A Polynomial-Time Algorithm for Global Value Numbering SAS 2004 Sumit Gulwani George C. Necula.

Slides:



Advertisements
Similar presentations
TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Advertisements

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
Assertion Checking over Combined Abstraction of Linear Arithmetic and Uninterpreted Functions Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI.
Join Algorithms for the Theory of Uninterpreted Functions Sumit Gulwani Ashish Tiwari George Necula UC-Berkeley SRI UC-Berkeley.
Combining Abstract Interpreters Sumit Gulwani Microsoft Research Redmond, Group Ashish Tiwari SRI RADRAD.
A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,
Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions SAS 2004 Sumit Gulwani George Necula EECS Department University of California,
Program Verification using Probabilistic Techniques Sumit Gulwani Microsoft Research Invited Talk: VSTTE Workshop August 2006 Joint work with George Necula.
Global Value Numbering using Random Interpretation Sumit Gulwani George C. Necula CS Department University of California, Berkeley.
Precise Interprocedural Analysis using Random Interpretation Sumit Gulwani George Necula UC-Berkeley.
Program Analysis using Random Interpretation Sumit Gulwani UC-Berkeley March 2005.
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
Advanced Piloting Cruise Plot.
Renate Ristov Fachgebiet Softwaretechnik Prof. Dr. Wilhelm Schäfer 17. Juli 2008 Synthesizing State Machines from Live Sequence Charts Software Quality.
1 Verification of Infinite State Systems by Compositional Model Checking Ken McMillan Cadence Berkeley Labs.
Chapter 1 The Study of Body Function Image PowerPoint
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
4.3 Parallel and Perpendicular Lines
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
and 6.855J Cycle Canceling Algorithm. 2 A minimum cost flow problem , $4 20, $1 20, $2 25, $2 25, $5 20, $6 30, $
October 17, 2005 Copyright© Erik D. Demaine and Charles E. Leiserson L2.1 Introduction to Algorithms 6.046J/18.401J LECTURE9 Randomly built binary.
© 2001 by Charles E. Leiserson Introduction to AlgorithmsDay 17 L9.1 Introduction to Algorithms 6.046J/18.401J/SMA5503 Lecture 9 Prof. Charles E. Leiserson.
©2001 by Charles E. Leiserson Introduction to AlgorithmsDay 9 L6.1 Introduction to Algorithms 6.046J/18.401J/SMA5503 Lecture 6 Prof. Erik Demaine.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.
My Alphabet Book abcdefghijklm nopqrstuvwxyz.
0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
Year 6 mental test 5 second questions
ZMQS ZMQS
Programming Language Concepts
Reductions Complexity ©D.Moshkovitz.
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
ABC Technology Project
1 Undirected Breadth First Search F A BCG DE H 2 F A BCG DE H Queue: A get Undiscovered Fringe Finished Active 0 distance from A visit(A)
VOORBLAD.
1 Breadth First Search s s Undiscovered Discovered Finished Queue: s Top of queue 2 1 Shortest path from s.
1 K  Convexity and The Optimality of the (s, S) Policy.
1 CS 391L: Machine Learning: Rule Learning Raymond J. Mooney University of Texas at Austin.
1 Decision Procedures An algorithmic point of view Equality Logic and Uninterpreted Functions.
Squares and Square Root WALK. Solve each problem REVIEW:
© 2012 National Heart Foundation of Australia. Slide 2.
Lets play bingo!!. Calculate: MEAN Calculate: MEDIAN
1 Chapter 4 The while loop and boolean operators Samuel Marateck ©2010.
Problems and Their Classes
Chapter 5 Test Review Sections 5-1 through 5-4.
GG Consulting, LLC I-SUITE. Source: TEA SHARS Frequently asked questions 2.
Addition 1’s to 20.
25 seconds left…...
Complexity ©D.Moshkovits 1 Where Can We Draw The Line? On the Hardness of Satisfiability Problems.
Week 1.
We will resume in: 25 Minutes.
Dantzig-Wolfe Decomposition
1 Unit 1 Kinematics Chapter 1 Day
PSSA Preparation.
How Cells Obtain Energy from Food
Chapter 30 Induction and Inductance In this chapter we will study the following topics: -Faraday’s law of induction -Lenz’s rule -Electric field induced.
Bart Jansen 1.  Problem definition  Instance: Connected graph G, positive integer k  Question: Is there a spanning tree for G with at least k leaves?
Epp, section 10.? CS 202 Aaron Bloomfield
Discovering Affine Equalities Using Random Interpretation Sumit Gulwani George Necula EECS Department University of California, Berkeley.
Program Analysis Using Randomization Sumit Gulwani, George Necula (U.C. Berkeley)
A Polynomial-Time Algorithm for Global Value Numbering SAS 2004 Sumit Gulwani George C. Necula.
Random Interpretation Sumit Gulwani UC-Berkeley. 1 Program Analysis Applications in all aspects of software development, e.g. Program correctness Compiler.
Presentation transcript:

