- By
**spiro** - Follow User

- 65 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about ' Termination Proofs from Tests ' - spiro

**An Image/Link below is provided (as is) to download presentation**
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

Presentation Transcript

Infer-and-Validate ApproachInfer-and-Validate Approach

Goal

- Prove termination of a program
- Program terminates if all loops terminate
- Hard problem, undecidable in general
- Need to exploit all available information

Tests

- Previous techniques are static
- Tests are a neglected source of information
- Tests have previously been used
- Safety properties, empirical complexity, …
- This work, use tests for termination proofs

Example: GCD

gcd(intx,int y)

assume(x>0 && y>0);

while( x!=y ) do

if( y > x )

y = y–x;

if( x > y)

x = x-y;

od

return x;

x=1, y=1

x=2, y=1

Infer-and-Validate Approach

(1,1)

(2,1)

…

while …

…

…

while …

print x

print y

x=1, y=3

Data

…

while …

…

assert …

ML

Infer-and-Validate Approach

(1,1)

(2,1)

…

while …

…

…

while …

print x

print y

x=1, y=3

Data

…

while …

…

assert …

ML

Instrument the Program

gcd(int x, int y)

assume(x>0 && y>0);

a := x; b := y;

c := 0;

while( x!=y ) do

c := c + 1;

if( y > x )

y := y–x;

if( x > y)

x := x-y;

od

print ( a, b, c );

- New variables to capture initial values
- Introduce a loop counter
- Print values of input variables and counter

Infer-and-Validate Approach

(1,1)

(2,1)

…

while …

…

…

while …

print x

print y

x=1, y=3

Data

…

while …

…

assert …

ML

Generating Data

gcd(int x, int y)

assume(x>0 && y>0);

a := x; b := y;

c := 0;

while( x!=y ) do

c := c + 1;

if( y > x )

y := y–x;

if( x > y)

x := x-y;

od

print( a, b, c)

For on inputs ,

the loop iterates times

Infer a bound using and

(1,1)

(2,1)

…

while …

…

…

while …

print x

print y

x=1, y=3

Data

…

while …

…

assert …

ML

Regression

- Predict number of iterations (final value ofc)
- As a linear expression in a and b
- Find
- Find
- But we want
- Addas a constraint
- Solvable by quadratic programming

Quadratic Program (QP)

- The quadratic program is:
- Solved in MATLAB
- quadprog(A’*A,-A’*C,-A,-C)
- For gcd example,
- Bound

(1,1)

(2,1)

…

while …

…

…

while …

print x

print y

x=1, y=3

Data

…

while …

…

assert …

ML

Verification Burden

assume(x>0 && y>0);

a := x; b := y;

c := 0;

while( x!=y ) do

c := c + 1;

if( y > x )

y := y–x;

if( x > y)

x := x-y;

assert(c <= a+b-2);

od

- Bound:
- Difficult to validate
- Infer invariants from tests

Regression for Invariant

assume(x>0 && y>0);

a := x; b := y; c := 0;

while( x!=y ) do

print(c, a, b, x, y);

c := c + 1;

if( y > x )

y := y–x;

if( x > y)

x := x-y;

assert(c <= a+b-2);

od

- Predict a bound onc
- Same tests, more data
- Solve same QP
- has five columns
- [1,a,b,x,y]
- hascat every iteration

Free Invariant

assume(x>0 && y>0);

a:=x; b:=y; c := 0;

free_inv(c<=a+b-x-y);

while( x!=y ) do

c := c + 1;

if( y > x )

y := y – x;

if( x > y)

x := x-y;

assert(c <= a+b-2 );

od

- Obtain
- Add as a free invariant
- Use if checker can prove
- Otherwise discard

Validate

- Give program to assertion checker
- Inductive invariant for gcd example:
- If check fails then return a cex as a new test

Non-linear Example

u := x;v := y;w := z;

while ( x >= y ) do

if ( z > 0)

z := z-1;

x := x+z;

else

y := y+1;

od

- Given degree 2,
- Bound:
- After rounding:

Assertion Checker

- Requirements from assertion checker:
- Handle non-linear arithmetic
- Consume free invariants
- Produce tests as counter-examples
- Micro-benchmarks: Use SGHAN’13
- Handles non-linear arithmetic, no counter-examples
- Windows Device Drivers: Use Yogi (FSE’ 06)
- Cannot handle non-linear, produce counter-examples

Related Work

- Regression: Goldsmith et al. ‘07 , Huang et al. ’10, …
- Mining specifications from tests: Dallmeier et al. `12,…
- Termination: Cousot `05, ResAna, Lee et al. ’12, …
- Bounds analysis: SPEED, WCET, Gulavani et al. `08, …
- Invariant inference: Daikon, InvGen, Nguyen et al.`12, …

Conclusion

- Use tests for termination proofs
- Infer bounds and invariants using QP
- Use off-the-shelf assertion checkers to validate
- Future work: disjunctions, non-termination

Disjunctions Example

a = i ; b = j ;

while(i<M || j<N)

i= i+1;

j = j+1;

- Partition using predicates
- Control flow refinement
- Sharma et al. ’11

Download Presentation

Connecting to Server..