Termination Proofs from Tests

1 / 26

# Termination Proofs from Tests - PowerPoint PPT Presentation

Aditya Nori Rahul Sharma MSR India Stanford University. Termination Proofs from Tests . Goal. Prove termination of a program Program terminates if all loops terminate H ard problem, undecidable in general Need to exploit all available information.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about 'Termination Proofs from Tests' - spiro

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

MSR India Stanford University

### Termination Proofs from Tests

Goal
• Prove termination of a program
• Program terminates if all loops terminate
• Hard problem, undecidable in general
• Need to exploit all available information
Tests
• Previous techniques are static
• Tests are a neglected source of information
• Tests have previously been used
• Safety properties, empirical complexity, …
• This work, use tests for termination proofs
Example: GCD

gcd(intx,int y)

assume(x>0 && y>0);

while( x!=y ) do

if( y > x )

y = y–x;

if( x > y)

x = x-y;

od

return x;

x=1, y=1

x=2, y=1

Infer-and-Validate Approach

(1,1)

(2,1)

while …

while …

print x

print y

x=1, y=3

Data

while …

assert …

ML

Infer-and-Validate Approach

(1,1)

(2,1)

while …

while …

print x

print y

x=1, y=3

Data

while …

assert …

ML

Instrument the Program

gcd(int x, int y)

assume(x>0 && y>0);

a := x; b := y;

c := 0;

while( x!=y ) do

c := c + 1;

if( y > x )

y := y–x;

if( x > y)

x := x-y;

od

print ( a, b, c );

• New variables to capture initial values
• Introduce a loop counter
• Print values of input variables and counter
Infer-and-Validate Approach

(1,1)

(2,1)

while …

while …

print x

print y

x=1, y=3

Data

while …

assert …

ML

Generating Data

gcd(int x, int y)

assume(x>0 && y>0);

a := x; b := y;

c := 0;

while( x!=y ) do

c := c + 1;

if( y > x )

y := y–x;

if( x > y)

x := x-y;

od

print( a, b, c)

For on inputs ,

the loop iterates times

Infer a bound using and

Infer-and-Validate Approach

(1,1)

(2,1)

while …

while …

print x

print y

x=1, y=3

Data

while …

assert …

ML

Regression
• Predict number of iterations (final value ofc)
• As a linear expression in a and b
• Find
• Find
• But we want
• Solved in MATLAB
• For gcd example,
• Bound
Infer-and-Validate Approach

(1,1)

(2,1)

while …

while …

print x

print y

x=1, y=3

Data

while …

assert …

ML

Verification Burden

assume(x>0 && y>0);

a := x; b := y;

c := 0;

while( x!=y ) do

c := c + 1;

if( y > x )

y := y–x;

if( x > y)

x := x-y;

assert(c <= a+b-2);

od

• Bound:
• Difficult to validate
• Infer invariants from tests
Regression for Invariant

assume(x>0 && y>0);

a := x; b := y; c := 0;

while( x!=y ) do

print(c, a, b, x, y);

c := c + 1;

if( y > x )

y := y–x;

if( x > y)

x := x-y;

assert(c <= a+b-2);

od

• Predict a bound onc
• Same tests, more data
• Solve same QP
• has five columns
• [1,a,b,x,y]
• hascat every iteration
Free Invariant

assume(x>0 && y>0);

a:=x; b:=y; c := 0;

free_inv(c<=a+b-x-y);

while( x!=y ) do

c := c + 1;

if( y > x )

y := y – x;

if( x > y)

x := x-y;

assert(c <= a+b-2 );

od

• Obtain
• Add as a free invariant
• Use if checker can prove
Validate
• Give program to assertion checker
• Inductive invariant for gcd example:
• If check fails then return a cex as a new test
Non-linear Example

u := x;v := y;w := z;

while ( x >= y ) do

if ( z > 0)

z := z-1;

x := x+z;

else

y := y+1;

od

• Given degree 2,
• Bound:
• After rounding:
Assertion Checker
• Requirements from assertion checker:
• Handle non-linear arithmetic
• Consume free invariants
• Produce tests as counter-examples
• Micro-benchmarks: Use SGHAN’13
• Handles non-linear arithmetic, no counter-examples
• Windows Device Drivers: Use Yogi (FSE’ 06)
• Cannot handle non-linear, produce counter-examples
Related Work
• Regression: Goldsmith et al. ‘07 , Huang et al. ’10, …
• Mining specifications from tests: Dallmeier et al. `12,…
• Termination: Cousot `05, ResAna, Lee et al. ’12, …
• Bounds analysis: SPEED, WCET, Gulavani et al. `08, …
• Invariant inference: Daikon, InvGen, Nguyen et al.`12, …
Conclusion
• Use tests for termination proofs
• Infer bounds and invariants using QP
• Use off-the-shelf assertion checkers to validate
• Future work: disjunctions, non-termination
Disjunctions Example

a = i ; b = j ;

while(i<M || j<N)

i= i+1;

j = j+1;

• Partition using predicates
• Control flow refinement
• Sharma et al. ’11