disproving termination with overapproximation carsten
play

Disproving Termination with Overapproximation Carsten Byron Fuhs - PowerPoint PPT Presentation

Dec 04, 2023 •150 likes •492 views

Disproving Termination with Overapproximation Carsten Byron Fuhs Cook Kaustubh Peter Nimkar OHearn University College London Microsoft Research FMCAD 2014, Lausanne, Switzerland, 24 October 2014 Proving Program Non-Termination Given :

  1. Disproving Termination with Overapproximation Carsten Byron Fuhs Cook Kaustubh Peter Nimkar O’Hearn University College London Microsoft Research FMCAD 2014, Lausanne, Switzerland, 24 October 2014

  2. Proving Program Non-Termination Given : program P Goal : prove that P can have an infinite run for some input → (usually) a bug Note : if termination proof attempt fails, this alone means nothing more sophisticated techniques might have proved termination . . . . . . or the program actually is non-terminating ⇒ Need dedicated techniques to prove non-termination

  3. Proving Program Non-Termination Given : program P Goal : prove that P can have an infinite run for some input → (usually) a bug Note : if termination proof attempt fails, this alone means nothing more sophisticated techniques might have proved termination . . . . . . or the program actually is non-terminating ⇒ Need dedicated techniques to prove non-termination

  4. This Talk in a Nutshell Goal : show that for some input there exists an infinite run of program P compute (over-approximating) abstraction α ( P ) for P show that for some input all runs of α ( P ) are infinite ⇒ non-termination of P value time concrete infinite run of P = some abstract infinite run of α ( P ) Not all abstractions α are ok, but many are. new notion of Live Abstractions to prove non-termination e.g. for non-linear arithmetic, heap-based data structures, . . .

  5. This Talk in a Nutshell Goal : show that for some input there exists an infinite run of program P compute (over-approximating) abstraction α ( P ) for P show that for some input all runs of α ( P ) are infinite ⇒ non-termination of P value time concrete infinite run of P = some abstract infinite run of α ( P ) Not all abstractions α are ok, but many are. new notion of Live Abstractions to prove non-termination e.g. for non-linear arithmetic, heap-based data structures, . . .

  6. This Talk in a Nutshell Goal : show that for some input there exists an infinite run of program P compute (over-approximating) abstraction α ( P ) for P show that for some input all runs of α ( P ) are infinite ⇒ non-termination of P value time concrete infinite run of P = some abstract infinite run of α ( P ) Not all abstractions α are ok, but many are. new notion of Live Abstractions to prove non-termination e.g. for non-linear arithmetic, heap-based data structures, . . .

  7. Outline (Closed) recurrence sets 1 Proving non-termination with abstractions 2 Live abstractions 3 Automation and experiments 4 Future work and conclusion 5

  8. Recurrence Set [Gupta et al. , POPL ’08] set G of states: you can start in G , and then you can stay in G program P with transition relation R , initial states I G is recurrence set for P iff ( G has an initial state) ∃ s . G ( s ) ∧ I ( s ) (some transition can stay in G ) ∀ s ∃ s ′ . G ( s ) → R ( s , s ′ ) ∧ G ( s ′ ) Theorem (Gupta, Henzinger, Majumdar, Rybalchenko, Xu, POPL ’08 ) Program P non-terminating iff P has a recurrence set G . Automation by under-approximation to “lassos” and constraint solving restricted to deterministic programs on linear integer arithmetic

  9. Recurrence Set [Gupta et al. , POPL ’08] set G of states: you can start in G , and then you can stay in G program P with transition relation R , initial states I G is recurrence set for P iff ( G has an initial state) ∃ s . G ( s ) ∧ I ( s ) (some transition can stay in G ) ∀ s ∃ s ′ . G ( s ) → R ( s , s ′ ) ∧ G ( s ′ ) Theorem (Gupta, Henzinger, Majumdar, Rybalchenko, Xu, POPL ’08 ) Program P non-terminating iff P has a recurrence set G . Automation by under-approximation to “lassos” and constraint solving restricted to deterministic programs on linear integer arithmetic

  10. Closed Recurrence Set [Chen et al. , TACAS ’14] set G of states: you can start in G , and then you must stay in G program P with transition relation R , initial states I G is closed recurrence set for P iff ( G has an initial state) ∃ s . G ( s ) ∧ I ( s ) (all transitions must stay in G ) ∀ s ∀ s ′ . G ( s ) ∧ R ( s , s ′ ) → G ( s ′ ) (can make a transition from G ) ∀ s ∃ s ′ . G ( s ) → R ( s , s ′ ) example

