The Abstract Domain of Segmented Ranking Functions Caterina Urban - - PowerPoint PPT Presentation

the abstract domain of segmented ranking functions
SMART_READER_LITE
LIVE PREVIEW

The Abstract Domain of Segmented Ranking Functions Caterina Urban - - PowerPoint PPT Presentation

Aug 17, 2022 269 likes •1.02k views

The Abstract Domain of Segmented Ranking Functions Caterina Urban D epartement dInformatique Ecole Normale Sup erieure SAS 2013 Seattle, USA Introduction Concrete Semantics Our Contribution An Abstract Domain for Termination

slide-1
SLIDE 1

The Abstract Domain of Segmented Ranking Functions

Caterina Urban

D´ epartement d’Informatique ´ Ecole Normale Sup´ erieure

SAS 2013 Seattle, USA

slide-2
SLIDE 2

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Introduction

liveness properties ⇒ “something good eventually happens”

termination

ranking functions1

functions that strictly decrease at each program step. . . . . . and that are bounded from below

idea: computation of ranking functions by abstract interpretation2 family of parameterized abstract domains for program termination

piecewise-defined ranking functions backward invariance analysis sufficient conditions for termination

instance based on intervals and affine functions

1Floyd - Assigning Meanings to Programs (1967) 2Cousot&Cousot - An Abstract Interpretation Framework for Termination (POPL 2012)

2 / 22

slide-3
SLIDE 3

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Introduction

liveness properties ⇒ “something good eventually happens”

termination

ranking functions1

functions that strictly decrease at each program step. . . . . . and that are bounded from below

idea: computation of ranking functions by abstract interpretation2 family of parameterized abstract domains for program termination

piecewise-defined ranking functions backward invariance analysis sufficient conditions for termination

instance based on intervals and affine functions

1Floyd - Assigning Meanings to Programs (1967) 2Cousot&Cousot - An Abstract Interpretation Framework for Termination (POPL 2012)

2 / 22

slide-4
SLIDE 4

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Introduction

liveness properties ⇒ “something good eventually happens”

termination

ranking functions1

functions that strictly decrease at each program step. . . . . . and that are bounded from below

idea: computation of ranking functions by abstract interpretation2 family of parameterized abstract domains for program termination

piecewise-defined ranking functions backward invariance analysis sufficient conditions for termination

instance based on intervals and affine functions

1Floyd - Assigning Meanings to Programs (1967) 2Cousot&Cousot - An Abstract Interpretation Framework for Termination (POPL 2012)

2 / 22

slide-5
SLIDE 5

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Our Contribution

liveness properties ⇒ “something good eventually happens”

termination

ranking functions1

functions that strictly decrease at each program step. . . . . . and that are bounded from below

idea: computation of ranking functions by abstract interpretation2 family of parameterized abstract domains for program termination

piecewise-defined ranking functions backward invariance analysis sufficient conditions for termination

instance based on intervals and affine functions

1Floyd - Assigning Meanings to Programs (1967) 2Cousot&Cousot - An Abstract Interpretation Framework for Termination (POPL 2012)

2 / 22

slide-6
SLIDE 6

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Our Contribution

liveness properties ⇒ “something good eventually happens”

termination

ranking functions1

functions that strictly decrease at each program step. . . . . . and that are bounded from below

idea: computation of ranking functions by abstract interpretation2 family of parameterized abstract domains for program termination

piecewise-defined ranking functions backward invariance analysis sufficient conditions for termination

instance based on intervals and affine functions

1Floyd - Assigning Meanings to Programs (1967) 2Cousot&Cousot - An Abstract Interpretation Framework for Termination (POPL 2012)

2 / 22

slide-7
SLIDE 7

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Example int : x while 1(x ≥ 0) do

2x := −2x + 10

  • d3

1 2 3

x < 0 x := −2x + 10 x ≥ 0

3 / 22

slide-8
SLIDE 8

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Example int : x while 1(x ≥ 0) do

2x := −2x + 10

  • d3

the program terminates but there exists no linear ranking function! 1 2 3

x < 0 x := −2x + 10 x ≥ 0

3 / 22

slide-9
SLIDE 9

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Example int : x while 1(x ≥ 0) do

2x := −2x + 10

  • d3

we map each point to a function of x giving an upper bound on the steps before termination 1 2 3

x < 0 x := −2x + 10 x ≥ 0

3 / 22

slide-10
SLIDE 10

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Example int : x while 1(x ≥ 0) do

