Presentation is loading. Please wait.

Presentation is loading. Please wait.

10/25/2015COSC-4301-01, Lecture 151 Real-Time Systems, COSC-4301-01, Lecture 15 Stefan Andrei.

Published byMerry Bailey Modified over 9 years ago

Similar presentations

Presentation on theme: "10/25/2015COSC-4301-01, Lecture 151 Real-Time Systems, COSC-4301-01, Lecture 15 Stefan Andrei."— Presentation transcript:

1 10/25/2015COSC-4301-01, Lecture 151 Real-Time Systems, COSC-4301-01, Lecture 15 Stefan Andrei

2 10/25/2015 COSC-4301-01, Lecture 15 2 Reminder of the last lecture Decomposition-based Verification of Linear Real-Time Systems Specifications

3 10/25/2015 COSC-4301-01, Lecture 15 3 Overview of This Lecture Termination analysis by function inversion

4 Introduction Program’s correctness is one of the most important problem in computer science:  Partial correctness: a program P that terminates for any given input provides the expected output;  Total correctness: Partial correctness + Termination A program P terminates if it executes a finite number of steps for any input until provides the output.  Total correctness is more important than partial correctness (M. Huth and M. Ryan: Logic in Computer Science. Modelling and Reasoning about Systems. Cambridge Press, 2004) 10/25/2015 COSC-4301-01, Lecture 15 4

5 Introduction (cont) The halting problem (a.k.a., the termination problem):  Given a program and a finite input, decide whether the program finishes running or will run forever? In 1936, Alan Turing showed that the halting problem is undecidable. Hence, there is no general algorithm to prove program termination or to determine the runtime of a program. The halting problem is so famous because it was one if the first problems proved undecidable. 10/25/2015 COSC-4301-01, Lecture 15 5

6 Related Work It has been clear since the early days of computing that a program correctness argument can be clearly partitioned into partial (conditional) correctness, and termination:  C.A.R. Hoare. An Axiomatic Basis for Computer Programming. Communications of the ACM, 12:576–580, 1969. 10/25/2015 COSC-4301-01, Lecture 15 6

7 Related Work (cont.) Termination analysis has been developed for different programming frameworks over the years:  N. Dershowitz, N. Lindenstrauss, Y. Sagiv, and A. Serebrenik. A General Framework for Automatic Termination Analysis of Logic Programs. Applicable Algebra in Engineering, Communication and Computing, 12(1/2):117–156, 2001.  M. Colon and H. Sipma. Practical Methods for Proving Program Termination. In 14th International Conference on Computer Aided Verification (CAV), volume 2404 of Lecture Notes in Computer Science, pages 442–454. Springer, 2002.  Byron Cook, Andreas Podelski, and Andrey Rybalchenko. Termination proofs for systems code. SIGPLAN Not., 41(6):415–426, 2006. 10/25/2015 COSC-4301-01, Lecture 15 7

8 Related Work (cont.) There are many applications in real-time systems for which the termination problem is motivated. The termination problem was also considered in other papers:  C.S. Lee, N.D. Jones, and A.M. Ben-Amram. The Size-Change Principle for Program Termination. In Conference Record of the 28th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, volume 28, pages 81– 92. ACM press, January 2001.  H. Anderson, S.C. Khoo, S. Andrei, and B. Luca. Calculating Polynomial Runtime Properties. In Kwangkeun Yi, editor, APLAS 05: Asian Symposium on Programming Languages and Systems, pages 230–246, Springer, 2005. 10/25/2015 COSC-4301-01, Lecture 15 8

9 Conversion from while to recursion To the best of our knowledge, all these related works considered termination methods where the parameters values are decreasing. Our technique removes this restriction (Program P1 below): 10/25/2015 COSC-4301-01, Lecture 15 9 x = ; a = ; n = ; while (n != 0 && n != 1) { if (n % 2 == 0) { x = x * x; n = n / 2; } else { n++; a = x * a; } } return a;

10 F1 corresponds to P1 10/25/2015 COSC-4301-01, Lecture 15 10 We limit the definition of the termination analysis to function calls only.

