Structure Theorem and Strict Alternation Hierarchy for FO on Words
Alternation for Termination
description
Transcript of Alternation for Termination
“Gecko mediaplayer hangs the browser”
“Eclipse hangs after 5 minutes or so of working”
“BUG: Silverlight makes browser hang after BeginSaveChanges on some machines”
“BUG: VB Hangs While Automating Excel Using OLE Control”
…
A Quick Search “bug code hangs”:
An Example with Non-Trivial Contextf(int d, z) { int x, y;
while (x > 0 && y > 0) {if (*) {
x := x – d;y := *;z := z – 1;
} else {y := y – d;
}} }
main() { int k; int z = 1; while (z < k) { z := 2 * z; }
f(1, z); f(2, z);}
Local Provers Succeeding
while (x > 0 && y > 0) {assume(d > 0);if (*) {
x := x – d;y := *;z := z – 1;
} else {y := y – d;
}}
yx
Local Provers Failingf(int d) {
int x, y;while (x > 0 && y > 0) { assume(d > 0);
if (*) {x := x – d;y := *;z := z – 1;
} else {y := y – d;
} } }
main() { f(1); f(2);}??
Advantage of Transition Invariants
A stem to a loop can include information about the loop’s context.
Transition Invariants Succeedingf(int d) {
while (x > 0 && y > 0) {if (*) {
x := x – d;y := *;
} else {y := y – d;
}} }
main() {f(1);f(2); }
while (x > 0 && y > 0) {
x := x – d; y := *;
}
x
Transition Invariants Succeedingf(int d) {
while (x > 0 && y > 0) {if (*) {
x := x – d;y := *;
} else {y := y – d;
}} }
main() {f(1);f(2); }
while (x > 0 && y > 0) {
y := y - d;}
y
Disadvantage of Transition Invariants
Stem and cycle can lead to incorrect guesses for proof of termination.
Transition Invariants Failingf(int d) {f(int d, int z) { int x, y;
while (x > 0 && y > 0) {if (*) {
x := x – d;y := *;z := z – 1;
} else {y := y – d;
} } }
main() { int k; int z = 1; while (z < k) { z := 2 * z; }
f(1); f(1, z); f(2); f(2, z);}
Context Analysis via TREXf(int d, z) { int x, y;
while (x > 0 && y > 0) {assume(d > 0);if (*) {
x := x – d;y := *;z := z – 1;
} else {y := y – d;
} } }
main() { int k; int z = 1; while (z < k) { z := 2 * z; }
f(1, z); f(2, z);}
Analysis via TREXf(int d, z) { int x, y;
while (x > 0 && y > 0) {assume(d > 0);if (*) {
x := x – d;y := *;z := z – 1;
} else {y := y – d;
} } }
main() { int k; int z = 1; while (z < k) { z := 2 * z; }
f(1, z); f(2, z);}
x, y
TREX iterativelyfinds a proof of termination,or finds a counterexample to termination, or refines stronger program invariants
The TREX Algorithm
f(int d, z) { int x, y;
while (x > 0 && y > 0) {if (*) {
x := x – d;y := *;z := z – 1;
} else {y := y – d;
} } }
main() { int k; int z = 1; while (z < k) { z := 2 * z; }
f(1, z); f(2, z);}
TREX Iteration Step 1
??
TREX Iteration Step 2f(int d, z) { int x, y;
while (x > 0 && y > 0) {if (*) {
x := x – d;y := *;z := z – 1;
} else {y := y – d;
} } }
main() { int k; int z = 1; while (z < k) { z := 2 * z; }
f(1, z); f(2, z);}
while (x > 0 && y > 0) { y := y – d;}
TREX Iteration Step 3
From the counterexample cycle,find a sufficient condition for
non-termination by applying anon-termination prover (TNT)
Applying a Non-Termination Prover
while (x > 0 && y > 0) { y := y – d;}
Non-termination if:y > 0 && d <= 0
TREX Iteration Step 4f(int d, z) { int x, y;
while (x > 0 && y > 0) {assert(d > 0);if (*) {
x := x – d;y := *;z := z – 1;
} else {y := y – d;
} } }
main() { int k; int z = 1; while (z < k) { z := 2 * z; }
f(1, z); f(2, z);}
while (x > 0 && y > 0) { y := y – d;}
Non-termination if:y > 0 && d <= 0
TREX Iteration Step 5f(int d, z) { int x, y;
while (x > 0 && y > 0) {assert(d > 0);if (*) {
x := x – d;y := *;z := z – 1;
} else {y := y – d;
} } }
main() { int k; int z = 1; while (z < k) { z := 2 * z; }
f(1, z); f(2, z);}
assume(d > 0);
x, y
Vista Driver SnippetsDriverName
TREX time (s) Terminator* time (s) TREX speedup
1 13.8 32.1 2.3
2 15.3 48.0 3.1
3 7.9 5.9 0.7
4 3.1 12.3 3.9
5 6.4 8.8 1.4
6 3.0 13.8 4.6
7 10.2 11.8 1.2
8 9.4 11.0 1.2
9 TO TO ---
10 2.5 10.3 4.1
Conclusion
TREX proves termination by using cycles through a loop to infer useful
program invariants
Transition Invariants Succeedingf(int d) {
while (x > 0 && y > 0) {if (*) {
x := x – d;y := *;
} else {y := y – d;
}} }
main() {f(1);f(2); }
x, y
Transition Invariants Failingf(int d) {f(int d, int z) { int x, y;
while (x > 0 && y > 0) {if (*) {
x := x – d;y := *;z := z – 1;
} else {y := y – d;
} } }
main() { int k; int z = 1; while (z < k) { z := 2 * z; }
f(1); f(1, z); f(2); f(2, z);}
while (x > 0 && y > 0) {assume(d = 1 && z = 1);if (*) {
x := x – d;y := *;z := z – 1;
} }
z - 1z = 1;
f(1, z);
Transition Invariants Failingf(int d) {f(int d, int z) { int x, y;
while (x > 0 && y > 0) {if (*) {
x := x – d;y := *;z := z – 1;
} else {y := y – d;
} } }
main() { int k; int z = 1; while (z < k) { z := 2 * z; }
f(1); f(1, z); f(2); f(2, z);}
while (x > 0 && y > 0) {assume(d = 1 && z = 2);if (*) {
x := x – d;y := *;z := z – 1;
} }
z - 2z = 1; z := 2 * z;
f(1, z);