2x := −2x + 10

  • d3

we map each point to a function of x giving an upper bound on the steps before termination 1 2 3

x < 0 x := −2x + 10 x ≥ 0

⊥ ⊥ ⊥

3 / 22

slide-11
SLIDE 11

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Example int : x while 1(x ≥ 0) do

2x := −2x + 10

  • d3

we map each point to a function of x giving an upper bound on the steps before termination we start at the end with 0 steps before termination 1 2 3

x < 0 x := −2x + 10 x ≥ 0

x ⊥ ⊥

3 / 22

slide-12
SLIDE 12

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Example int : x while 1(x ≥ 0) do

2x := −2x + 10

  • d3

we map each point to a function of x giving an upper bound on the steps before termination we take into account x < 0 and we have now 1 step to termination 1 2 3

x < 0 x := −2x + 10 x ≥ 0

x ⊥ x

3 / 22

slide-13
SLIDE 13

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Example int : x while 1(x ≥ 0) do

2x := −2x + 10

  • d3

we map each point to a function of x giving an upper bound on the steps before termination we consider the assignment and we are now at 2 steps to termination 1 2 3

x < 0 x := −2x + 10 x ≥ 0

x x 6 x

3 / 22

slide-14
SLIDE 14

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Example int : x while 1(x ≥ 0) do

2x := −2x + 10

  • d3

we map each point to a function of x giving an upper bound on the steps before termination we consider x ≥ 0 and we do the join 1 2 3

x < 0 x := −2x + 10 x ≥ 0

x x 6 x

x 6

=

x 6

3 / 22

slide-15
SLIDE 15

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Example int : x while 1(x ≥ 0) do

2x := −2x + 10

  • d3

we map each point to a function of x giving an upper bound on the steps before termination 1 2 3

x < 0 x := −2x + 10 x ≥ 0

x x 2 6 x

x 2 6

=

x 0 2 6

3 / 22

slide-16
SLIDE 16

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Example int : x while 1(x ≥ 0) do

2x := −2x + 10

  • d3

we map each point to a function of x giving an upper bound on the steps before termination 1 2 3

x < 0 x := −2x + 10 x ≥ 0

x x 2 4 6 x

x 2 4 6

=

x 0 2 4 6

3 / 22

slide-17
SLIDE 17

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Example int : x while 1(x ≥ 0) do

2x := −2x + 10

  • d3

we map each point to a function of x giving an upper bound on the steps before termination 1 2 3

x < 0 x := −2x + 10 x ≥ 0

x x 2 4 6 x

x 2 4 6

=

x 0 2 4 6

3 / 22

slide-18
SLIDE 18

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Our Contribution

Example int : x while 1(x ≥ 0) do

2x := −2x + 10

  • d3

we map each point to a function of x giving an upper bound on the steps before termination we are able to find a piecewise-defined ranking function for the program! 1 2 3

x < 0 x := −2x + 10 x ≥ 0

x x 2 4 6 x 0 2 4 6

3 / 22

slide-19
SLIDE 19

Concrete Semantics

slide-20
SLIDE 20

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Trace Semantics Termination Semantics

program P → trace semantics finite traces Σ+ infinite traces Σ∞ βτ final states Σ states τ transition relation

5 / 22

slide-21
SLIDE 21

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Trace Semantics Termination Semantics

vτ ∈ Σ → O vτ lfp φτ φτ(v) λs.

  • if s ∈ βτ

sup{v(s′) + 1 | s, s′ ∈ τ} if s ∈ pre(dom(v)) Example Theorem (Soundness and Completeness) vτ is sound and complete to prove the termination of programs

Cousot&Cousot - An Abstract Interpretation Framework for Termination (POPL 2012)

6 / 22

slide-22
SLIDE 22

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Trace Semantics Termination Semantics

vτ ∈ Σ → O vτ lfp φτ φτ(v) λs.

  • if s ∈ βτ

sup{v(s′) + 1 | s, s′ ∈ τ} if s ∈ pre(dom(v)) Example Theorem (Soundness and Completeness) vτ is sound and complete to prove the termination of programs

Cousot&Cousot - An Abstract Interpretation Framework for Termination (POPL 2012)

6 / 22

slide-23
SLIDE 23

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Trace Semantics Termination Semantics

vτ ∈ Σ → O vτ lfp φτ φτ(v) λs.

