Termination and Correctness Analysis of Cyclic Control
description
Transcript of Termination and Correctness Analysis of Cyclic Control
![Page 1: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/1.jpg)
Termination and Correctness Analysis of Cyclic Control
Siddharth Srivastava, Neil Immerman, Shlomo ZilbersteinUniversity of Massachusetts Amherst
![Page 2: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/2.jpg)
Cyclic Control Flow
Cyclic control is essential in algorithms Essential to many branches of AI for the
same reasons Makes control structures compact, more
generally applicable Examples:▪ Workflow mining▪ Programming by demonstration▪ Automated planning▪ Automated service composition▪ Synthesis of robot controllers
![Page 3: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/3.jpg)
Workflow Mining
[Eker et al. ‘09]
![Page 4: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/4.jpg)
Programming by Demonstration
Given: sequences of ops for reversing small linked lists
Generate: reverse algorithm for unbounded LL
![Page 5: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/5.jpg)
Automated Planning
Plans with loops: broad applicability[Winner et al. ’03, Bonet et al. ’09, Hu et al. ’10]
![Page 6: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/6.jpg)
Generalized Plans: A Unifying Framework
[ICAPS GenPlan‘09, AIJ ‘11]
Common Challenges
Applicability test Cost of
instantiation Domain coverage Quality of
instantiation Complexity of
representation
Control knowledge +
A method for instantiation
Given a problem instance, will the execution of this GP solve
it? i.e.: • Terminate?• Reach a goal state?= Correctness
![Page 7: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/7.jpg)
Applicability Test
Typical assumption: loop = non-nested iteration over collections
Fundamental Open Questions
• Are there useful, more general classes where reasoning about loops is even computable?
• How can we categorize such problem classes?
• How can we determine if a cyclic control flow will terminate and achieve a desired result in these classes?
![Page 8: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/8.jpg)
A Fundamental Formulation
[Abacus Programs]
![Page 9: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/9.jpg)
Abacus Programs
Finite sets of states & registers
Actions with unit increments/decrements
Decrement actions have two effects: If R1=0, goto S3 If R1>0: R1--; goto S2
Turing Machine-equivalent model of computation
[Lambek, 61]
![Page 10: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/10.jpg)
Abacus Programs: Expressiveness
Abacus programs can express any control flow
The reachability problem:
Can state Si be reached in an execution?
Addresses both termination and correctness
![Page 11: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/11.jpg)
Abacus Programs: Expressiveness
But reachability is equivalent to the halting problem for Turing machines in general…
Undecidable!
We identified useful cases where it can be solved
![Page 12: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/12.jpg)
Computing Preconditions: Idea
We build on this idea to develop methods for Simple loops Monotone simple loops with shortcuts
![Page 13: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/13.jpg)
Subclass: Simple Loops with Shortcuts
Need to be monotone:Net change on a register (if any) in each simple loop must have the same sign
![Page 14: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/14.jpg)
Order Independence
loop1 loop2
• Loop1: increases R1 by 3• Loop2: decreases it by 2, then increases it by 5
Precondition for 1 iteration is order dependent (maintain R1 ≥ 0):
Loop1, Loop2
Loop2, Loop1
R1 ≥ 0 R1 ≥ 2
Such conditions cannot even be expressed efficiently using linear constraints
We compute conditionsfor an adversarial ordering
![Page 15: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/15.jpg)
Reachability Results
Computed conditions are also necessary if: every simple loop with shortcuts is order
independent
TheoremGiven
: abacus program, all SCCs: simple loops with monotone shortcuts S: node in F: vector of desired register values
A disjunction of linear constraints on the initial register values gives sufficient conditions for reaching S with register values F.[Srivastava et al.,
ICAPS-10]
![Page 16: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/16.jpg)
Applications
These results allow us to: Test correctness of a given generalized
plan Search for safe control structures
![Page 17: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/17.jpg)
Application in Automated Planning
Under some conditions, can ensure:• All branch effects categorized by “role”-counts • Role-counts undergo constant change due to actions
[Srivastava et al., AIJ-11]
![Page 18: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/18.jpg)
Conclusions: Fundamental Results Are there useful, more general classes where
reasoning about loops is even computable? Yes!
How can we categorize such problem classes? Abacus programs; structural properties
In these classes, how can we determine if a cyclic control flow will terminate and achieve a desired result? Translation to abacus programs Reachability queries
![Page 19: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/19.jpg)
Reachability Results: Future Work
Removing monotonicity makes reachability undecidable even for simple loops with shortcuts!
Future Work Efficiently expressing order dependent
preconditions Identifying greater classes of abacus
programs(?) where reachability is decidable
to be continued…
![Page 20: Termination and Correctness Analysis of Cyclic Control](https://reader037.fdocuments.us/reader037/viewer/2022102809/568140b7550346895dac78fe/html5/thumbnails/20.jpg)
Questions?