11 The Runtime The runtime (a.k.a., as the running time) of a function execution is the number of function calls until it terminates. Such calls are the only difficult part of a runtime calculation, as other program constructs (statements, parameters transmission) add constant time delays. 10/25/2015 COSC-4301-01, Lecture 15 11

12 Essential Arguments The programs subject to analysis may contain arguments that are not essential for our method. Formally, given an initial program P, we denote by [P] the projection of P by considering only the parameters that occur in the test conditions of P:  An initial program P terminates if and only if [P] terminates, too. 10/25/2015 COSC-4301-01, Lecture 15 12

13 Essential Arguments (example) F1 is a function similar to that used in the calculation of x n. The projection of F1 (denoted as PF1) is given by Figure 1, where x and a are not parameters involved in the program’s termination. Note that PF1 is a single- parameter function, as it only has n as a parameter. 10/25/2015 COSC-4301-01, Lecture 15 13

14 The Numerical Normal Form Given a program P expressed as a single recursive function, we say that f() is the numerical normal form of [P] if and only if:  Arguments of f() are the same as arguments of [P];  Branch conditions of f() correspond to test conditions of [P];  The body of each branch of f() corresponds to the argument of the same branch of [P]. 10/25/2015 COSC-4301-01, Lecture 15 14

15 An Equivalent Reformulation The termination problem for [P] is equivalent to showing that for any n  N, there exists a k  N such that f (k) (n) = 0, where:  f (1) = f,  f (k+1) = f  f (k),   means the function’s composition,  and 0 is a constant corresponding to termination. 10/25/2015 COSC-4301-01, Lecture 15 15

16 Equivalent Reformulation (example) The numerical normal form of PF1 can be given by f 1 : N  N. The recursive calls of PF1 correspond to function’s composition operations of f 1 (): 10/25/2015 COSC-4301-01, Lecture 15 16 PF1(n) has k recursive calls until STOP if and only if f 1 (k) (n) = 0.

17 Our Class of Functions We consider the general numerical normal form for functions having one parameter is F : N  N such as: 10/25/2015 COSC-4301-01, Lecture 15 17 where: n’ 0,..., n’ m-1 are constants; x = n 0,..., x = n m-1 are terminating conditions;  0 (x),...,  p-1 (x) are called non-terminating conditions; f 0 (x),..., f p-1 (x) are invertible functions.

18 The Execution Trace Tree Given a function F(), the execution trace tree is denoted ETT(F). This tree is a pair (V,E), where V is the set of nodes (vertices) and E is the set of arcs (edges).  ETT(F) has an unlabeled root that has a number of direct descendants equal to the number of values from the termination conditions (e.g., values n’ 0,..., n’ m-1 ).  Each arc from node y to node x every time F(x) = y has a solution. 10/25/2015 COSC-4301-01, Lecture 15 18

19 ETT(F) for our class 10/25/2015 COSC-4301-01, Lecture 15 19 _ n’ 0 n’ m-1 n0n0 n m-1 y x … …… … … F(x)=y has a solution.

20 Finite Fragments of ETT(F) ETT(F) may contain infinite paths. For any y  N +, k  N + a finite p-ary tree with root y, having k levels, denoted ETT k (y) = (V k, E k ). Each node, except the root, v  V k is labeled with a natural number, denoted by label(v). The node v may have 1, 2,..., p descendants depending on its label y. That is,  i  {0,..., p – 1} whenever β i (f -1 i (y)) holds, then v has a descendant labeled by f -1 i (y). 10/25/2015 COSC-4301-01, Lecture 15 20

21 Connection to Termination Problem If all paths from the root are finite, then the termination problem can be easily solved.  For the inputs that are labels of ETT(F), the termination problem holds.  For the inputs not labels of ETT(F), the program runs infinitely. We denote labels(V) as being {label(v) | v  V}. One inclusion is obvious: labels(V )  N. Hence, the termination problem for F is equivalent to: labels(V(ETT(F))) = N +. 10/25/2015 COSC-4301-01, Lecture 15 21

22 An Example with Finite ETT Function f 2 is terminating only for inputs 0, 1, 2, and is non- terminating for the other naturals 3, 4,... So, the challenging case for tackling the termination problem and computing the runtime is when ETT has at least one potentially infinite path. 10/25/2015 COSC-4301-01, Lecture 15 22

23 An Effective Non-Trivial Subclass We consider the cases when f i () are affine functions and  i () are conditions containing modulo operators (called modulo-case functions): 10/25/2015 COSC-4301-01, Lecture 15 23 where F : N  N, and  i  {0,..., p-1}, we have a i  Q +, b i  Q, a i × p  N and a i × i + b i  N.