  • if s ∈ βτ

sup{v(s′) + 1 | s, s′ ∈ τ} if s ∈ pre(dom(v)) Example 1 Theorem (Soundness and Completeness) vτ is sound and complete to prove the termination of programs

  • pre(X) {s ∈ Σ | ∀s′ ∈ Σ : s, s′ ∈ τ ⇒ s′ ∈ X}

Cousot&Cousot - An Abstract Interpretation Framework for Termination (POPL 2012)

6 / 22

slide-24
SLIDE 24

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Trace Semantics Termination Semantics

vτ ∈ Σ → O vτ lfp φτ φτ(v) λs.

  • if s ∈ βτ

sup{v(s′) + 1 | s, s′ ∈ τ} if s ∈ pre(dom(v)) Example 1 2 1 Theorem (Soundness and Completeness) vτ is sound and complete to prove the termination of programs

  • pre(X) {s ∈ Σ | ∀s′ ∈ Σ : s, s′ ∈ τ ⇒ s′ ∈ X}

Cousot&Cousot - An Abstract Interpretation Framework for Termination (POPL 2012)

6 / 22

slide-25
SLIDE 25

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Trace Semantics Termination Semantics

vτ ∈ Σ → O vτ lfp φτ φτ(v) λs.

  • if s ∈ βτ

sup{v(s′) + 1 | s, s′ ∈ τ} if s ∈ pre(dom(v)) Example 1 2 1 2 1 Theorem (Soundness and Completeness) vτ is sound and complete to prove the termination of programs

  • pre(X) {s ∈ Σ | ∀s′ ∈ Σ : s, s′ ∈ τ ⇒ s′ ∈ X}

Cousot&Cousot - An Abstract Interpretation Framework for Termination (POPL 2012)

6 / 22

slide-26
SLIDE 26

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Trace Semantics Termination Semantics

vτ ∈ Σ → O vτ lfp φτ φτ(v) λs.

  • if s ∈ βτ

sup{v(s′) + 1 | s, s′ ∈ τ} if s ∈ pre(dom(v)) Example 1 2 1 2 1 Theorem (Soundness and Completeness) vτ is sound and complete to prove the termination of programs

Cousot&Cousot - An Abstract Interpretation Framework for Termination (POPL 2012)

6 / 22

slide-27
SLIDE 27

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Trace Semantics Termination Semantics

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

1 2 3

x < 10 x := x + 1 x ≥ 10

7 / 22

slide-28
SLIDE 28

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Trace Semantics Termination Semantics

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

1 2 3

x < 10 x := x + 1 x ≥ 10

x ⊥ x 10

7 / 22

slide-29
SLIDE 29

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Trace Semantics Termination Semantics

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

1 2 3

x < 10 x := x + 1 x ≥ 10

x x 9 x 10

x 9

=

x 10

7 / 22

slide-30
SLIDE 30

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Trace Semantics Termination Semantics

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

1 2 3

x < 10 x := x + 1 x ≥ 10

x x 9 x 10

x 9

=

x 8 10

7 / 22

slide-31
SLIDE 31

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Trace Semantics Termination Semantics

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

1 2 3

x < 10 x := x + 1 x ≥ 10

x x 7 9 x 10

x 7 9

=

x 8 10

7 / 22

slide-32
SLIDE 32

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Trace Semantics Termination Semantics

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

1 2 3

x < 10 x := x + 1 x ≥ 10

x x 7 9 x 10

x 7 9

=

x 6 8 10

7 / 22

slide-33
SLIDE 33

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work Trace Semantics Termination Semantics

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

vτ is not computable! 1 2 3

x < 10 x := x + 1 x ≥ 10

x x 1 3 5 7 9 x 0 2 4 6 8 10

7 / 22

slide-34
SLIDE 34

An Abstract Domain for Termination

slide-35
SLIDE 35

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

vτ v #

τ

α γ States Abstract Domain E Functions Abstract Domain P Segmented Ranking Functions Abstract Domain V(E, P)

