Automatically proving program termination - PowerPoint PPT Presentation

1 / 146
About This Presentation
Title:

Automatically proving program termination

Description:

Terminator. 10. Outline. Introduction. Sequential programs. Concurrent programs ... Terminator for sequential programs. Termination prover for sequential C programs ... – PowerPoint PPT presentation

Number of Views:90
Avg rating:3.0/5.0
Slides: 147
Provided by: Byron4
Category:

less

Transcript and Presenter's Notes

Title: Automatically proving program termination


1
Automatically proving program termination Byron
Cook Microsoft Research Cambridge joint work
with Andreas Podelski Andrey Rybalchenko http
//research.microsoft.com/Terminator
2
Introduction
3
Introduction
4
Introduction
5
Introduction
6
Introduction
7
Introduction
8
Introduction
9
Introduction
Terminator
10
Outline
  • Introduction
  • Sequential programs
  • Concurrent programs
  • Extensions, optimizations, etc
  • Conclusion

11
Outline
  • Introduction
  • Sequential programs
  • Concurrent programs
  • Extensions, optimizations, etc
  • Conclusion

12
Terminator for sequential programs
  • Termination prover for sequential C programs
  • Iteratively finds and checks the validity of a
    candidate termination argument
  • Nifty trick
  • Iterative search considers potential
    counterexamples to termination in isolation of
    the rest of the program (conditionals, nested
    loops, recursion, pointers, function pointers,
    gotos, etc)

13
Well-founded relations
  • Program termination

14
Well-founded relations
  • Program termination

15
Well-founded relations
16
Well-founded relations
17
Well-founded relations
18
Well-founded relations
19
Well-founded relations
20
Termination proof rule
21
Termination proof rule
22
Termination proof rule
23
Termination proof rule
24
Termination proof rule
25
Termination proof rule
26
Termination proof rule
27
Termination proof rule
28
Termination proof rule
29
Termination proof rule
30
Termination proof rule
31
Termination proof rule
32
Terminator
33
Terminator
34
Terminator
35
Terminator
Ø
36
Terminator
Ø
37
Terminator
Ø
38
Terminator
39
Terminator
40
Terminator
41
Terminator
42
Terminator
43
Terminator
44
Terminator
45
Terminator
46
Terminator
47
Terminator
48
Terminator
49
Terminator
50
Terminator
x f(x,y) g(y,x)

copied 0 . . . if (!copied)
if () Hx x
Hy y copied 1
else assert(T1 T2 T3)



while(xlty)
copied 0
51
Examples
52
Examples
53
Examples
54
Examples
55
Examples
56
Examples
57
Examples
58
Examples
59
Experimental results
  • More details on Terminator and experiments
  • Termination proofs for systems code PLDI06
  • Experiments were performed in PLDI06 on 30
    Windows device drivers (lt35k LOC)
  • Weve found some interesting bugs in cases where
    Terminator has failed to find a proof

60
Example
  • Introduction
  • Abstraction refinement
  • Abstraction refinement for termination
  • Experimental results Demo
  • Conclusion Discussion

61
Outline
  • Introduction
  • Sequential programs
  • Concurrent programs
  • Extensions, optimizations, etc
  • Conclusion

62
Outline
  • Introduction
  • Sequential programs
  • Concurrent programs
  • Extensions, optimizations, etc
  • Conclusion

63
Proving thread termination
  • Until recently program termination tools didnt
    natively support multithreaded programs
  • Most of the code that were interested in
    verifying is multithreaded

64
Introduction
  • Until recently program termination tools didnt
    natively support multithreaded programs
  • Most of the code that were interested in
    verifying is multithreaded

65
Introduction
  • Until recently program termination tools didnt
    natively support multithreaded programs
  • Most of the code that were interested in
    verifying is multithreaded

66
Introduction

67
Introduction

68
Concurrent programs
  • Thread-modular algorithm finds an environment
    model binary relation expressed as CNF formula
  • Implements iterative weakening strengthening
    based on spurious counterexamples
  • Strengthening add conjuncts
  • Weakening add disjuncts
  • Nifty trick
  • Iterative search considers potential
    counterexamples to termination in isolation of
    the other threads

69
Concurrent programs
  • Thread-termination Thread T is thread
    terminating in P if in each P-computation T makes
    only finite many steps.
  • Important to note
  • Were not ruling out deadlock
  • Deadlock is a safety property that other tools
    should rule out
  • Thus not proving that functions called in T
    eventually return control back to their caller

70
Example
71
Example
72
Example
73
Example
74
Example
75
Example
76
Example
77
Example
78
Example
79
Example
80
Example
81
Example
82
Example
83
Example
84
Example
85
Example
86
Example
87
Example
88
Example
89
Example
90
Example
91
Example
92
Example
93
Example
94
Example
95
Example
96
Example
97
Experimental results
  • More details on Terminator concurrency extension
    and experiments
  • Proving thread termination PLDI07
  • Experiments were performed in PLDI07 on 30
    Windows device drivers (lt35k LOC)
  • Weve found some interesting bugs in cases where
    Terminator has failed to find a proof

98
Introduction

99
Introduction

100
Introduction
101
Outline
  • Introduction
  • Sequential programs
  • Concurrent programs
  • Extensions, optimizations, etc
  • Conclusion

102
Outline
  • Introduction
  • Sequential programs
  • Concurrent programs
  • Extensions, optimizations, etc
  • Conclusion

103
Extensions, optimizations, etc
  • Better performance with variance analyses
  • Variance analyses from invariance analyses
    POPL07a
  • Support for the full spectrum of liveness
    properties (fair termination)
  • Proving that software eventually does something
    good POPL07b
  • Rank function synthesis for simple non-linear
    cases
  • Proving termination by divergence SEFM07
  • Better support for heap-manipulating programs
  • Automatic termination proofs for programs with
    shape-shifting heaps CAV06

104
Extensions, optimizations, etc
  • Better performance with variance analyses
  • Variance analyses from invariance analyses
    POPL07a
  • Support for the full spectrum of liveness
    properties (fair termination)
  • Proving that software eventually does something
    good POPL07b
  • Rank function synthesis for simple non-linear
    cases
  • Proving termination by divergence SEFM07
  • Better support for heap-manipulating programs
  • Automatic termination proofs for programs with
    shape-shifting heaps CAV06

105
Extensions, optimizations, etc
  • Better performance with variance analyses
  • Variance analyses from invariance analyses
    POPL07a
  • Support for the full spectrum of liveness
    properties (fair termination)
  • Proving that software eventually does something
    good POPL07b
  • Rank function synthesis for simple non-linear
    cases
  • Proving termination by divergence SEFM07
  • Better support for heap-manipulating programs
  • Automatic termination proofs for programs with
    shape-shifting heaps CAV06

106
Variance analyses
107
Variance analyses
108
Variance analyses
109
Variance analyses
110
Variance analyses
111
Variance analyses
112
Variance analyses
113
Variance analyses
114
Variance analyses
115
Variance analyses
116
Extensions, optimizations, etc
  • Better performance with variance analyses
  • Variance analyses from invariance analyses
    POPL07a
  • Support for the full spectrum of liveness
    properties (fair termination)
  • Proving that software eventually does something
    good POPL07b
  • Rank function synthesis for simple non-linear
    cases
  • Proving termination by divergence SEFM07
  • Better support for heap-manipulating programs
  • Automatic termination proofs for programs with
    shape-shifting heaps CAV06

117
Extensions, optimizations, etc
  • Better performance with variance analyses
  • Variance analyses from invariance analyses
    POPL07a
  • Support for the full spectrum of liveness
    properties (fair termination)
  • Proving that software eventually does something
    good POPL07b
  • Rank function synthesis for simple non-linear
    cases
  • Proving termination by divergence SEFM07
  • Better support for heap-manipulating programs
  • Automatic termination proofs for programs with
    shape-shifting heaps CAV06

