1 / 26

Using Tests for Proving Program Termination with Invariants and Bounds

Explore how tests can help in proving program termination, infer bounds and invariants using quadratic programming, and validate results using assertion checkers.

spiro
Télécharger la présentation

Using Tests for Proving Program Termination with Invariants and Bounds

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AdityaNori Rahul Sharma MSR India Stanford University Termination Proofs from Tests

  2. Goal • Prove termination of a program • Program terminates if all loops terminate • Hard problem, undecidable in general • Need to exploit all available information

  3. Tests • Previous techniques are static • Tests are a neglected source of information • Tests have previously been used • Safety properties, empirical complexity, … • This work, use tests for termination proofs

  4. Example: GCD gcd(intx,int y) assume(x>0 && y>0); while( x!=y ) do if( y > x ) y = y–x; if( x > y) x = x-y; od return x; x=1, y=1 x=2, y=1

  5. Infer-and-Validate Approach (1,1) (2,1) … while … … … while … print x print y x=1, y=3 Data … while … … assert … ML

  6. Infer-and-Validate Approach (1,1) (2,1) … while … … … while … print x print y x=1, y=3 Data … while … … assert … ML

  7. Instrument the Program gcd(int x, int y) assume(x>0 && y>0); a := x; b := y; c := 0; while( x!=y ) do c := c + 1; if( y > x ) y := y–x; if( x > y) x := x-y; od print ( a, b, c ); • New variables to capture initial values • Introduce a loop counter • Print values of input variables and counter

  8. Infer-and-Validate Approach (1,1) (2,1) … while … … … while … print x print y x=1, y=3 Data … while … … assert … ML

  9. Generating Data gcd(int x, int y) assume(x>0 && y>0); a := x; b := y; c := 0; while( x!=y ) do c := c + 1; if( y > x ) y := y–x; if( x > y) x := x-y; od print( a, b, c) For on inputs , the loop iterates times Infer a bound using and

  10. Infer-and-Validate Approach (1,1) (2,1) … while … … … while … print x print y x=1, y=3 Data … while … … assert … ML

  11. Regression • Predict number of iterations (final value ofc) • As a linear expression in a and b • Find • Find • But we want • Addas a constraint • Solvable by quadratic programming

  12. Quadratic Program (QP) • The quadratic program is: • Solved in MATLAB • quadprog(A’*A,-A’*C,-A,-C) • For gcd example, • Bound

  13. Naïve Regression

  14. Quadratic Program

  15. Infer-and-Validate Approach (1,1) (2,1) … while … … … while … print x print y x=1, y=3 Data … while … … assert … ML

  16. Verification Burden assume(x>0 && y>0); a := x; b := y; c := 0; while( x!=y ) do c := c + 1; if( y > x ) y := y–x; if( x > y) x := x-y; assert(c <= a+b-2); od • Bound: • Difficult to validate • Infer invariants from tests

  17. Regression for Invariant assume(x>0 && y>0); a := x; b := y; c := 0; while( x!=y ) do print(c, a, b, x, y); c := c + 1; if( y > x ) y := y–x; if( x > y) x := x-y; assert(c <= a+b-2); od • Predict a bound onc • Same tests, more data • Solve same QP • has five columns • [1,a,b,x,y] • hascat every iteration

  18. Free Invariant assume(x>0 && y>0); a:=x; b:=y; c := 0; free_inv(c<=a+b-x-y); while( x!=y ) do c := c + 1; if( y > x ) y := y – x; if( x > y) x := x-y; assert(c <= a+b-2 ); od • Obtain • Add as a free invariant • Use if checker can prove • Otherwise discard

  19. Validate • Give program to assertion checker • Inductive invariant for gcd example: • If check fails then return a cex as a new test

  20. Non-linear Example u := x;v := y;w := z; while ( x >= y ) do if ( z > 0) z := z-1; x := x+z; else y := y+1; od • Given degree 2, • Bound: • After rounding:

  21. Assertion Checker • Requirements from assertion checker: • Handle non-linear arithmetic • Consume free invariants • Produce tests as counter-examples • Micro-benchmarks: Use SGHAN’13 • Handles non-linear arithmetic, no counter-examples • Windows Device Drivers: Use Yogi (FSE’ 06) • Cannot handle non-linear, produce counter-examples

  22. Micro-benchmarks

  23. Experiments with WDK

  24. Related Work • Regression: Goldsmith et al. ‘07 , Huang et al. ’10, … • Mining specifications from tests: Dallmeier et al. `12,… • Termination: Cousot `05, ResAna, Lee et al. ’12, … • Bounds analysis: SPEED, WCET, Gulavani et al. `08, … • Invariant inference: Daikon, InvGen, Nguyen et al.`12, …

  25. Conclusion • Use tests for termination proofs • Infer bounds and invariants using QP • Use off-the-shelf assertion checkers to validate • Future work: disjunctions, non-termination

  26. Disjunctions Example a = i ; b = j ; while(i<M || j<N) i= i+1; j = j+1; • Partition using predicates • Control flow refinement • Sharma et al. ’11

More Related