Post on 01-Apr-2015
1
Termination and shape-shifting heaps
Byron Cook
bycook@microsoft.com
Microsoft Research, Cambridge
Joint work with Josh Berdine, Dino Distefano, and Peter O’Hearn
2
0
5
10
15
20
25
30
35
40
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
0
10
20
30
40
50
60
70
80
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
Lines of code (x1000)
Cut-point set size
Experimental results with Terminator [CAV’06,PLDI’06,SAS’05]
3
0
5
10
15
20
25
30
35
40
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
0
10
20
30
40
50
60
70
80
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
Lines of code (x1000)
Cut-point set size
0
2
4
6
8
10
12
1 3 5 7 9 11 13 15 17 19 21 23
True bugs
False bugs
Experimental results with Terminator [CAV’06,PLDI’06,SAS’05]
4
0
5
10
15
20
25
30
35
40
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
0
10
20
30
40
50
60
70
80
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
Lines of code (x1000)
Cut-point set size
0
2
4
6
8
10
12
1 3 5 7 9 11 13 15 17 19 21 23
True bugs
False bugs
Experimental results with Terminator [CAV’06,PLDI’06,SAS’05]
5
0
5
10
15
20
25
30
35
40
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
0
10
20
30
40
50
60
70
80
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
Lines of code (x1000)
Cut-point set size
0
2
4
6
8
10
12
1 3 5 7 9 11 13 15 17 19 21 23
True bugs
False bugs
Experimental results with Terminator [CAV’06,PLDI’06,SAS’05]
6
Experimental results with Terminator [CAV’06,PLDI’06,SAS’05]
0
5
10
15
20
25
30
35
40
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
0
10
20
30
40
50
60
70
80
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
Lines of code (x1000)
Cut-point set size
0
2
4
6
8
10
12
1 3 5 7 9 11 13 15 17 19 21 23
True bugs
False bugs
7
Outline
Introduction
TERMINATOR’s proof rule
MUTANT/TERMINATOR
Experimental results
Conclusion & Discussion
8
Outline
Introduction
TERMINATOR’s proof rule
MUTANT/TERMINATOR
Experimental results
Conclusion & Discussion
9
TERMINATOR’s proof rule
10
TERMINATOR’s proof rule
11
TERMINATOR’s proof rule
12
TERMINATOR’s proof rule
13
TERMINATOR’s proof rule
14
TERMINATOR’s proof rule
Ø
15
TERMINATOR’s proof rule
Ø
16
TERMINATOR’s proof rule
17
TERMINATOR’s proof rule
18
TERMINATOR’s proof rule
19
TERMINATOR’s proof rule
20
TERMINATOR’s proof rule
21
TERMINATOR’s proof rule
22
TERMINATOR’s proof rule
23
TERMINATOR’s proof rule
24
Outline
Introduction
TERMINATOR’s proof rule
MUTANT/TERMINATOR
Experimental results
Conclusion & Discussion
25
Outline
Introduction
TERMINATOR’s proof rule
MUTANT/TERMINATOR
Experimental results
Conclusion & Discussion
26
Reversing the strategy
27
Reversing the strategy
28
Reversing the strategy
29
Reversing the strategy
30
Reversing the strategy
31
Reversing the strategy
32
Mutant
33
Mutant
34
Mutant example
35
Mutant example
36
Mutant example
37
Mutant example
38
Mutant example
39
Mutant example
40
Outline
Introduction
TERMINATOR’s proof rule
MUTANT/TERMINATOR
Experimental results
Conclusion & Discussion
41
Outline
Introduction
TERMINATOR’s proof rule
MUTANT/TERMINATOR
Experimental results
Conclusion & Discussion
42
Experimental results
Revisiting loops falsely accused with TERMINATOR:
43
Introduction
44
Introduction
45
Introduction
46
Introduction
47
Introduction
48
Introduction
49
Introduction
50
Introduction
51
Introduction
52
Introduction
53
Introduction
54
Introduction
55
Introduction
56
Introduction
57
Introduction
58
Introduction
59
Introduction
60
Outline
Introduction
TERMINATOR’s proof rule
MUTANT/TERMINATOR
Experimental results
Conclusion & Discussion
61
Outline
Introduction
TERMINATOR’s proof rule
MUTANT/TERMINATOR
Experimental results
Conclusion & Discussion
62
Conclusion & Discussion
Constructing automatic termination provers out of abstract interpreters: Over-approximate binary reachability using encoding into states Prove each state (partitioning of over-approximation) well-founded
MUTANT/TERMINATOR: Application using separation logic based abstract interpretation
63
Conclusion & Discussion
What’s next: combining termination analysis engines: Integer linear programs (TERMINATOR, roughly speaking) Mutating heaps (MUTANT) Non-linear programs (ZIGZAG)
64
Conclusion & Discussion
What’s next: combining termination analysis engines: Integer linear programs (TERMINATOR, roughly speaking) Mutating heaps (MUTANT) Non-linear programs (ZIGZAG)
65
Conclusion & Discussion
What’s next: combining termination analysis engines: Integer linear programs (TERMINATOR, roughly speaking) Mutating heaps (MUTANT) Non-linear programs (ZIGZAG)
66
Conclusion & Discussion
What’s next: combining termination analysis engines: Integer linear programs (TERMINATOR, roughly speaking) Mutating heaps (MUTANT) Non-linear programs (ZIGZAG)
67
Conclusion & Discussion
See http://research.microsoft.com/TERMINATOR Not-quite-camera-ready copy of CAV’06 paper about MUTANT Papers about TERMINATOR (PLDI’06, SAS’06, CAV’06)
Questions?