Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TUM Practical Course Summer 2023: Termination Analyses #1093

Merged
merged 419 commits into from
Nov 18, 2023

Conversation

Nimmseasy
Copy link

@Nimmseasy Nimmseasy commented Jun 22, 2023

Implementation of a sound termination analyses for single-threaded programs.
We handle 2 possible causes for non-termination:

  1. loops inside a function: We add a loop-counter variable to the CIL code after any loop head found in the CIL code and check it by assigning it in a special statment to another variable wich then is then locatet by goblints transfer functions. We run the apron analyses (either with polyhedra or octagon domain so far) to get the interval of our loop-counter Variable and see if its bounded => if its bounded we dont have an infinit loop.
    For goto statements we cant proof non termination, if they jump up in the codelines.
  2. recursion or call graph cycles: We build a context-sensitive call graph by defining a global invariant
    (callee_function-> (callee-context -> (caller_function, caller_context) and filling it as we analyse the program, and then search
    for cycles in this build callgraph.

If the program gets multithreaded we cant proof non termination.

Johanna Schinabeck and others added 30 commits June 20, 2023 16:17
Direct empty list comparison instead of checking length = 0.
Make loop_heads a function with argument ().
# Conflicts:
#	src/analyses/termination_new.ml
#	src/util/terminationPreprocessing.ml
# Conflicts:
#	src/framework/analyses.ml
… pulled check for result of loop analysis outside
# Conflicts:
#	src/framework/analyses.ml
@sim642
Copy link
Member

sim642 commented Nov 16, 2023

What's with the test failures in CI?

@sim642
Copy link
Member

sim642 commented Nov 17, 2023

What's with the test failures in CI?

I see that the test failures are timeouts somehow related to function size. But our regression tests are tiny. Is this termination analysis really that inefficient that it struggles so much on 100-line programs?

@jerhard
Copy link
Member

jerhard commented Nov 17, 2023

I see that the test failures are timeouts somehow related to function size. But our regression tests are tiny. Is this termination analysis really that inefficient that it struggles so much on 100-line programs?

The analysis relies on our relational analyses, and for most test cases uses polyhedra. The termination analysis introduces one counter variable per loop, so a polyhedra-based termination analysis does not scale well with functions containing multiple loops.

@sim642
Copy link
Member

sim642 commented Nov 17, 2023

I suppose we'll have to implement variable packing which everyone else has been doing for decades.

If nothing concerning shows up in our own preruns with termination analysis, I think this should be good enough to finally merge.

Copy link
Member

@jerhard jerhard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had to make a change so that the termination analysis is activated earlier by the autotuner if the autotuner is active and we have to analyze for termiation, as the termiation analysis needs to be activated before the preprocessing is done (to instrument the program with loop counter variables).

Additionally I had to add a handling if the loop unrolling encounters a all to goblint_bounded (the special function where the boundedness of the loop is checked); now loops that contain such a check are also unrolled.

@jerhard
Copy link
Member

jerhard commented Nov 17, 2023

I reran this PR with the svcomp.json configuration from this branch on the latest version of sv-comp termination tasks and this yields 567 correct verdicts (and no incorrect ones). The increased number of correct tasks may be due to using more memory (15GB instead of 3GB) and a different configuration (previous runs did not use the autotuner).

Regarding sv-comp: the programs analyzed are contained some artificial loop counters. Since the Termination category is excluded from the validation of correctness witnesses, this should not be a problem, right?

@michael-schwarz michael-schwarz merged commit a40f2cf into goblint:master Nov 18, 2023
17 checks passed
@sim642
Copy link
Member

sim642 commented Nov 19, 2023

All the non-Apron CI jobs are now failing on master: https://github.com/goblint/analyzer/actions/runs/6917734602. A condition might be missing somewhere.

@michael-schwarz
Copy link
Member

Should be fixed, there was a check missing to only run the termination regression tests in configs in which Apron is present.

sim642 added a commit to sim642/opam-repository that referenced this pull request Nov 24, 2023
nberth pushed a commit to nberth/opam-repository that referenced this pull request Jun 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature student-job sv-comp SV-COMP (analyses, results), witnesses
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants