research-article

Fast polyhedra abstract domain

Authors:

Gagandeep Singh,

Markus Püschel,

Martin VechevAuthors Info & Claims

POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages

Pages 46 - 59

https://doi.org/10.1145/3009837.3009885

Published: 01 January 2017 Publication History

Abstract

Numerical abstract domains are an important ingredient of modern static analyzers used for verifying critical program properties (e.g., absence of buffer overflow or memory safety). Among the many numerical domains introduced over the years, Polyhedra is the most expressive one, but also the most expensive: it has worst-case exponential space and time complexity. As a consequence, static analysis with the Polyhedra domain is thought to be impractical when applied to large scale, real world programs.

In this paper, we present a new approach and a complete implementation for speeding up Polyhedra domain analysis. Our approach does not lose precision, and for many practical cases, is orders of magnitude faster than state-of-the-art solutions. The key insight underlying our work is that polyhedra arising during analysis can usually be kept decomposed, thus considerably reducing the overall complexity.

We first present the theory underlying our approach, which identifies the interaction between partitions of variables and domain operators. Based on the theory we develop new algorithms for these operators that work with decomposed polyhedra. We implemented these algorithms using the same interface as existing libraries, thus enabling static analyzers to use our implementation with little effort. In our evaluation, we analyze large benchmarks from the popular software verification competition, including Linux device drivers with over 50K lines of code. Our experimental results demonstrate massive gains in both space and time: we show end-to-end speedups of two to five orders of magnitude compared to state-of-the-art Polyhedra implementations as well as significant memory gains, on all larger benchmarks. In fact, in many cases our analysis terminates in seconds where prior code runs out of memory or times out after 4 hours.

We believe this work is an important step in making the Polyhedra abstract domain both feasible and practically usable for handling large, real-world programs.

References

[1]

ELINA: ETH Library for Numerical Analysis. http://elina.ethz.ch.

[2]

R. Bagnara, P. M. Hill, and E. Zaffanella. The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Sci. Comput. Program., 72(1-2):3–21, 2008.

Digital Library

[3]

D. Beyer. Reliable and reproducible competition results with benchexec and witnesses (report on sv-comp 2016). In Proc. Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pages 887–904, 2016.

Digital Library

[4]

B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A static analyzer for large safety-critical software. In Proc. Programming Language Design and Implementation (PLDI), pages 196–207, 2003.

Digital Library

[5]

N. Chernikova. Algorithm for discovering the set of all the solutions of a linear programming problem. USSR Computational Mathematics and Mathematical Physics, 8(6):282 – 293, 1968.

[6]

P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In Proc. Symposium on Principles of Programming Languages (POPL), pages 84–96, 1978.

Digital Library

[7]

R. Cousot, R. Bagnara, P. M. Hill, E. Ricci, and E. Zaffanella. Precise widening operators for convex polyhedra. Science of Computer Programming, 58(1):28 – 56, 2005.

Digital Library

[8]

G. Gange, J. A. Navas, P. Schachte, H. Søndergaard, and P. J. Stuckey. Exploiting Sparsity in Difference-Bound Matrices, pages 189–211. 2016.

[9]

A. Gurfinkel, T. Kahsai, A. Komuravelli, and J. A. Navas. The Sea-Horn verification framework. In Proc. Computer Aided Verification (CAV), pages 343–361, 2015.

[10]

N. Halbwachs, D. Merchat, and L. Gonnord. Some ways to reduce the space dimension in polyhedra computations. Formal Methods in System Design (FMSD), 29(1):79–95, 2006.

Digital Library

[11]

K. Heo, H. Oh, and H. Yang. Learning a variable-clustering strategy for Octagon from labeled data generated by a static analysis. In Proc. Static Analysis Symposium (SAS), pages 237–256, 2016.

[12]

J. L. Imbert. Fourier’s elimination: Which to choose? Principles and Practice of Constraint Programming, pages 117–129, 1993.

[13]

B. Jeannet and A. Miné. APRON: A library of numerical abstract domains for static analysis. In Proc. Computer Aided Verification (CAV), volume 5643, pages 661–667, 2009.

Digital Library

[14]

V. Laviron and F. Logozzo. Subpolyhedra: A (more) scalable approach to infer linear inequalities. In Proc. Verification, Model Checking, and Abstract Interpretation (VMCAI), volume 5403, pages 229–244, 2009.

Digital Library

[15]

H. Le Verge. A note on Chernikova’s algorithm. Technical Report 635, IRISA, 1992.

[16]

F. Logozzo and M. Fähndrich. Pentagons: A weakly relational abstract domain for the efficient validation of array accesses. In Proc. Symposium on Applied Computing, pages 184–188, 2008.

Digital Library

[17]

A. Miné. A new numerical abstract domain based on difference-bound matrices. In Proc. Programs As Data Objects (PADO), pages 155–172, 2001.

Digital Library

[18]

A. Miné. Relational abstract domains for the detection of floatingpoint run-time errors. In Proc. European Symposium on Programming (ESOP), pages 3–17, 2004.

[19]

A. Miné. The octagon abstract domain. Higher Order and Symbolic Computation, 19(1):31–100, 2006.

Digital Library

[20]

A. Miné, E. Rodriguez-Carbonell, and A. Simon. Speeding up polyhedral analysis by identifying common constraints. Electronic Notes in Theoretical Computer Science, 267(1):127 – 138, 2010.

Digital Library

[21]

T. S. Motzkin, H. Raiffa, G. L. Thompson, and R. M. Thrall. The double description method. In Proc. Contributions to the theory of games, vol. 2, pages 51–73. 1953.

[22]

M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. In Proc. Symposium on Principles of Programming Languages (POPL), pages 105–118, 1999.

Digital Library

[23]

A. Simon and A. King. Exploiting sparsity in polyhedral analysis. In Proc. Static Analysis Symposium (SAS), pages 336–351, 2005.

Digital Library

[24]

A. Simon, A. Venet, G. Amato, F. Scozzari, and E. Zaffanella. Efficient constraint/generator removal from double description of polyhedra. Electronic Notes in Theoretical Computer Science, 307:3 – 15, 2014.

Digital Library

[25]

G. Singh, M. Püschel, and M. Vechev. Making numerical program analysis fast. In Proc. Programming Language Design and Implementation (PLDI), pages 303–313, 2015.

Digital Library

[26]

A. Toubhans, B.-Y. E. Chang, and X. Rival. Reduced product combination of abstract domains for shapes. In Proc. Verification, Model Checking, and Abstract Interpretation (VMCAI), pages 375– 395, 2013.

Digital Library

[27]

C. Urban and A. Miné. An abstract domain to infer ordinal-valued ranking functions. In Proc. European Symposium on Programming (ESOP), pages 412–431, 2014.

Digital Library

[28]

C. Urban and A. Miné. A decision tree abstract domain for proving conditional termination. In Proc. Static Analysis Symposium (SAS), pages 302–318, 2014.

[29]

A. Venet and G. Brat. Precise and efficient static array bound checking for large embedded C programs. In Proc. Programming Language Design and Implementation (PLDI), pages 231–242, 2004.

Digital Library

[30]

A. J. Venet. The Gauge domain: Scalable analysis of linear inequality invariants. In Proc. Computer Aided Verification (CAV), pages 139– 154, 2012.

Digital Library

Cited By

Ke JFu HLiu HSun ZChen LLi G(2025)Affine Disjunctive Invariant Generation with Farkas’ LemmaVerification, Model Checking, and Abstract Interpretation10.1007/978-3-031-82700-6_9(187-213)Online publication date: 24-Jan-2025
https://doi.org/10.1007/978-3-031-82700-6_9
Yang CAnderson GChaudhuri S(2024)Certifiably Robust Reinforcement Learning through Model-Based Abstract Interpretation2024 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)10.1109/SaTML59370.2024.00018(233-251)Online publication date: 9-Apr-2024
https://doi.org/10.1109/SaTML59370.2024.00018
Arceri VDolcetti GZaffanella E(2024)Speeding up static analysis with the split operatorInternational Journal on Software Tools for Technology Transfer (STTT)10.1007/s10009-024-00761-226:5(573-588)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s10009-024-00761-2
Show More Cited By

Index Terms

Fast polyhedra abstract domain
1. Mathematics of computing
  1. Mathematical analysis
    1. Numerical analysis
2. Theory of computation
  1. Design and analysis of algorithms
  2. Semantics and reasoning
    1. Program semantics

Recommendations

Learning fast and precise numerical analysis
PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation

Numerical abstract domains are a key component of modern static analyzers. Despite recent advances, precise analysis with highly expressive domains remains too costly for many real-world programs. To address this challenge, we introduce a new data-driven ...
Fast polyhedra abstract domain
POPL '17

