Presentation is loading. Please wait.

Presentation is loading. Please wait.

Non-Termination of Affine Loops Kevin Durant, Corina Pasareanu, Willem Visser Stellenbosch University and NASA/CMU.

Published byAugust Carr Modified over 9 years ago

Similar presentations

Presentation on theme: "Non-Termination of Affine Loops Kevin Durant, Corina Pasareanu, Willem Visser Stellenbosch University and NASA/CMU."— Presentation transcript:

1 Non-Termination of Affine Loops Kevin Durant, Corina Pasareanu, Willem Visser Stellenbosch University and NASA/CMU

2 public String preserveTags(String body) {…}

3 Infinite loops are the worst kind of error, since it is input driven and therefore can reappear frequently, in fact infinitely often!

4 Symbolic String Analysis (Almost) All Java String operations covered Mixed Integer and String constraints Automata and SMT (bitvector) back-ends Part of Symbolic PathFinder M.Sc. by Gideon Redelinghuys Collaborators – Jaco Geldenhuys (Stellenbosch)

5 Infinite Loop? while (x > 0) (x,y) = (x+y+2,-x); Try (2,-3)

6 We only consider affine transformations on loop variables and simple loop conditions such as x>0 and x>=0

7 x,y are inputs while (x >= 0) { x := x – y; } Infinite Loop?

8 x,y are inputs while (x >= 0) { assert(‘x > x); x := x – y; } Ranking functions

9 Use ranking functions for non-termination!

10 x,y are inputs while (x >= 0) { assert(‘x > x); x := x – y; } Ranking functions ‘x <= x … {c /\ wp(s,‘x <= x)} s {c /\ wp(s,‘x <= x)}

11 x,y are inputs while (x >= 0) { assert(‘x > x); x := x – y; } Inductive? {x >= 0 /\ wp(x:=x-y,‘x <= x)} x := x - y {x >= 0/\ wp(x:=x-y,‘x <= x)} wp(x:=x-y,’x<=x) = {x <= x-y} {x >= 0 /\ y <= 0} x := x - y {x >= 0 /\ y <= 0}

12 So how about just… while (c) { s; } {c /\ wp(s,!rr)} s {c /\ wp(s,!rr)}

13 x,y are inputs while (x >= 0) { assert(‘x > x); x := x + y; y := 1 – y; }

14 x,y are inputs while (x >= 0) { assert(‘x > x); x := x + y; y := 1 – y; } {x >= 0 /\ wp(x:=x+y;y:=1-y,‘x <= x)} x := x – y; y := 1 – y; {x >= 0/\ wp(x:=x+y;y:=1-y,‘x <= x)} wp(x:=x+y;y:=1-y,’x<=x) = {x <= x+(1-y)} {x >= 0 /\ y <= 1} x:=x+y;y:=1-y; {x >= 0 /\ y <= 1}

15 ‘x <= x … ‘x <= x … N while (c) { s; } {c /\ wp(s n,!rr)} s n {c /\ wp(s n,!rr)}

16 while (x 0 > 0) { f(x) = Ax+b; } We conjecture that if there is an infinite loop then there exist n such that for all x for which the following is true you will loop infinitely x 0 > 0 /\ f 1 (x) > 0 /\ … /\ f 2n-1 (x) > 0 /\ x 0 ≤ f n (x) => f n (x) ≤ f 2n (x) Can we derive n from the number of variables in x? For 1 variable n = 2For 2 variables n >= 6 For 3 variables there is no n

17 Infinite Loop and no “n” while (x > 0) { x = 5x+y+z, y = 4y+3z, z = -3y+4z; }

18 Implementation JavaPathFinder Symbolic PathFinder SPF AffineLoopListener Model Checker for Java Open Source http://babelfish.arc.nasa.gov/trac/jpf Symbolic Execution extension for JPF called jpf-symbc Custom Listener on SPF Tries n = 0..6

19 To Do Study how many loops can be handled? Combine with abstraction Nested Loops?

Download ppt "Non-Termination of Affine Loops Kevin Durant, Corina Pasareanu, Willem Visser Stellenbosch University and NASA/CMU."

