Termination and Correctness Analysis of Cyclic Control
Siddharth Srivastava, Neil Immerman, Shlomo ZilbersteinUniversity of Massachusetts Amherst
Cyclic Control Flow
Cyclic control is essential in algorithms Essential to many branches of AI for the
same reasons Makes control structures compact, more
generally applicable Examples:▪ Workflow mining▪ Programming by demonstration▪ Automated planning▪ Automated service composition▪ Synthesis of robot controllers
Workflow Mining
[Eker et al. ‘09]
Programming by Demonstration
Given: sequences of ops for reversing small linked lists
Generate: reverse algorithm for unbounded LL
Automated Planning
Plans with loops: broad applicability[Winner et al. ’03, Bonet et al. ’09, Hu et al. ’10]
Generalized Plans: A Unifying Framework
[ICAPS GenPlan‘09, AIJ ‘11]
Common Challenges
Applicability test Cost of
instantiation Domain coverage Quality of
instantiation Complexity of
representation
Control knowledge +
A method for instantiation
Given a problem instance, will the execution of this GP solve
it? i.e.: • Terminate?• Reach a goal state?= Correctness
Applicability Test
Typical assumption: loop = non-nested iteration over collections
Fundamental Open Questions
• Are there useful, more general classes where reasoning about loops is even computable?
• How can we categorize such problem classes?
• How can we determine if a cyclic control flow will terminate and achieve a desired result in these classes?
A Fundamental Formulation
[Abacus Programs]
Abacus Programs
Finite sets of states & registers
Actions with unit increments/decrements
Decrement actions have two effects: If R1=0, goto S3 If R1>0: R1--; goto S2
Turing Machine-equivalent model of computation
[Lambek, 61]
Abacus Programs: Expressiveness
Abacus programs can express any control flow
The reachability problem:
Can state Si be reached in an execution?
Addresses both termination and correctness
Abacus Programs: Expressiveness
But reachability is equivalent to the halting problem for Turing machines in general…
Undecidable!
We identified useful cases where it can be solved
Computing Preconditions: Idea
We build on this idea to develop methods for Simple loops Monotone simple loops with shortcuts
Subclass: Simple Loops with Shortcuts
Need to be monotone:Net change on a register (if any) in each simple loop must have the same sign
Order Independence
loop1 loop2
• Loop1: increases R1 by 3• Loop2: decreases it by 2, then increases it by 5
Precondition for 1 iteration is order dependent (maintain R1 ≥ 0):
Loop1, Loop2
Loop2, Loop1
R1 ≥ 0 R1 ≥ 2
Such conditions cannot even be expressed efficiently using linear constraints
We compute conditionsfor an adversarial ordering
Reachability Results
Computed conditions are also necessary if: every simple loop with shortcuts is order
independent
TheoremGiven
: abacus program, all SCCs: simple loops with monotone shortcuts S: node in F: vector of desired register values
A disjunction of linear constraints on the initial register values gives sufficient conditions for reaching S with register values F.[Srivastava et al.,
ICAPS-10]
Applications
These results allow us to: Test correctness of a given generalized
plan Search for safe control structures
Application in Automated Planning
Under some conditions, can ensure:• All branch effects categorized by “role”-counts • Role-counts undergo constant change due to actions
[Srivastava et al., AIJ-11]
Conclusions: Fundamental Results Are there useful, more general classes where
reasoning about loops is even computable? Yes!
How can we categorize such problem classes? Abacus programs; structural properties
In these classes, how can we determine if a cyclic control flow will terminate and achieve a desired result? Translation to abacus programs Reachability queries
Reachability Results: Future Work
Removing monotonicity makes reachability undecidable even for simple loops with shortcuts!
Future Work Efficiently expressing order dependent
preconditions Identifying greater classes of abacus
programs(?) where reachability is decidable
to be continued…
Questions?