysis

4

Technical Contribution

5

Experimental Results

6

Conclusion and Perspectives

24 / 30

slide-48
SLIDE 48

Implementation

Integer Set Library Our method is implemented in ISL, distributed under the terms of the LGPL http://freshmeat.net/projects/isl See the project’s page for a more detailed description of the functionalities and internals of ISL We performed systematic comparisons with state-of-the-art tools: OMEGA+: Kelly et al., 1996; new version by Chen, 2009 STING: Sankaranarayanan et al., 2004 ASPIC: Gonnord et al., 2006 FAST: Leroux et al., 2008

25 / 30

slide-49
SLIDE 49

Experimental Results

Equivalence checking Omega+

ISL

TC AC FAST ASPIC STING exact 472 366 267 139 201 215 inexact 67 157 266 268 240 failure 34 50 40 434 104 118

26 / 30

slide-50
SLIDE 50

Experimental Results

Iteration Space Slicing Omega+

ISL

TC AC FAST ASPIC STING mem exact 70 58 43 25 15 39 inexact 7 11 50 87 22 failure 57 65 41 109 32 73 val exact 72 57 43 28 37 39 inexact 2 26 56 41 22 failure 60 51 35 106 56 73

27 / 30

slide-51
SLIDE 51

Experimental Results

Reachability Analysis From ASPIC web site: 21 relations

ISL fails

ASPIC fails

ISL wins

ASPIC wins identical uncomparable 0 (2) 1 7 3 2 6 From LEVER test cases (safety analysis problems):

ISL only succeeds in 7 out of 32 relations

28 / 30

slide-52
SLIDE 52

Outline

1

Motivating Applications

2

Problem Formulation

3

Reachability Analysis

4

Technical Contribution

5

Experimental Results

6

Conclusion and Perspectives

29 / 30

slide-53
SLIDE 53

Conclusion and Perspectives

Conclusion Novel algorithm to compute the overapproximation of the transitive closure of a Presburger relation Significantly more accurate and faster than previous methods Perspectives Characterize the differences between closure and reachability Design a more robust heuristic for both closure and reachability Better handling of cyclic graphs

30 / 30