  11. Closed Recurrence Set [Chen et al. , TACAS ’14] set G of states: you can start in G , and then you must stay in G program P with transition relation R , initial states I G is closed recurrence set for P iff ( G has an initial state) ∃ s . G ( s ) ∧ I ( s ) (all transitions must stay in G ) ∀ s ∀ s ′ . G ( s ) ∧ R ( s , s ′ ) → G ( s ′ ) (can make a transition from G ) ∀ s ∃ s ′ . G ( s ) → R ( s , s ′ ) example recurrence set G

  12. Closed Recurrence Set [Chen et al. , TACAS ’14] set G of states: you can start in G , and then you must stay in G program P with transition relation R , initial states I G is closed recurrence set for P iff ( G has an initial state) ∃ s . G ( s ) ∧ I ( s ) (all transitions must stay in G ) ∀ s ∀ s ′ . G ( s ) ∧ R ( s , s ′ ) → G ( s ′ ) (can make a transition from G ) ∀ s ∃ s ′ . G ( s ) → R ( s , s ′ ) example closed recurrence set G

  13. Beyond Linear Arithmetic Programs can use more complex operations or data non-linear arithmetic int x = z * z; dynamic data structures on the heap list = list->next; Standard solution: over-approximating abstractions → fine for proving termination, but not for non -termination Example (program and abstraction) P : while (x > 0) { α ( P ) : while (x > 0) { x = x - z*z - 1; x = nondet(); } } ⇒ terminating ⇒ becomes non-terminating Abstraction α ( P ) non-terminating �⇒ P non-terminating

  14. Beyond Linear Arithmetic Programs can use more complex operations or data non-linear arithmetic int x = z * z; dynamic data structures on the heap list = list->next; Standard solution: over-approximating abstractions → fine for proving termination, but not for non -termination Example (program and abstraction) P : while (x > 0) { α ( P ) : while (x > 0) { x = x - z*z - 1; x = nondet(); } } ⇒ terminating ⇒ becomes non-terminating Abstraction α ( P ) non-terminating �⇒ P non-terminating

  15. (Toy) Example for Non-Linear Arithmetic program P assume(j ≥ 1 ∧ k ≥ 1); while (i ≥ 0) { i = j*k; j = j + 1; k = k + 1; }

  16. (Toy) Example for Non-Linear Arithmetic program P assume(j ≥ 1 ∧ k ≥ 1); while (i ≥ 0) { i = j*k; j = j + 1; k = k + 1; } (initial states: j ≥ 1 ∧ k ≥ 1, transition relation: i ≥ 0 ∧ i’ = j ∗ k ∧ j’ = j + 1 ∧ k’ = k + 1)

  17. (Toy) Example for Non-Linear Arithmetic program P assume(j ≥ 1 ∧ k ≥ 1); while (i ≥ 0) { i = j*k; j = j + 1; k = k + 1; } (initial states: j ≥ 1 ∧ k ≥ 1, transition relation: i ≥ 0 ∧ i’ = j ∗ k ∧ j’ = j + 1 ∧ k’ = k + 1) has (closed) recurrence set { ( i = 1 , j = 1 , k = 1 ) , ( i = 1 , j = 2 , k = 2 ) , ( i = 4 , j = 3 , k = 3 ) , ( i = 9 , j = 4 , k = 4 ) , . . . }

  18. (Toy) Example for Non-Linear Arithmetic program P abstract program α ( P ) assume(j ≥ 1 ∧ k ≥ 1); assume(j ≥ 1 ∧ k ≥ 1); while (i ≥ 0) { while (i ≥ 0) { i = j*k; i = j*k; j = j + 1; j = j + 1; k = k + 1; k = k + 1; } (initial states: j ≥ 1 ∧ k ≥ 1, } transition relation: i ≥ 0 ∧ i’ = j ∗ k ∧ j’ = j + 1 ∧ k’ = k + 1) has (closed) recurrence set { ( i = 1 , j = 1 , k = 1 ) , ( i = 1 , j = 2 , k = 2 ) , ( i = 4 , j = 3 , k = 3 ) , ( i = 9 , j = 4 , k = 4 ) , . . . }