9 / 22

slide-36
SLIDE 36

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Σ → O, ⊑ V#, ⊑# αV γV States Abstract Domain E Functions Abstract Domain P Segmented Ranking Functions Abstract Domain V(E, P)

x 5 9

9 / 22

slide-37
SLIDE 37

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Σ → O, ⊑ V#, ⊑# αV γV States Abstract Domain E Functions Abstract Domain P Segmented Ranking Functions Abstract Domain V(E, P)

x 5 9

9 / 22

slide-38
SLIDE 38

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Σ → O, ⊑ V#, ⊑# αV γV States Abstract Domain E Functions Abstract Domain P Segmented Ranking Functions Abstract Domain V(E, P)

x 5 9

9 / 22

slide-39
SLIDE 39

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Σ → O, ⊑ V#, ⊑# αV γV States Abstract Domain E

Intervals Abstract Domain

Functions Abstract Domain P

Affine Functions Abstract Domain

Segmented Ranking Functions Abstract Domain V(E, P)

Segmented Affine Ranking Functions Abstract Domain

x 5 9

9 / 22

slide-40
SLIDE 40

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Intervals Abstract Domain3

℘(Σ), ⊆ E#, ⊑E αE γE E# {⊥E}∪{[a, b] | a ∈ I∪{−∞}, b ∈ I∪{+∞}} I ∈ {Z, . . . } join: ⊔E meet: ⊓E widening: ▽E backward assignments: ASSIGNE tests: FILTERE

3Cousot&Cousot - Static Determination of Dynamic Properties of Programs (1976)

10 / 22

slide-41
SLIDE 41

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Affine Functions Abstract Domain

Σ → O, ⊑ P# ≡ E# × F#, ⊑P αP γP F# {⊥F} ∪ {f # | f # ∈ In → N} ∪ {⊤F} where f # ≡ y = f (x1, . . . , xn) = m1x1 + · · · + mnxn + q approximation order: ρ#

1 , f # 1 ⊑P ρ# 2 , f # 2 ρ# 1 ⊒E ρ# 2 ∧ f # 1 ⊑F f # 2

computational order: ρ#

1 , f # 1 P ρ# 2 , f # 2 ρ# 1 ⊑E ρ# 2 ∧ f # 1 ⊑F f # 2

11 / 22

slide-42
SLIDE 42

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Affine Functions Abstract Domain

Σ → O, ⊑ P# ≡ E# × F#, ⊑P αP γP F# {⊥F} ∪ {f # | f # ∈ In → N} ∪ {⊤F} where f # ≡ y = f (x1, . . . , xn) = m1x1 + · · · + mnxn + q approximation order: ρ#

1 , f # 1 ⊑P ρ# 2 , f # 2 ρ# 1 ⊒E ρ# 2 ∧ f # 1 ⊑F f # 2

computational order: ρ#

1 , f # 1 P ρ# 2 , f # 2 ρ# 1 ⊑E ρ# 2 ∧ f # 1 ⊑F f # 2

11 / 22

slide-43
SLIDE 43

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

join: ⊔P Example x1 x2 4 4

f1(x1, x2) = − 1

2x2 + 2

⊔P x1 x2 4 4

f2(x1, x2) = − 1

2x1 + 2

= x1 x2 4 4

f (x1, x2) = − 1

2x1 − 1 2x2 + 4

backward assignments: ASSIGNP Example x 3 9

f (x) = x − 2

x := x + 1 = ⇒ x 2 8

f (x) = x + 1 − 2 + 1 = x

12 / 22

slide-44
SLIDE 44

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

join: ⊔P Example x1 x2 4 4

f1(x1, x2) = − 1

2x2 + 2

⊔P x1 x2 4 4

f2(x1, x2) = − 1

2x1 + 2

= x1 x2 4 4

f (x1, x2) = − 1

2x1 − 1 2x2 + 4

backward assignments: ASSIGNP Example x 3 9

f (x) = x − 2

x := x + 1 = ⇒ x 2 8

f (x) = x + 1 − 2 + 1 = x

12 / 22

slide-45
SLIDE 45

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Segmented Affine Ranking Functions Domain

Σ → O, ⊑ V#, ⊑V αV γV V# {(E# × F#)k | k ≥ 0} segmentation unification Example x y 4 3 + x y 2 1 = x y 2 4 1 3

13 / 22

slide-46
SLIDE 46

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Segmented Affine Ranking Functions Domain

Σ → O, ⊑ V#, ⊑V αV γV V# {(E# × F#)k | k ≥ 0} segmentation unification Example x y 4 3 + x y 2 1 = x y 2 4 1 3

