Extending Constraint-Only Representation of Polyhedra with Boolean Constraints [chapter]

Alexey Bakhirkin, David Monniaux
2018 Lecture Notes in Computer Science  
We propose a new relational abstract domain for analysing programs with numeric and Boolean variables. The main idea is to represent an abstract state as a set of linear constraints over numeric variables, with every constraint being enabled by a formula over Boolean variables. This allows us, unlike in some existing approaches, to avoid duplicating linear constraints shared by multiple Boolean formulas. To perform domain operations, we adapt algorithms from constraint-only representation of
more » ... vex polyhedra, most importantly Fourier-Motzkin elimination and projection-based convex hull. We made a prototype implementation of the new domain in our abstract interpreter for Horn clauses. Our initial experiments are, in our opinion, promising and show directions for future improvement. Con s is t e n t * Compl e t e * W el l Doc u m e n t e d * Easy to R e u se * * E v a l u ate d * S A S * A r t i f act * A E C In all cases, the analysis needs to efficiently represent sets of convex polyhedra, possibly (but not necessarily [4]) tagged by elements of a finite set T (abstract traces, Boolean vectors, etc). Earlier works proposed to represent an abstract element by an explicit map from T to convex polyhedra, either as an array of pairs (T i , P i ) where T i ⊆ T and P i are polyhedra, or as a decision tree or DAG with polyhedra at the leaves. Both approaches are implemented in B. Jeannet's BddApron library [19] . One issue with this approach is that the possible number of abstract partitions is often exponential in some parameter (length of the recorded trace, number of Boolean variables) and thus every operation (post-condition, convex hull) is potentially repeated for each of the exponentially many polyhedra. At the same time, the polyhedra in different abstract partitions often share most of the constraints and only differ in few that are related to the partitioning criterion. Thus, it is tempting to store a set of polyhedra in some structure that does not require duplicating shared constraints, and to use symbolic algorithms that, as much as possible, avoid enumerating abstract partitions individually. One approach to this is offered by different kinds of decision diagrams over linear constraints. A notable example is Linear Decision Diagrams (LDD) developed by S. Chaki, A. Gurfinkel, and O. Strichman [10] . An LDD is a DAG, where internal nodes are labelled with linear constraints, and the two leaves are true and false, thus a path through an LDD corresponds to a convex polyhedron. Based on the LDD algorithms, the same authors later developed an abstract domain of boxes [15] , that only allows to have a comparison of a variable with a constant in an interior node. Theoretical Contribution In this paper, we propose an alternative approach: to represent an abstract state as a set of implications {B i → c i } i=0..k , where B i are arbitrary Boolean formulas, and c i are linear constraints. This way, an abstract element can still be seen as an implicit map from a partition of B m to convex polyhedra (similar to a BddApron element), but we do not have to duplicate storage and computations for constraints shared by multiple partitions. Another appeal of this approach is that some operations on constraint-only polyhedra can be naturally adapted to sets of implications of the form B i → c i . The algorithms in this paper are based on Fourier-Motzkin elimination [30] and the reduction of convex hull to projection of F. Benoy, A. King, and F. Mesnard [7, 33] . Whether it is possible to also adapt the more recent algorithms based on parametric linear programming and raytracing by A. Maréchal, D. Monniaux, and M. Périn [23, 22, 21] is a question for future work. The Boolean variables occurring in the formulas B i may be program variables (from small enumerated types) but may also be observers, partitioning according to trace history or calling context. This solves one issue with untagged disjunctions of polyhedra: when applying the widening operator to i P i and j Q j , how does one "match" the P i 's and Q j 's to perform conventional widening over polyhedra [4] ? Similarly, for the "join" operation ( i P i ) ( j Q j ), does one simply concatenate the two unions while removing duplicates (thus creating longer and longer lists), or does one "match" some P i and Q j for convex hull, and if so under which criteria? In our case, widening and join are guided by the Boolean variables: the polyhedra associated to the same Boolean choice are matched together.
doi:10.1007/978-3-319-99725-4_10 fatcat:efrs4fdk3jegtcjoyoayzo24qm