A Polynomial-Time Algorithm for Global Value Numbering SAS 2004 Sumit Gulwani George C. Necula

1 Global Value Numbering Goal: Discover equivalent expressions in procedures Applications: Compiler optimizations –Copy propagation, Constant propagation, Common sub- expression elimination, Induction variable elimination etc. Program verification –Discover loop invariants, verify program assertions Discover equivalent computations across programs –Plagiarism detection tools, Translation validation

2 Global Value Numbering x := b £ a; y := a £ 3; c := a £ b; If (b == 3) z := a £ b; Equivalence problem is undecidable. Simplification Assumptions: Operators are uninterpreted (will not discover x = c) Conditionals are non-deterministic (will not discover y = c) Will discover z = c TrueFalse

3 Non-trivial Example assert(x = y); assert(z = F(y)); * x := a; y := a; z := F(a); x := b; y := b; z := F(b);

4 Existing Algorithms Algorithms that work on SSA form of the program –Alpern, Wegman, Zadecks (AWZ) algorithm: POPL 1988 Polynomial, Incomplete –Ruthing, Knoop, Steffens (RKS) Algorithm: SAS 1999 Polynomial, Incomplete, Improvement on AWZ Dataflow analysis or Abstract interpretation based –Kildalls Algorithm: POPL 1973 Exponential, Complete –Our Algorithm: POPL 2004 Polynomial, Complete, Randomized –Our Algorithm: this paper Polynomial, Complete

5 Why SSA based algorithms are incomplete? assert(x = y); assert(z = F(y)); * x = (a,b) y = (a,b) z = (F(a),F(b)) F(y) = F( (a,b)) AWZ Algorithm: functions are uninterpreted –fails to discover second assertion RKS Algorithm: uses rewrite rules for normalization –Does not discover all assertions in little more involved examples. –Rewrite rules not applied exhaustively (exp applications o.w.) –Rules are pessimistic in handling loops x := a; y := a; z := F(a); x := b; y := b; z := F(b);

6 Abstract Interpretation based algorithm G = SP(G 0,x := e) Assignment Node G0G0 x := e G 2 = G 0 Conditional Node G 1 = G 0 * G0G0 G = Join(G 1 0,G 2 0 ) G10G10 Join Node G20G20

7 Outline Strong equivalence DAG (SED) The join operation: Idea #1 Pruning an SED: Idea #2 The strongest postcondition operation Fixed point computation

8 Representing Equivalences a := 1; b := 2; x := F(1,2); { a,1 } { b,2 } { x, F(1,2) }

9 Representing Equivalences a := 1; b := 2; x := F(1,2); { a,1 } { b,2 } { x, F(1,2), F(a,2), F(1,b), F(a,b) } Such an explicit representation can be exponential.