13 / 22

slide-47
SLIDE 47

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

approximation order: ⊑V computational order: V join: ⊔V widening: ▽V Example x

6 11

▽ ▽ ▽V x = x

14 / 22

slide-48
SLIDE 48

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

approximation order: ⊑V computational order: V join: ⊔V widening: ▽V Example x

6 11

▽ ▽ ▽V x

3 6 11

= x

14 / 22

slide-49
SLIDE 49

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

approximation order: ⊑V computational order: V join: ⊔V widening: ▽V Example x

6 11

▽ ▽ ▽V x

6 11

= x

14 / 22

slide-50
SLIDE 50

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

approximation order: ⊑V computational order: V join: ⊔V widening: ▽V Example x

6 11

▽ ▽ ▽V x

6 11

= x

6 11

14 / 22

slide-51
SLIDE 51

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

approximation order: ⊑V computational order: V join: ⊔V widening: ▽V Example x

6 11

▽ ▽ ▽V x

6 11

= x

6 11

14 / 22

slide-52
SLIDE 52

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

backward assignments: ASSIGNV Example x 6

x → (−∞, 5], ⊥F x → [6, +∞), y = 4

x := x + [0, 4] = ⇒ x 2 5

x → (−∞, 5], ⊥F x → [2, +∞), y = 4 + 1

tests: FILTERV

15 / 22

slide-53
SLIDE 53

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

backward assignments: ASSIGNV Example x 6

x → (−∞, 5], ⊥F x → [6, +∞), y = 4

x := x + [0, 4] = ⇒ x 6

x → (−∞, 1], ⊥F x → [2, 5], ⊥F x → [6, +∞), y = 5

tests: FILTERV

15 / 22

slide-54
SLIDE 54

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

backward assignments: ASSIGNV Example x 6

x → (−∞, 5], ⊥F x → [6, +∞), y = 4

x := x + [0, 4] = ⇒ x 6

x → (−∞, 1], ⊥F x → [2, 5], ⊥F x → [6, +∞), y = 5

tests: FILTERV

15 / 22

slide-55
SLIDE 55

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

vτ ∈ Σ → O v #

τ ∈ V#

αV γV

S#statement ∈ V#

POST → V# PRE

S#x := Av ASSIGNV(x := A, v) S#if B then S1 else S2 fiv FILTERV(B, S#S1v) V FILTERV(¬B, S#S2v) S#while B do S odv lfp#V

⊥V φ#

where φ# λx. FILTERV(¬B, v) V FILTERV(B, S#Sx) S#S1 ; S2v S#S1(S#S2v)

Theorem (Soundness) v#

τ is sound to prove the termination of programs

16 / 22

slide-56
SLIDE 56

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

1 2 3

x ≥ 10 x < 10 x := x + 1

17 / 22

slide-57
SLIDE 57

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

1 2 3

x ≥ 10 x < 10 x := x + 1

x ⊥ x 10

17 / 22

slide-58
SLIDE 58

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

1 2 3

x ≥ 10 x < 10 x := x + 1

x x 9 x 10

V

x 9

=

x 10

17 / 22

slide-59
SLIDE 59

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

1 2 3

x ≥ 10 x < 10 x := x + 1

x x 9 x 10

V

x 9

=

x 8 10

17 / 22

slide-60
SLIDE 60

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

1 2 3

x ≥ 10 x < 10 x := x + 1

x x 9 x 10

▽ ▽ ▽V

x 8 10

=

x 8 10

17 / 22

slide-61
SLIDE 61

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

1 2 3

x ≥ 10 x < 10 x := x + 1

x x 7 9 x 8 10

▽V

x 8 10

=

x 8 10

17 / 22

slide-62
SLIDE 62

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

1 2 3

x ≥ 10 x < 10 x := x + 1

x x 7 9 x 8 10

17 / 22

slide-63
SLIDE 63

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Example int : x while 1(x < 10) do

2x := x + 1

  • d3

1 2 3

x ≥ 10 x < 10 x := x + 1

x x 7 9 x 8 10

  • tnotesize

Alias&Darte&Feautrier&Gonnord - Multi-Dimensional Rankings, Program Termination, and Complexity Bounds

  • f Flowchart Programs (SAS 2010)
  • tnotesize

Berdine&al. - Variance Analyses from Invariance Analyses (POPL 2007)