24 ETT(F) for a Modulo-Case Function Considering a modulo-case function, an arbitrary node v of ETT(F) may have up to p descendants depending on its label y. That is,  i  {0,..., p-1} whenever (y-b i )/a i  i (mod p), then v has a descendant labeled by (y-b i )/a i. Example:  ETT(f 1 ) is an infinite binary tree.  f -1 1 = {(m, 2m) |  m  1}  {(m, m - 1) | m is even}. 10/25/2015 COSC-4301-01, Lecture 15 24

25 ETT 5 (f 1 ) 10/25/2015 COSC-4301-01, Lecture 15 25 The arc (2, 1) was not generated because 1 belongs to ETT 5 (f 1 ).

26 Our Systematic Method s = max i={0, …, p-1} {  1/a i , 1} and  (k) =  s k if s > 1  k if s = 1 where  x  represents the integer ceiling of x. The set {0, 1, 2,...,  (k)} will be used in our method. The main idea is to generate ETT(f) until the algorithm finds a polynomial as an upper bound for the smallest level (sl) such that the set {0, 1, 2,...,  (k)} can be found as labels for the first sl levels of ETT(f). 10/25/2015 COSC-4301-01, Lecture 15 26

27 Our Systematic Method (cont.) If such a polynomial is found, then the designer can start doing the formal proof for the induction step. If this fails, then the algorithm will search a polynomial of a higher degree. The algorithm will look for polynomials of a predefined maximum degree, say d max. 10/25/2015 COSC-4301-01, Lecture 15 27

28 Algorithm A - Pseudocode The Input: A modulo-case function f() and a positive integer d max The Output:  ‘Yes’ (if f() is terminating) and a domain constraint as well as an estimation of running time, otherwise  ‘Polynomial up to degree d max not found’ (if the algorithm cannot find a polynomial for the runtime). 10/25/2015 COSC-4301-01, Lecture 15 28

29 Algorithm A - Pseudocode (cont.) 10/25/2015 COSC-4301-01, Lecture 15 29

30 Algorithm A - Pseudocode (cont.) 10/25/2015 COSC-4301-01, Lecture 15 30

31 Algorithm A’s Correctness Theorem 4.1 Let f be a modulo-case function, and d max a positive integer. Algorithm A will provide:  ‘Yes’ and a domain constraint as well as an estimation of running time, if the algorithm proved that f is terminating;  ‘Polynomial up to degree d max not found’, if the algorithm cannot find such a polynomial as an upper bound for the runtime. 10/25/2015 COSC-4301-01, Lecture 15 31

32 Algorithm A applied to f 1 () From the definition of f 1 (), we get s = 2, so  (k) = 2 k. The sets {0, 1, 2} and {0, 1, 2, 3, 4} are generated by level 1 and 3, respectively. The polynomial P of degree 1 such that P(1) = 1 and P(2) = 3 is P(x) = 2x – 1. Algorithm tests whether {0, 1, 2,..., 2 3 } are labels of ETT(f 1 ) by level P(3) = 5. According to Figure from slide 23, this assertion holds. 10/25/2015 COSC-4301-01, Lecture 15 32

33 Algorithm A applied to f 1 () Checking inductive step:  suppose that {0, 1, 2,..., 2 k } are labels of ETT(f 1 ) by the level P(k) = 2k - 1;  the method checks whether {0, 1, 2,..., 2 k, 2 k + 1,..., 2 k+1 } are labels of ETT(f 1 ) by level P(k + 1) = 2k + 1.  The proof is based on the fact that f -1 1 ={(m, 2m) |  m  1}  {(m, m - 1) | m is even}. Our algorithm was able to systematically prove the termination problem. The running time is 2 × log 2 (n)-1. 10/25/2015 COSC-4301-01, Lecture 15 33

34 10/25/2015 COSC-4301-01, Lecture 15 34 Conclusion This paper presented a novel and systematic approach for calculating the maximum runtime of functions for a nontrivial class of programs, based on an induction over a tree of execution traces.