10 Strong Equivalence DAG (SED) A data structure for representing equivalences. Nodes n: Type: c, ?, F(n 1,n 2 ) Terms(n): set of equivalent expressions –Terms( ) = V –Terms( ) = V [ { c } –Terms( ) = V [ { F(e 1,e 2 ) | e 1 2 Terms(n 1 ), e 2 2 Terms(n 2 ) } 8 variables x, 9 at most one node s.t. x 2 V – called Node(x)

11 SED: Example This SED represents the following partition: Terms(n 1 ) = { a, 2 } Terms(n 2 ) = { b} Terms(n 3 ) = { c, d, F(a,b), F(2,b) } Terms(n 4 ) = { e, F(c,b), F(d,b), F(F(a,b),b), F(F(2,b),b) } a, 2 d,c, F b, ? e, F n1n1 n4n4 n3n3 n2n2

12 Outline Strong equivalence DAG (SED) The join operation: Idea #1 Pruning an SED: Idea #2 The strongest postcondition operation Fixed point computation

13 The Join Operation G = Join(G 1, G 2 ) G is obtained by product construction of G 1 and G 2 If n= 2 G 1 and m= 2 G 2, then [n,m]= 2 G Definition of t 1 t t 2 c t c = c F(l 1,r 1 ) t F(l 2,r 2 ) = F ([l 1,l 2 ],[r 1,r 2 ]) t 1 t t 2 = ?, otherwise Proof of Correctness Terms([n,m]) = Terms(n) Å Terms(m) (Thus product construction = partition intersection)

14 Example: The Join Operation G1G1 G2G2 G F y 2, F y 1, F y 3,y 4 y 5, ? F y6,?y6,?y7,?y7,? F y 2, F y 1, F y 4,y 5 ? F y 6,y 7 ? y3,?y3,? G = Join(G 1,G 2 ) F y 2, F y 1, F y 4,y 5 ? F y6,?y6,? y3,?y3,? y7,?y7,?

15 Outline Strong equivalence DAG (SED) The join operation: Idea #1 Pruning an SED: Idea #2 The strongest postcondition operation Fixed point computation

16 Motivation: The Prune Operation Discovering equivalences among all expressions For the latter, it is sufficient to discover equivalences among all terms of size at most t at each program point (where t = #variables * size of program). Thus, SEDs can be pruned to have a small size. Discovering equivalences among program expressions vs. If G=Join(G 1,G 2 ), then Size(G) can be Size(G 1 ) £ Size(G 2 ) There are programs, where size of SEDs after n joins is exponential in n.

17 The Prune Operation Prune(G,k) For each node, check if x 2 V is equal to some F-term of size less than k. If not, then delete all the nodes that are reachable from only

18 Example: The Prune Operation G Prune(G,2) y 2, ? y 1, G y 4,y 5 ? G F y 2, F y 1, G y 4,y 5 ? F y6,?y6,? y3,?y3,? y7,?y7,?

19 Outline Strong equivalence DAG (SED) The join operation: Idea #1 Pruning an SED: Idea #2 The strongest postcondition operation Fixed point computation

20 The Strongest Postcondition Operation G = SP(G 0, x := e) To obtain G from G, do: Delete label x from Node(x) in G 0 Let n= be the node in G 0 s.t. e 2 Terms(n) (Add such a node to G 0 if it does not already exists) Add x to V.

21 F Example: The Strongest Postcondition Operation G0G0 z, u, F x, ? G = SP(G 0, u := F(z,x)) z, F x, ? u, F

22 Outline Strong equivalence DAG (SED) The join operation: Idea #1 Pruning an SED: Idea #2 The strongest postcondition operation Fixed point computation

23 Fixed Point Computation and Complexity The lattice of sets of equivalences (among uninterpreted function terms) has height at most k. Complexity –Dominated by the cost of join operations –# of join operations: O(j £ k) –Each join operation: O(k 2 £ N) This requires doing pruning while computing join –Total cost: O(k 3 £ N £ j) k: # of variables N: size of program j: # of join points in program

24 Example x := 1; y := 1; z := F(1,1); x := 2; y := 2; z := F(2,2); u := F(x,y); Assert(u = z); L1L1 L2L2 L3L3 L4L4 G1G1 z, F x,y, 1 G2G2 z, F x,y, 2 G 3 = Join(G 1,G 2 ) G3G3 z, F x,y,? G 4 = Assignment(G 3, u := F(x,y)) G4G4 u,z, F x,y, ?

25 Conclusion Idea #1: Join of 2 SEDs = Product construction Idea #2: Prune SEDs (Discovering equivalences among program expressions does not require computing equivalences involving large terms) Future Work Inter-procedural value numbering Abstract interpretation for combined theory of linear arithmetic and uninterpreted functions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.