  19. (Toy) Example for Non-Linear Arithmetic program P abstract program α ( P ) assume(j ≥ 1 ∧ k ≥ 1); assume(j ≥ 1 ∧ k ≥ 1); while (i ≥ 0) { while (i ≥ 0) { i = j*k; i = j*k; j = j + 1; j = j + 1; k = k + 1; k = k + 1; } assume(i ≥ 1); // linear invariant (initial states: j ≥ 1 ∧ k ≥ 1, } transition relation: i ≥ 0 ∧ i’ = j ∗ k ∧ j’ = j + 1 ∧ k’ = k + 1) has (closed) recurrence set { ( i = 1 , j = 1 , k = 1 ) , ( i = 1 , j = 2 , k = 2 ) , ( i = 4 , j = 3 , k = 3 ) , ( i = 9 , j = 4 , k = 4 ) , . . . }

  20. (Toy) Example for Non-Linear Arithmetic program P abstract program α ( P ) assume(j ≥ 1 ∧ k ≥ 1); assume(j ≥ 1 ∧ k ≥ 1); while (i ≥ 0) { while (i ≥ 0) { i = j*k; i = nondet(); j = j + 1; j = j + 1; k = k + 1; k = k + 1; } assume(i ≥ 1); // linear invariant (initial states: j ≥ 1 ∧ k ≥ 1, } transition relation: i ≥ 0 ∧ i’ = j ∗ k ∧ j’ = j + 1 ∧ k’ = k + 1) has (closed) recurrence set { ( i = 1 , j = 1 , k = 1 ) , ( i = 1 , j = 2 , k = 2 ) , ( i = 4 , j = 3 , k = 3 ) , ( i = 9 , j = 4 , k = 4 ) , . . . }

  21. (Toy) Example for Non-Linear Arithmetic program P abstract program α ( P ) assume(j ≥ 1 ∧ k ≥ 1); assume(j ≥ 1 ∧ k ≥ 1); while (i ≥ 0) { while (i ≥ 0) { i = j*k; i = nondet(); j = j + 1; j = j + 1; k = k + 1; k = k + 1; } assume(i ≥ 1); // linear invariant (initial states: j ≥ 1 ∧ k ≥ 1, } transition relation: i ≥ 0 ∧ i’ = j ∗ k ∧ j’ = j + 1 ∧ k’ = k + 1) has (closed) recurrence set has closed recurrence set { ( i = 1 , j = 1 , k = 1 ) , { ( i , j , k ) | i ≥ 1 ∧ j ≥ 1 ∧ k ≥ 1 } ( i = 1 , j = 2 , k = 2 ) , ( i = 4 , j = 3 , k = 3 ) , ( i = 9 , j = 4 , k = 4 ) , . . . }

  22. Live Abstractions α is a live abstraction from P = ( R , I ) to α ( P ) = ( R α , I α ) iff a (Simulation) α R s s ′

  23. Live Abstractions α is a live abstraction from P = ( R , I ) to α ( P ) = ( R α , I α ) iff R α a a ′ (Simulation) α α R s s ′

Recommend

SMT Techniques and Solvers in Automated Termination Analysis Carsten Fuhs Birkbeck, University

SMT Techniques and Solvers in Automated Termination Analysis Carsten Fuhs Birkbeck, University

SMT Techniques and Solvers in Automated Termination Analysis Carsten Fuhs Birkbeck, University of London 2 nd July 2016 14 th Workshop on SAT Modulo Theories (SMT) Coimbra, Portugal Why analyze termination? 2/25 Why analyze termination? 1

1.83k views • 113 slides
Better termination proving through cooperation Marc Brockschmidt 1 Byron Cook 2 , 3 Carsten Fuhs 3

Better termination proving through cooperation Marc Brockschmidt 1 Byron Cook 2 , 3 Carsten Fuhs 3

Better termination proving through cooperation Marc Brockschmidt 1 Byron Cook 2 , 3 Carsten Fuhs 3 1 RWTH Aachen University 2 Microsoft Research Cambridge 3 University College London Deduktionstreffen 2013 Termination Analysis: Invariants and Rank

538 views • 37 slides
Fair Termination of Higher-Order Functional Programs Keiichi Watanabe , Ryosuke Sato Takeshi

Fair Termination of Higher-Order Functional Programs Keiichi Watanabe , Ryosuke Sato Takeshi

