termination analysis of a subset of coreml
play

Termination Analysis of a subset of CoreML William Blum - PowerPoint PPT Presentation

Outline Termination Analysis of a subset of CoreML William Blum william.blum@comlab.ox.ac.uk Oxford University Computing Laboratory BCTCS Nottingham W. Blum Termination Analysis of a subset of CoreML Outline Outline Size-change Principle


  1. Outline Termination Analysis of a subset of CoreML William Blum william.blum@comlab.ox.ac.uk Oxford University Computing Laboratory BCTCS Nottingham W. Blum Termination Analysis of a subset of CoreML

  2. Outline Outline Size-change Principle for first-order programs 1 An extension for a subset of Core ML 2 W. Blum Termination Analysis of a subset of CoreML

  3. Size-change Principle for first-order programs An extension for a subset of Core ML Summary First order programs Untyped functional language recursion, Example if-then-else, primitive operators, single data type f(x) = gcd(x,18) gcd(x,y) = Call-by-value evaluation semantics : if y == 0 then x → → else gcd(y, x mod y) E [ [ f ] ] x = v f evaluates to v on input x , → → E [ [ f ] ] x = ⊥ f does not terminate on input x . f , 4 → gcd , ( 4 , 18 ) → Exact call semantics : a computation is gcd , ( 18 , 2 ) → described by a state transition sequence. gcd , ( 2 , 2 ) → gcd , ( 2 , 0 ) Finite approximation of the call semantics: the control flow graph. gcd f W. Blum Termination Analysis of a subset of CoreML

  4. Size-change Principle for first-order programs An extension for a subset of Core ML Summary Termination Characterization of termination P terminates on all input values ⇐ ⇒ Infinite state transition sequences are invalid computations. What is an invalid computation? For instance: a computation in which some positive integer variable decreases infinitely... The Size-Change Principle proves that for any computation corresponding to an infinite path in the control flow, the value of some well-founded variable decreases infinitely. W. Blum Termination Analysis of a subset of CoreML

  5. � � � � Size-change Principle for first-order programs An extension for a subset of Core ML Summary Size-change graphs (SCG) Definition : A SCG describes a program call. It consists of a source set of vertices, a target set of vertices and a set of labeled arcs. � � = � x x The SCG describes the call from f to gcd . y ↓ → arcs denote decreases in parameter value, = Safety: → arcs denote non increase in parameter value. Example : consider the call “ gcd ( y ) ”: , x mod y ���� � �� � x y         = x x x x � x x x x � � � � � = = = � � � � � �         � � � � � � � � � ↓ = ↓ � � y y y y � y y y y Only one of these SCG is not safe for this call. W. Blum Termination Analysis of a subset of CoreML

  6. � � � � � Size-change Principle for first-order programs An extension for a subset of Core ML Summary Composition of size-change graphs G 1 G 2 G 1 ; G 2 If f − → g and g − → h then f − → h G 1 G 2 G 1 ; G 2 � �� � � �� � ↓ ↓ � u = a x ≡ a u � � � � � � � � � = = = � � � � � � � � � � � � � ↓ � v y v If G is a set of size-change graphs then G denotes the composition closure of G . W. Blum Termination Analysis of a subset of CoreML

  7. � � Size-change Principle for first-order programs An extension for a subset of Core ML Summary Size-change termination (SCT) Definition Consider G a set of size-change graphs. A program P is G -SCT if G safely describes P (for every reachable call c there is a corresponding SCG G c ∈ G ) for all infinite computation cs = � c 0 c 1 . . . � , any sequence of size-change graphs G c 0 G c 1 . . . (describing safely the calls of cs ) has an infinite descending thread. = � . . . x u u x � � ↓ � � = � � � � � � � � � � y y . . . v v We assume that data-types are well-founded. Theorem If P is G -SCT then P terminates for all input values W. Blum Termination Analysis of a subset of CoreML

  8. Size-change Principle for first-order programs An extension for a subset of Core ML Summary Deciding Size-Change Termination G -SCT characterization [Jones et al. 2001] P is not G -SCT ⇐ ⇒ � � G ; G = G ∃ f G → f ∈ G such that ↓ ∀ x ∈ gb ( f ) : x → x �∈ G Hence G -SCT is decidable. And it is PSPACE-complete (see [1]) W. Blum Termination Analysis of a subset of CoreML

  9. Size-change Principle for first-order programs An extension for a subset of Core ML Summary The language L ml Grammar: value identifiers e ::= x, f boolean constants | true | false conditional | if e then e else e integer constants (n ∈ N ) | n integer equality | e = e successor and predecessor | succ e | pred e function abstraction | fun (x:ty) -> e recursively defined function | fun f=(x:ty) -> e function application | e e local variable definition | let x = e in e A program is a single closed expression. Data types: ground values + higher-order functions. W. Blum Termination Analysis of a subset of CoreML