Numerical abstract domains are an important ingredient of modern static analyzers used for verifying critical program properties (e.g., absence of buffer overflow or memory safety). Among the many numerical domains introduced over the years, Polyhedra ...
A practical construction for decomposing numerical abstract domains

Numerical abstract domains such as Polyhedra, Octahedron, Octagon, Interval, and others are an essential component of static program analysis. The choice of domain offers a performance/precision tradeoff ranging from cheap and imprecise (Interval) to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages

January 2017

901 pages

ISBN:9781450346603

DOI:10.1145/3009837

General Chair:
Giuseppe Castagna
Paris Diderot University, France / CNRS, France
,
Program Chair:
Andrew D. Gordon
Microsoft Research, UK / University of Edinburgh, UK

ACM SIGPLAN Notices Volume 52, Issue 1
POPL '17
January 2017
901 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/3093333
Editor:
Matthew Fluet
Issue’s Table of Contents

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 January 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Schweizerischer Nationalfonds zur Förderung der Wissenschaftlichen Forschung

Conference

POPL '17

Sponsor:

SIGPLAN

POPL '17: The 44th Annual ACM SIGPLAN Symposium on Principles of Programming Languages

January 15 - 21, 2017

Paris, France

Acceptance Rates

Overall Acceptance Rate 860 of 4,328 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

64
Total Citations
View Citations
698
Total Downloads

Downloads (Last 12 months)120
Downloads (Last 6 weeks)4

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ke JFu HLiu HSun ZChen LLi G(2025)Affine Disjunctive Invariant Generation with Farkas’ LemmaVerification, Model Checking, and Abstract Interpretation10.1007/978-3-031-82700-6_9(187-213)Online publication date: 24-Jan-2025
https://doi.org/10.1007/978-3-031-82700-6_9
Yang CAnderson GChaudhuri S(2024)Certifiably Robust Reinforcement Learning through Model-Based Abstract Interpretation2024 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)10.1109/SaTML59370.2024.00018(233-251)Online publication date: 9-Apr-2024
https://doi.org/10.1109/SaTML59370.2024.00018
Arceri VDolcetti GZaffanella E(2024)Speeding up static analysis with the split operatorInternational Journal on Software Tools for Technology Transfer (STTT)10.1007/s10009-024-00761-226:5(573-588)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s10009-024-00761-2
Li YFu HLong HLi G(2024)Constraint Based Invariant Generation with Modular OperationsDependable Software Engineering. Theories, Tools, and Applications10.1007/978-981-96-0602-3_4(64-84)Online publication date: 26-Nov-2024
https://dl.acm.org/doi/10.1007/978-981-96-0602-3_4
Singh ASarita YMendis CSingh G(2024)ConstraintFlow: A Declarative DSL for Easy Development of DNN CertifiersStatic Analysis10.1007/978-3-031-74776-2_16(407-424)Online publication date: 20-Oct-2024
https://dl.acm.org/doi/10.1007/978-3-031-74776-2_16
Shachnai MVishwanathan HNarayana SNagarakatte S(2024)Fixing Latent Unsound Abstract Operators in the eBPF Verifier of the Linux KernelStatic Analysis10.1007/978-3-031-74776-2_15(386-406)Online publication date: 20-Oct-2024
https://dl.acm.org/doi/10.1007/978-3-031-74776-2_15
Pitchanathan ACohen AZinenko OGrosser T(2024)Strided Difference Bound MatricesComputer Aided Verification10.1007/978-3-031-65627-9_14(279-302)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-65627-9_14
Seidl HErhard JSchwarz MTilscher S(2024)2-Pointer LogicTaming the Infinities of Concurrency10.1007/978-3-031-56222-8_16(281-307)Online publication date: 20-Mar-2024
https://doi.org/10.1007/978-3-031-56222-8_16
Laurel JQian SSingh GMisailovic S(2023)Synthesizing Precise Static Analyzers for Automatic DifferentiationProceedings of the ACM on Programming Languages10.1145/36228677:OOPSLA2(1964-1992)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622867
Yoon YLee WYi K(2023)Inductive Program Synthesis via Iterative Forward-Backward Abstract InterpretationProceedings of the ACM on Programming Languages10.1145/35912887:PLDI(1657-1681)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591288
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten