Embed Size (px)
Citation preview
Non-Termination of Affine Loops
Kevin Durant, Corina Pasareanu, Willem Visser
Stellenbosch University and NASA/CMU
public String preserveTags(String body) {…}
Infinite loops are the worst kind of error, since it is input driven and therefore can reappear frequently, in fact infinitely often!
Symbolic String Analysis
• (Almost) All Java String operations covered• Mixed Integer and String constraints• Automata and SMT (bitvector) back-ends• Part of Symbolic PathFinder• M.Sc. by Gideon Redelinghuys• Collaborators
– Jaco Geldenhuys (Stellenbosch)
Infinite Loop?
while (x > 0) (x,y) = (x+y+2,-x);
Try (2,-3)
We only consider affine transformations on loop variables
and simple loop conditions such as x>0 and x>=0
x,y are inputs
while (x >= 0) { x := x – y;}
Infinite Loop?
x,y are inputs
while (x >= 0) { assert(‘x > x); x := x – y;}
Ranking functions
Use ranking functions for non-termination!
x,y are inputs
while (x >= 0) { assert(‘x > x); x := x – y;}
Ranking functions
‘x <= x
‘x <= x
‘x <= x…
{c /\ wp(s,‘x <= x)}s
{c /\ wp(s,‘x <= x)}
x,y are inputs
while (x >= 0) { assert(‘x > x); x := x – y;}
Inductive?
{x >= 0 /\ wp(x:=x-y,‘x <= x)}x := x - y
{x >= 0/\ wp(x:=x-y,‘x <= x)}
wp(x:=x-y,’x<=x) = {x <= x-y}
{x >= 0 /\ y <= 0}x := x - y
{x >= 0 /\ y <= 0}
So how about just…
while (c) { s;}
{c /\ wp(s,!rr)}s
{c /\ wp(s,!rr)}
x,y are inputs
while (x >= 0) { assert(‘x > x); x := x + y; y := 1 – y;}
x,y are inputs
while (x >= 0) { assert(‘x > x); x := x + y; y := 1 – y;}
{x >= 0 /\ wp(x:=x+y;y:=1-y,‘x <= x)}x := x – y; y := 1 – y;
{x >= 0/\ wp(x:=x+y;y:=1-y,‘x <= x)}
wp(x:=x+y;y:=1-y,’x<=x) = {x <= x+(1-y)}
{x >= 0 /\ y <= 1}x:=x+y;y:=1-y;
{x >= 0 /\ y <= 1}
‘x <= x
‘x <= x…
‘x <= x
‘x <= x
‘x <= x…
N
while (c) { s;}
{c /\ wp(sn,!rr)}sn
{c /\ wp(sn,!rr)}
while (x0 > 0) { f(x) = Ax+b;}
We conjecture that if there is an infinite loop thenthere exist n such that for all x for which the following is true you will loop infinitely
x0 > 0 /\ f1(x) > 0 /\ … /\ f2n-1(x) > 0 /\ x0 ≤ fn(x) => fn(x) ≤ f2n(x)
Can we derive n from the number of variables in x?
For 1 variable n = 2 For 2 variables n >= 6
For 3 variables there is no n
Infinite Loop and no “n”
while (x > 0) { x = 5x+y+z, y = 4y+3z, z = -3y+4z;}
Imple
men
tatio
n
JavaPathFinder
Symbolic PathFinderSPF
AffineLoopListener
Model Checker for JavaOpen Source
http://babelfish.arc.nasa.gov/trac/jpf
Symbolic Execution extension for JPF called jpf-symbc
Custom Listener on SPFTries n = 0..6
To Do
• Study how many loops can be handled?• Combine with abstraction• Nested Loops?