Automatically Disproving Fair Termination of Higher-Order Functional Programs Keiichi Watanabe , Ryosuke Sato Takeshi Tsukada, Naoki Kobayashi The University of Tokyo September 20 th , 2016 ICFP 2016 at Nara 1 2 Our Goal Automated method for

923 views • 54 slides
Types of Termination Mutual With Consent Termination Automatic Termination

Types of Termination Mutual With Consent Termination Automatic Termination

Types of Termination Mutual With Consent Termination Automatic Termination Termination Termination for Convenience Without Consent Frustration /Force Majeure Contractual Breach Breach Common Law Breach

444 views • 29 slides
. Needs effective (finitary) representation .. Failed Termination Proof vs. Non- TNT:

. Needs effective (finitary) representation .. Failed Termination Proof vs. Non- TNT:

Runtime Errors Proving Non-Termination Ashutosh K. Gupta Thomas A. Henzinger Rupak Majumdar MPI-SWS EPFL UCLA Andrey Rybalchenko Ru-Gang Xu MPI-SWS UCLA 2 Non-Termination Errors Proving Non-Termination Search for infinite

402 views • 6 slides
Termination Rate Debate in Africa Dr. Christoph Stork Termination = Monopoly Monopolies

Termination Rate Debate in Africa Dr. Christoph Stork Termination = Monopoly Monopolies

Termination Rate Debate in Africa Dr. Christoph Stork Termination = Monopoly Monopolies require price regulation Termination rates at cost of efficient operator Provide incentive to invest in new technologies to reduce costs Promote

605 views • 32 slides
Part 6: Termination Revisited So far: Termination as a subordinate task for entailment checking.

Part 6: Termination Revisited So far: Termination as a subordinate task for entailment checking.

Part 6: Termination Revisited So far: Termination as a subordinate task for entailment checking. TRS is generated by some saturation process; ordering must be chosen before the saturation starts. Now: Termination as a main task (e. g., for

384 views • 20 slides
Conflict Termination and Prevention September 3 - Class 9 Conflict Termination Over half of

Conflict Termination and Prevention September 3 - Class 9 Conflict Termination Over half of

Conflict Termination and Prevention September 3 - Class 9 Conflict Termination Over half of all conflicts end in military victory for one side. Those that are not require other means of settlement. Negotiated Settlements Both

612 views • 24 slides
CSC2/458 Parallel and Distributed Systems Termination Detection Sreepathi Pai April 12, 2018

CSC2/458 Parallel and Distributed Systems Termination Detection Sreepathi Pai April 12, 2018

CSC2/458 Parallel and Distributed Systems Termination Detection Sreepathi Pai April 12, 2018 URCS Outline Termination Detection Ring termination (Dijkstra et al.) Misras Algorithm Outline Termination Detection Ring termination

403 views • 24 slides
2 Dispute over salaries and bonuses 3 Termination of employment by the employee 4 Termination

2 Dispute over salaries and bonuses 3 Termination of employment by the employee 4 Termination

1 Some critical issues in employment dispute resolution 2 Dispute over salaries and bonuses 3 Termination of employment by the employee 4 Termination of employment by the employer 2 1.1. Compulsory pre-litigation mediation and short statute

468 views • 21 slides
Analysis using Configurable Software Verification Sebastian Ott Termination No infinite

Analysis using Configurable Software Verification Sebastian Ott Termination No infinite

Implementing Termination Analysis using Configurable Software Verification Sebastian Ott Termination No infinite execution Liveness property Important property of programs: partial correctness termination total

375 views • 15 slides
Disproving Inductive Entailments in Separation Logic via Base Pair Approximation James Brotherston

Disproving Inductive Entailments in Separation Logic via Base Pair Approximation James Brotherston

Disproving Inductive Entailments in Separation Logic via Base Pair Approximation James Brotherston 1 Nikos Gorogiannis 2 1 UCL 2 Middlesex University TABLEAUX15, Wroclaw, 23 Sept 2015 1/ 16 Disproof, in general Disproof is the problem of

624 views • 51 slides
PERSONNEL ISSUES: DISCIPLINE AND TERMINATION Personnel Issues: Discipline and Termination

PERSONNEL ISSUES: DISCIPLINE AND TERMINATION Personnel Issues: Discipline and Termination

PERSONNEL ISSUES: DISCIPLINE AND TERMINATION Personnel Issues: Discipline and Termination EMPLOYMENT LIABILITIES I. The Litigious Workforce A. Employment related lawsuits, while once very rare, have become commonplace in our present society.