17 / 22

slide-64
SLIDE 64

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Simple Loops

Example int : x1, x2 while 1(x1 ≥ 0 ∧ x2 ≥ 0) do if 2(?) then

3x1 := x1 − 1

else

4x2 := x2 − 1

fi

  • d5

18 / 22

slide-65
SLIDE 65

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Simple Loops

Example int : x1, x2 while 1(x1 ≥ 0 ∧ x2 ≥ 0) do if 2(?) then

3x1 := x1 − 1

else

4x2 := x2 − 1

fi

  • d5
  • tnotesize

Cook&Podelski&Rybalchenko - Terminator: Beyond Safety (CAV 2006)

18 / 22

slide-66
SLIDE 66

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Sufficient Preconditions for Termination

Example int : x while 1(x < 10) do

2x := 2 ∗ x

  • d3

f (x) =

  • 3

5 ≤ x ≤ 9 1 10 ≤ x f (x) =                9 x = 1 7 x = 2 5 3 ≤ x ≤ 4 3 5 ≤ x ≤ 9 1 10 ≤ x

19 / 22

slide-67
SLIDE 67

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Sufficient Preconditions for Termination

Example int : x while 1(x < 10) do

2x := 2 ∗ x

  • d3

f (x) =

  • 3

5 ≤ x ≤ 9 1 10 ≤ x f (x) =                9 x = 1 7 x = 2 5 3 ≤ x ≤ 4 3 5 ≤ x ≤ 9 1 10 ≤ x

19 / 22

slide-68
SLIDE 68

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

Sufficient Preconditions for Termination

Example int : x while 1(x < 10) do

2x := 2 ∗ x

  • d3

f (x) =

  • 3

5 ≤ x ≤ 9 1 10 ≤ x f (x) =                9 x = 1 7 x = 2 5 3 ≤ x ≤ 4 3 5 ≤ x ≤ 9 1 10 ≤ x

  • tnotesizeCook&al - Proving Conditional Termination (CAV 2008)

19 / 22

slide-69
SLIDE 69

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

http://www.di.ens.fr/~urban/FuncTion.html written in OCaml implemented on top of Apron4 forward reachability analysis to improve precision Example int : x1, x2

1x2 := 1

while 2(x1 < 10) do

3x1 := x1 + x2

  • d4

4http://apron.cri.ensmp.fr/library/

20 / 22

slide-70
SLIDE 70

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work States Abstract Domain Functions Abstract Domain Segmented Ranking Functions Abstract Domain Abstract Termination Semantics Implementation

http://www.di.ens.fr/~urban/FuncTion.html written in OCaml implemented on top of Apron4 forward reachability analysis to improve precision Example int : x1, x2

1x2 := 1

while 2(x1 < 10) do

3x1 := x1 + x2

  • d4

4http://apron.cri.ensmp.fr/library/

20 / 22

slide-71
SLIDE 71

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work

Conclusions family of parameterized abstract domains for program termination

piecewise-defined ranking functions backward invariance analysis

instance based on intervals and affine functions

segmentation overcomes non-existence of linear ranking functions analysis not limited to simple loops sufficient conditions for termination

Future Work more abstract domains (e.g. non-linear functions)

  • ther liveness properties

cost analysis non-termination

21 / 22

slide-72
SLIDE 72

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work

Conclusions family of parameterized abstract domains for program termination

piecewise-defined ranking functions backward invariance analysis

instance based on intervals and affine functions

segmentation overcomes non-existence of linear ranking functions analysis not limited to simple loops sufficient conditions for termination

Future Work more abstract domains (e.g. non-linear functions)

  • ther liveness properties

cost analysis non-termination

21 / 22

slide-73
SLIDE 73

Introduction Concrete Semantics An Abstract Domain for Termination Conclusion and Future Work

Conclusions family of parameterized abstract domains for program termination

piecewise-defined ranking functions backward invariance analysis

instance based on intervals and affine functions

segmentation overcomes non-existence of linear ranking functions analysis not limited to simple loops sufficient conditions for termination

Future Work more abstract domains (e.g. non-linear functions)

  • ther liveness properties

cost analysis non-termination

21 / 22

slide-74
SLIDE 74

Questions?

“. . . the purpose of abstraction is not to be vague, but to create a new semantic level in which one can be absolutely precise.” (Edsger Dijkstra)