35 Future work We are working towards a more complete characterization of the class of functions for which the runtime and termination analysis can be done using our approach. Comparison with state-of-the-art termination tools (e.g., Terminator); Applying our algorithm to challenging and famous problems, e.g., the Collatz problem (a.k.a., the ‘3x+1’ problem); Changing the class of polynomials to exponentials (or other functions) as an upper bound for labels of the ETT(F). 10/25/2015 COSC-4301-01, Lecture 15 35

36 10/25/2015 COSC-4301-01, Lecture 15 36 Summary Termination Analysis by Function Inversion

37 10/25/2015 COSC-4301-01, Lecture 15 37 Reading suggestions [And08] Andrei, S.: Termination Analysis by Program Inversion. SYNASC 2008

38 10/25/2015 COSC-4301-01, Lecture 15 38 Coming up next Modechart

39 10/25/2015 COSC-4301-01, Lecture 15 39 Thank you for your attention! Questions?

Download ppt "10/25/2015COSC-4301-01, Lecture 151 Real-Time Systems, COSC-4301-01, Lecture 15 Stefan Andrei."

Similar presentations

Problems and Their Classes

Problems and Their Classes
NP-Hard Nattee Niparnan.

NP-Hard Nattee Niparnan.
Lecture 24 MAS 714 Hartmut Klauck

Lecture 24 MAS 714 Hartmut Klauck
1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.

1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.
Timed Automata.

Timed Automata.
Outline. Theorem For the two processor network, Bit C(Leader) = Bit C(MaxF) = 2[log 2 ((M + 2)/3.5)] and Bit C t (Leader) = Bit C t (MaxF) = 2[log 2 ((M.

Outline. Theorem For the two processor network, Bit C(Leader) = Bit C(MaxF) = 2[log 2 ((M + 2)/3.5)] and Bit C t (Leader) = Bit C t (MaxF) = 2[log 2 ((M.
Number Theory and Cryptography

Number Theory and Cryptography
Lectures on Network Flows

Lectures on Network Flows
1 Section 14.1 Computability Some problems cannot be solved by any machine/algorithm. To prove such statements we need to effectively describe all possible.

1 Section 14.1 Computability Some problems cannot be solved by any machine/algorithm. To prove such statements we need to effectively describe all possible.
Complexity 12-1 Complexity Andrei Bulatov Non-Deterministic Space.

Complexity 12-1 Complexity Andrei Bulatov Non-Deterministic Space.
Complexity 15-1 Complexity Andrei Bulatov Hierarchy Theorem.

Complexity 15-1 Complexity Andrei Bulatov Hierarchy Theorem.
1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
1 Lecture 4 Topics –Problem solving Subroutine Theme –REC language class The class of solvable problems Closure properties.

1 Lecture 4 Topics –Problem solving Subroutine Theme –REC language class The class of solvable problems Closure properties.
CPSC 411, Fall 2008: Set 12 1 CPSC 411 Design and Analysis of Algorithms Set 12: Undecidability Prof. Jennifer Welch Fall 2008.

CPSC 411, Fall 2008: Set 12 1 CPSC 411 Design and Analysis of Algorithms Set 12: Undecidability Prof. Jennifer Welch Fall 2008.
Lecture 9 Recursive and r.e. language classes

Lecture 9 Recursive and r.e. language classes
1 Module 9 Recursive and r.e. language classes –representing solvable and half-solvable problems Proofs of closure properties –for the set of recursive.

1 Module 9 Recursive and r.e. language classes –representing solvable and half-solvable problems Proofs of closure properties –for the set of recursive.
1 Undecidability Andreas Klappenecker [based on slides by Prof. Welch]

1 Undecidability Andreas Klappenecker [based on slides by Prof. Welch]
Discrete Mathematics Lecture 4 Harper Langston New York University.

Discrete Mathematics Lecture 4 Harper Langston New York University.
Dr. Muhammed Al-Mulhem 1ICS535-101 ICS 535 Design and Implementation of Programming Languages Part 1 Computability (Chapter 2) ICS 535 Design and Implementation.

Dr. Muhammed Al-Mulhem 1ICS ICS 535 Design and Implementation of Programming Languages Part 1 Computability (Chapter 2) ICS 535 Design and Implementation.

Similar presentations

Ads by Google