678 views • 8 slides
Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University,

Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University,

Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University, Germany VTSA 12, Saarbr ucken, Germany Overview I. Termination of Term Rewriting 1 Termination of Term Rewrite Systems 2 Non-Termination of Term

1.93k views • 148 slides
Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University,

Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University,

Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University, Germany VTSA 12, Saarbr ucken, Germany Overview I. Termination of Term Rewriting 1 Termination of Term Rewrite Systems 2 Non-Termination of Term

1.47k views • 133 slides
The Termination Competition Claude March e Hans Zantema Orsay, France Eindhoven, The

The Termination Competition Claude March e Hans Zantema Orsay, France Eindhoven, The

Termination Competition The Termination Competition Claude March e Hans Zantema Orsay, France Eindhoven, The Netherlands June 26th, 2007 Termination Competition Short history WST03, Valencia: initiated by Albert Rubio

476 views • 13 slides
Termination Impossibility of any infinite sequence G 0 R G 1 R G 2 R . . . given a

Termination Impossibility of any infinite sequence G 0 R G 1 R G 2 R . . . given a

Modular Termination of Graph Transformation 1 Detlef Plump University of York, UK 1 In Graph Transformation, Specifications, and Nets: In Memory of Hartmut Ehrig . LNCS 10800, Springer, 2018 Termination Impossibility of any infinite sequence

215 views • 17 slides
SENDING AND FORGETTING: TERMINATION OF AMNESIAC FLOODING ON A GRAPH* WALTER HUSSAK AND AMITABH

SENDING AND FORGETTING: TERMINATION OF AMNESIAC FLOODING ON A GRAPH* WALTER HUSSAK AND AMITABH

SENDING AND FORGETTING: TERMINATION OF AMNESIAC FLOODING ON A GRAPH* WALTER HUSSAK AND AMITABH TREHAN LOUGHBOROUGH UNIVERSITY On the Termination of Flooding. STACS 2020 * * On Termination of a Flooding Process (Brief Announcement). PODC 2019

542 views • 38 slides
Termination Dr. Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1

Termination Dr. Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1

Termination Deadlock Termination Dr. Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Termination Deadlock Where we are at In the last lecture, we introduced message passing and discuss simple non-compositional proof

842 views • 34 slides
Termination Dr. Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1

Termination Dr. Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1

Termination Deadlock Termination Dr. Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Termination Deadlock Where we are at In the last lecture, we introduced message passing and discuss simple non-compositional proof

1.11k views • 57 slides
Patent Damages After Lucent v. Gateway and Cornell v. HP Strategies for Establishing or

Patent Damages After Lucent v. Gateway and Cornell v. HP Strategies for Establishing or

Patent Damages After Lucent v. Gateway and Cornell v. HP Strategies for Establishing or Disproving Strategies for Establishing or Disproving presents presents Infringement Damages A Live 90-Minute Teleconference/Webinar with Interactive

1.11k views • 62 slides
Termination in a -calculus with Subtyping Ioana Cristescu Daniel Hirschkoff ENS Lyon Express

Termination in a -calculus with Subtyping Ioana Cristescu Daniel Hirschkoff ENS Lyon Express

Termination in a -calculus with Subtyping Ioana Cristescu Daniel Hirschkoff ENS Lyon Express 2011, 5 September 2011 Type systems for termination in -calculus Termination in a concurrent setting eventual access to shared resources

513 views • 19 slides
Disproving Confluence of Term Rewriting Systems by Interpretation and Ordering FroCoS 2013

Disproving Confluence of Term Rewriting Systems by Interpretation and Ordering FroCoS 2013

Disproving Confluence of Term Rewriting Systems by Interpretation and Ordering FroCoS 2013 Takahito Aoto (Tohoku University) Outline 1. Backgrounds: TRS and Confluence 2. Backgrounds: Proving (Non)-Confluence 3. Proving Non-Joinability by

684 views • 40 slides
Termination checking for a lazy functional language Neil Mitchell Neil Mitchell - Termination

Termination checking for a lazy functional language Neil Mitchell Neil Mitchell - Termination

Termination checking for a lazy functional language Neil Mitchell Neil Mitchell - Termination Checking 1 Overview Background Properties of functional languages Bottom , Lazy, Higher order Total programming Sized Types

354 views • 20 slides

More recommend