1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford...
-
date post
19-Dec-2015 -
Category
Documents
-
view
215 -
download
0
Transcript of 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford...
![Page 1: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/1.jpg)
1
Constraint Problems in
Program Analysis
from the sublime to the ridiculous
Alex AikenStanford University
![Page 2: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/2.jpg)
2
Focus
• Techniques used by– Type and program analysis communities– Other than SAT
• Warning: Personal biases ahead . . .
![Page 3: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/3.jpg)
3
Topics
• Different notions of solving
• Algorithmics and engineering
• Solving vs. entailment
• Open problems
![Page 4: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/4.jpg)
4
What’s Different
• NP-Hard problems:SOLVE(F) = one solution
• PTIME problems:SOLVE(F) = all solutions
![Page 5: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/5.jpg)
5
Example: Unification
a int inta
!
! !
a int
°
!
!
!
¯ ¯ Represents all solutions.
=
![Page 6: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/6.jpg)
6
Comments
• A single representation for all solutions
• A great deal of sharing among the solutions
• Characteristic of PTIME techniques– Intuitively, this must be the case– Exponential number of incomparable solutions
requires more than PTIME• But see uses of BDD’s . . .
![Page 7: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/7.jpg)
7
Why is This Useful?
F(a) {………return b
}
a
¯
constraints C
Conclude:
F: a! ¯ where C
![Page 8: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/8.jpg)
8
Why is This Useful?
F(a) { … return b }
G(x) { … F(i) … }H(y) { … F(j) … }I(z) { … F(k) … }
• F: a! ¯ where C
• If all solutions of C have a compact representation, solve C once, reuse at each call site
• If solutions are not compactly representable, better to reanalyze F in each calling context
![Page 9: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/9.jpg)
9
Two Styles of Analysis
• Whole program– Entire program needed for analysis of any piece
• Compositional– Can analyze partial or “open” programs
(libraries)
• Intimately connected to solving complexity– Leads to very different engineering issues– This is poorly understood today
![Page 10: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/10.jpg)
10
Algorithms and Engineering
• Algorithms: PTIME is good enough
• Engineering: linear space is essential– Must also be close to linear time– These algorithms are applied at large scales– Linux kernel 6.2MLOC
![Page 11: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/11.jpg)
11
Set Constraints (a fragment)
• Set expressions:
E ::= X | c(E1,...,En)
• Set constraints:
Æ Ej1 µ Ej2j
![Page 12: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/12.jpg)
12
Applications
• Pointer analysis• Subtyping systems• Soft typing• Context-free reachability• Multiple reachability properties
– A context free and any regular properties• …
![Page 13: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/13.jpg)
13
Constraints as Graphs
a b U V
c c
X YConstraints:Graph:
c(a,b) X
c(U,V)Y
µ
X Yµ
µ
Rewrite rules:
E1 µ X µ E2 ) E1 µ E2
c(E1,...,En) µ c(E1’,...En’) ) Æ Ei µ Ei’
![Page 14: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/14.jpg)
14
Solutions
• Solution size is potentially O(n2)– May be the complete graph
• Solution time is O(n3)– Each of O(n2) edges may be added in O(n) ways
• A major engineering issue– 1996: analyze 5 KLOC– 2002: analyze 6MLOC
• now in production compilers
![Page 15: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/15.jpg)
15
Optimization: Cycle Elimination
• Variables in a cycle are all equivalentX1 µ X2 … µ Xn µ X1
• Optimization: collapse them into one variable
…
S S
S S
S
![Page 16: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/16.jpg)
16
Discussion
• Good techniques for cycle-elimination known– Does not change worst-case complexity– But makes 100X time difference
• Specific algorithmic/implementation techniques are critical to the success of decision procedures– Even “cheap” ones– Support for such research is important
![Page 17: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/17.jpg)
17
Entailment
• Often want to know: Does C imply some constraint(s) C’?
• Is every solution of C a solution of C’?– Entailment– Validity (does C imply true?)
• Important for– Queries (can I perform this optimization?)– Presentation (simplification of constraints)
![Page 18: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/18.jpg)
18
Is there an Issue?
• Consider SAT solving
• Satisfiability: NP-complete• Validity: CoNP-complete
• But we use the same implementation for both– Just need to know if there are 0 or > 0 solutions
![Page 19: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/19.jpg)
19
The Issue
• For low complexity techniques entailment often very different from satisfiability
• Example: Conditional equality constraints
¿1 · ¿2 , ¿1 = ? Ç ¿1 = ¿2
![Page 20: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/20.jpg)
20
Conditional Equality Constraints
• Solving– Near linear time
• Entailment– Quadratic
• Completely different algorithms– And different engineering– Big difference between linear and super-
linear . . .– . . . see previous discussion
![Page 21: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/21.jpg)
21
Open Problems (Theory)
• The “cubic-time” set constraint fragment– Entailment is in NEXPTIME– Entailment is PSPACE-Hard
• Non-structural subtype entailment– Entailment is PSPACE-Hard– Decidability is open– First-order fragment is undecidable
• With 3 quantifier alternations
![Page 22: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/22.jpg)
22
An Open Problem? (Engineering)
• Integer programming– NP-complete– Huge topic in analysis of software
• Parallelization, resource allocation, understanding arrays …
• ConsiderMinimize x subject to 3x+3y=4
• What do ILP solvers do?– Answer: LP-based solvers diverge. Why?
![Page 23: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/23.jpg)
23
Combining Theories
• Many applications use multiple kinds of constraints– And there are many such constraint theories
• Need good ways of combining theories– More than Nelson-Oppen
![Page 24: 1 Constraint Problems in Program Analysis from the sublime to the ridiculous Alex Aiken Stanford University.](https://reader030.fdocuments.net/reader030/viewer/2022032703/56649d2f5503460f94a06aa8/html5/thumbnails/24.jpg)
24
Topics
• Different notions of solving
• Algorithmics and engineering
• Solving vs. entailment
• Open problems