118
Extensions, optimizations, etc
  • Better performance with variance analyses
  • Variance analyses from variance analyses
    POPL07a
  • Support for the full spectrum of liveness
    properties (fair termination)
  • Proving that software eventually does something
    good POPL07b
  • Rank function synthesis for simple non-linear
    cases
  • Proving termination by divergence SEFM07
  • Better support for heap-manipulating programs
  • Automatic termination proofs for programs with
    shape-shifting heaps CAV06

119
Extensions, optimizations, etc
120
Extensions, optimizations, etc
121
Extensions, optimizations, etc
  • Better performance with variance analyses
  • Variance analyses from invariance analyses
    POPL07a
  • Support for the full spectrum of liveness
    properties (fair termination)
  • Proving that software eventually does something
    good POPL07b
  • Rank function synthesis for simple non-linear
    cases
  • Proving termination by divergence SEFM07
  • Better support for heap-manipulating programs
  • Automatic termination proofs for programs with
    shape-shifting heaps CAV06

122
Extensions, optimizations, etc
  • Better performance with variance analyses
  • Variance analyses from invariance analyses
    POPL07a
  • Support for the full spectrum of liveness
    properties (fair termination)
  • Proving that software eventually does something
    good POPL07b
  • Rank function synthesis for simple non-linear
    cases
  • Proving termination by divergence SEFM07
  • Better support for heap-manipulating programs
  • Automatic termination proofs for programs with
    shape-shifting heaps CAV06

123
Extensions, optimizations, etc
  • Better performance with variance analyses
  • Variance analyses from variance analyses
    POPL07a
  • Support for the full spectrum of liveness
    properties (fair termination)
  • Proving that software eventually does something
    good POPL07b
  • Rank function synthesis for simple non-linear
    cases
  • Proving termination by divergence SEFM07
  • Better support for heap-manipulating programs
  • Automatic termination proofs for programs with
    shape-shifting heaps CAV06

124
Extensions, optimizations, etc
  • Better performance with variance analyses
  • Variance analyses from invariance analyses
    POPL07a
  • Support for the full spectrum of liveness
    properties (fair termination)
  • Proving that software eventually does something
    good POPL07b
  • Rank function synthesis for simple non-linear
    cases
  • Proving termination by divergence SEFM07
  • Better support for heap-manipulating programs
  • Automatic termination proofs for programs with
    shape-shifting heaps CAV06

125
Extensions, optimizations, etc
  • Better performance with variance analyses
  • Variance analyses from invariance analyses
    POPL07a
  • Support for the full spectrum of liveness
    properties (fair termination)
  • Proving that software eventually does something
    good POPL07b
  • Rank function synthesis for simple non-linear
    cases
  • Proving termination by divergence SEFM07
  • Better support for heap-manipulating programs
  • Automatic termination proofs for programs with
    shape-shifting heaps CAV06

126
Extensions, optimizations, etc
  • Better performance with variance analyses
  • Variance analyses from invariance analyses
    POPL07a
  • Support for the full spectrum of liveness
    properties (fair termination)
  • Proving that software eventually does something
    good POPL07b
  • Rank function synthesis for simple non-linear
    cases
  • Proving termination by divergence SEFM07
  • Better support for heap-manipulating programs
  • Automatic termination proofs for programs with
    shape-shifting heaps CAV06

127
Experimental results
128
Experimental results
129
Experimental results
130
Experimental results
131
Experimental results
132
Experimental results
133
Experimental results
134
Experimental results
135
Experimental results
136
Experimental results
137
Experimental results
138
Experimental results
139
Experimental results
140
Experimental results
141
Experimental results
142
Experimental results
143
Outline
  • Introduction
  • Sequential programs
  • Concurrent programs
  • Extensions, optimizations, etc
  • Conclusion

144
Outline
  • Introduction
  • Sequential programs
  • Concurrent programs
  • Extensions, optimizations, etc
  • Conclusion

145
Conclusion
  • Reactive systems need terminating components
  • Termination is one of the frontiers of automatic
    program correctness proof tools
  • Together with shape and concurrency
  • Terminator automatically proves termination (and
    other liveness properties) of programs

146
Conclusion
  • See research.microsoft.com/Terminator
  • Write to bycook_at_microsoft.com
  • Thank you for your attention
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Automatically proving program termination" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!