  10. Size-change Principle for first-order programs An extension for a subset of Core ML Summary Semantics of L ml (environment based) Canonical expressions : N ∪ B ∪ { e | e is an abstraction } State = { e : ρ | e ∈ subexp ( P ) , ρ ∈ Env , fv ( e ) ⊆ dom ( ρ ) } = { e : ρ ∈ State | e canonical } Value Env = { ρ : X → Value | X finite set of variables } Let s ∈ State , v ∈ Value and ρ ∈ Env Call-by-value evaluation semantics “ s ⇓ v ” v : ρ ⇓ v : ρ ( v canonical ) e : ρ ⇓ 0 Run-time errors “ s ⊘ ” (ErrOp1) pred e : ρ ⊘ Call semantics “ s → s ′ ” (CallG) e 1 : ρ ⇓ fun (x:ty)->e 0 : ρ 0 e 2 : ρ ⇓ v 2 e 1 e 2 : ρ → c e 0 : ρ 0 [ x �→ v 2 ] W. Blum Termination Analysis of a subset of CoreML

  11. Size-change Principle for first-order programs An extension for a subset of Core ML Summary Graph generation Two SCG generated per call: G + describing higher-order values and G 0 for ground type values. The free variables of an expression correspond to the input parameters in the first-order case. We define well-founded notions of size for higher-order and ground type expressions. We extend the semantic rules to generate safe SCG: (ValueG) v ⇓ v , id = ( v = e : ρ in canonical form ) e | id = e (CallG) e 1 : ρ ⇓ fun (x:ty)->e 0 : ρ 0 , G 1 | G + e 2 : ρ ⇓ v 2 , G 2 | G + 1 2 c e 0 : ρ 0 [ x �→ v 2 ] , CallGr 0 x ( G 1 , G 2 ) | CallGr + x ( G + 1 , G + e 1 e 2 : ρ → 2 ) W. Blum Termination Analysis of a subset of CoreML

  12. Size-change Principle for first-order programs An extension for a subset of Core ML Summary Finite approximation of the call semantics We need a “control flow graph” for ML programs Solution: drop the ρ components of the states abstract integers by a single symbol “ ? int ”. We obtain a finite abstraction of the computation. The set of vertices of the control flow graph (i.e control points) is: P = subexp ( P ) ∪ { ? int } W. Blum Termination Analysis of a subset of CoreML

  13. Size-change Principle for first-order programs An extension for a subset of Core ML Summary The size-change principle What do we have: Termination characterized by infinite call sequences Well-founded order on the data values Finite approximation of call semantics We can compute two safe sets of size-change graphs describing the calls (by applying the semantic rules exhaustively). Hence the SCP can be applied! (twice) W. Blum Termination Analysis of a subset of CoreML

  14. Size-change Principle for first-order programs An extension for a subset of Core ML Summary Results Counter example let rec counter x = if x = 0 then counter (succ x) else 1 in counter 7;; is terminating but not SCT. Ackerman’s function: SCT relatively to ground-type values. Function computing the minimum of two numbers: is SCT if we use the native representation of integers provided by L ml , is not SCT if we use Church numeral to encode integers. W. Blum Termination Analysis of a subset of CoreML

  15. Size-change Principle for first-order programs An extension for a subset of Core ML Bibliography Summary Conclusion The Size-Change Principle from Neil D. Jones et al. based on a finite approximation of the call semantics, and a safe description of the calls. Extension to a higher-order functional language detects decrease on ground-type values as well as higher-order values allows local definition let handles recursion natively (no need to define a Y combinator) handles numbers natively Further direction sequential composition, storage location and references, tuples list, user defined structures, for and while loop structures. W. Blum Termination Analysis of a subset of CoreML

  16. Size-change Principle for first-order programs An extension for a subset of Core ML Bibliography Summary Bibliography Chin Soon Lee, Neil D. Jones, and Amir Ben-Amram. The Size-Change Principle for Program Termination. Principles of Programming Languages , pp. 81-92. Volume 28 of Principles of Programming Languages. ACM press 2001 Neil D. Jones and Nina Bohr Termination Analysis of the Untyped λ -Calculus. Rewriting Techniques and Applications. ,Proceedings (V van Oostrom, ed.), pp. 1-23. Volume 3091 of LNCS. Springer-Verlag 2004. Andrew M. Pitts Operational Semantics and Program Equivalence. Applied Semantics. , pp. 378-412. Volume 2395 of LNCS. Springer-Verlag 2002 W. Blum Termination Analysis of a subset of CoreML

Recommend


More recommend