Aditya nori rahul sharma msr india stanford university
This presentation is the property of its rightful owner.
Sponsored Links
1 / 26

Termination Proofs from Tests PowerPoint PPT Presentation


  • 43 Views
  • Uploaded on
  • Presentation posted in: General

Aditya Nori Rahul Sharma MSR India Stanford University. Termination Proofs from Tests . Goal. Prove termination of a program Program terminates if all loops terminate H ard problem, undecidable in general Need to exploit all available information.

Download Presentation

Termination Proofs from Tests

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Aditya nori rahul sharma msr india stanford university

AdityaNori Rahul Sharma

MSR India Stanford University

Termination Proofs from Tests


Termination proofs from tests

Goal

  • Prove termination of a program

  • Program terminates if all loops terminate

  • Hard problem, undecidable in general

  • Need to exploit all available information


Tests

Tests

  • Previous techniques are static

    • Tests are a neglected source of information

  • Tests have previously been used

    • Safety properties, empirical complexity, …

  • This work, use tests for termination proofs


Example gcd

Example: GCD

gcd(intx,int y)

assume(x>0 && y>0);

while( x!=y ) do

if( y > x )

y = y–x;

if( x > y)

x = x-y;

od

return x;

x=1, y=1

x=2, y=1


Infer and validate approach

Infer-and-Validate Approach

(1,1)

(2,1)

while …

while …

print x

print y

x=1, y=3

Data

while …

assert …

ML


Infer and validate approach1

Infer-and-Validate Approach

(1,1)

(2,1)

while …

while …

print x

print y

x=1, y=3

Data

while …

assert …

ML


Instrument the program

Instrument the Program

gcd(int x, int y)

assume(x>0 && y>0);

a := x; b := y;

c := 0;

while( x!=y ) do

c := c + 1;

if( y > x )

y := y–x;

if( x > y)

x := x-y;

od

print ( a, b, c );

  • New variables to capture initial values

  • Introduce a loop counter

  • Print values of input variables and counter


Infer and validate approach2

Infer-and-Validate Approach

(1,1)

(2,1)

while …

while …

print x

print y

x=1, y=3

Data

while …

assert …

ML


Generating data

Generating Data

gcd(int x, int y)

assume(x>0 && y>0);

a := x; b := y;

c := 0;

while( x!=y ) do

c := c + 1;

if( y > x )

y := y–x;

if( x > y)

x := x-y;

od

print( a, b, c)

For on inputs ,

the loop iterates times

Infer a bound using and


Infer and validate approach3

Infer-and-Validate Approach

(1,1)

(2,1)

while …

while …

print x

print y

x=1, y=3

Data

while …

assert …

ML


Regression

Regression

  • Predict number of iterations (final value ofc)

    • As a linear expression in a and b

    • Find

    • Find

    • But we want

      • Addas a constraint

    • Solvable by quadratic programming


Quadratic program qp

Quadratic Program (QP)

  • The quadratic program is:

  • Solved in MATLAB

    • quadprog(A’*A,-A’*C,-A,-C)

  • For gcd example,

    • Bound


Na ve regression

Naïve Regression


Quadratic program

Quadratic Program


Infer and validate approach4

Infer-and-Validate Approach

(1,1)

(2,1)

while …

while …

print x

print y

x=1, y=3

Data

while …

assert …

ML


Verification burden

Verification Burden

assume(x>0 && y>0);

a := x; b := y;

c := 0;

while( x!=y ) do

c := c + 1;

if( y > x )

y := y–x;

if( x > y)

x := x-y;

assert(c <= a+b-2);

od

  • Bound:

  • Difficult to validate

  • Infer invariants from tests


Regression for invariant

Regression for Invariant

assume(x>0 && y>0);

a := x; b := y; c := 0;

while( x!=y ) do

print(c, a, b, x, y);

c := c + 1;

if( y > x )

y := y–x;

if( x > y)

x := x-y;

assert(c <= a+b-2);

od

  • Predict a bound onc

  • Same tests, more data

  • Solve same QP

  • has five columns

    • [1,a,b,x,y]

  • hascat every iteration


Free invariant

Free Invariant

assume(x>0 && y>0);

a:=x; b:=y; c := 0;

free_inv(c<=a+b-x-y);

while( x!=y ) do

c := c + 1;

if( y > x )

y := y – x;

if( x > y)

x := x-y;

assert(c <= a+b-2 );

od

  • Obtain

  • Add as a free invariant

  • Use if checker can prove

  • Otherwise discard


Validate

Validate

  • Give program to assertion checker

  • Inductive invariant for gcd example:

  • If check fails then return a cex as a new test


Non linear example

Non-linear Example

u := x;v := y;w := z;

while ( x >= y ) do

if ( z > 0)

z := z-1;

x := x+z;

else

y := y+1;

od

  • Given degree 2,

  • Bound:

  • After rounding:


Assertion checker

Assertion Checker

  • Requirements from assertion checker:

    • Handle non-linear arithmetic

    • Consume free invariants

    • Produce tests as counter-examples

  • Micro-benchmarks: Use SGHAN’13

    • Handles non-linear arithmetic, no counter-examples

  • Windows Device Drivers: Use Yogi (FSE’ 06)

    • Cannot handle non-linear, produce counter-examples


Micro benchmarks

Micro-benchmarks


Experiments with wdk

Experiments with WDK


Related work

Related Work

  • Regression: Goldsmith et al. ‘07 , Huang et al. ’10, …

  • Mining specifications from tests: Dallmeier et al. `12,…

  • Termination: Cousot `05, ResAna, Lee et al. ’12, …

  • Bounds analysis: SPEED, WCET, Gulavani et al. `08, …

  • Invariant inference: Daikon, InvGen, Nguyen et al.`12, …


Conclusion

Conclusion

  • Use tests for termination proofs

  • Infer bounds and invariants using QP

  • Use off-the-shelf assertion checkers to validate

  • Future work: disjunctions, non-termination


Disjunctions example

Disjunctions Example

a = i ; b = j ;

while(i<M || j<N)

i= i+1;

j = j+1;

  • Partition using predicates

  • Control flow refinement

    • Sharma et al. ’11


  • Login