Similar presentations

Symbolic Analysis. Symbolic analysis tracks the values of variables in programs symbolically as expressions of input variables and other variables, which.

Symbolic Analysis. Symbolic analysis tracks the values of variables in programs symbolically as expressions of input variables and other variables, which.
Symbolic Execution with Mixed Concrete-Symbolic Solving

Symbolic Execution with Mixed Concrete-Symbolic Solving
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Parallel Symbolic Execution for Structural Test Generation Matt Staats Corina Pasareanu ISSTA 2010.

Parallel Symbolic Execution for Structural Test Generation Matt Staats Corina Pasareanu ISSTA 2010.
Model Counting >= Symbolic Execution Willem Visser Stellenbosch University Joint work with Matt Dwyer (UNL, USA) Jaco Geldenhuys (SU, RSA) Corina Pasareanu.

Model Counting >= Symbolic Execution Willem Visser Stellenbosch University Joint work with Matt Dwyer (UNL, USA) Jaco Geldenhuys (SU, RSA) Corina Pasareanu.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
Symbolic execution © Marcelo d’Amorim 2010.

Symbolic execution © Marcelo d’Amorim 2010.
Fall 20021 Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.

Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.
Bhaskar Bagchi (11CS10058) Lecture Slides( 9 th Sept. 2013)

Bhaskar Bagchi (11CS10058) Lecture Slides( 9 th Sept. 2013)
Logic Gate Level Part 2. Constructing Boolean expression from truth table First method: write nonparenthesized OR of ANDs Each AND is a 1 in the result.

Logic Gate Level Part 2. Constructing Boolean expression from truth table First method: write nonparenthesized OR of ANDs Each AND is a 1 in the result.
Computer Science A 4 13/3. Goals To be able to program loops with the while, for, and do statements To avoid infinite loops and off-by-one errors To understand.

Computer Science A 4 13/3. Goals To be able to program loops with the while, for, and do statements To avoid infinite loops and off-by-one errors To understand.
1 Repetition structures Overview while statement for statement do while statement.

1 Repetition structures Overview while statement for statement do while statement.
Loops – While Loop Repetition Statements While Reading for this Lecture, L&L, 5.5.

Loops – While Loop Repetition Statements While Reading for this Lecture, L&L, 5.5.
Loops – While, Do, For Repetition Statements Introduction to Arrays

Loops – While, Do, For Repetition Statements Introduction to Arrays
Multiplexer as a Universal Function Generator

Multiplexer as a Universal Function Generator
CS 280 Data Structures Professor John Peterson. Lexer Project Questions? Must be in by Friday – solutions will be posted after class The next project.

CS 280 Data Structures Professor John Peterson. Lexer Project Questions? Must be in by Friday – solutions will be posted after class The next project.
©The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 4 th Ed Chapter 6 - 1 Chapter 6 Repetition Statements.

©The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 4 th Ed Chapter Chapter 6 Repetition Statements.
Loops Repetition Statements. Repetition statements allow us to execute a statement multiple times Often they are referred to as loops Like conditional.

Loops Repetition Statements. Repetition statements allow us to execute a statement multiple times Often they are referred to as loops Like conditional.
© 2004 Pearson Addison-Wesley. All rights reserved5-1 Iterations/ Loops The while Statement Other Repetition Statements.

© 2004 Pearson Addison-Wesley. All rights reserved5-1 Iterations/ Loops The while Statement Other Repetition Statements.
1 The Pumping Lemma for Context-Free Languages. 2 Take an infinite context-free language Example: Generates an infinite number of different strings.

1 The Pumping Lemma for Context-Free Languages. 2 Take an infinite context-free language Example: Generates an infinite number of different strings.

Similar presentations

Ads by Google