Termination and Correctness Analysis of Cyclic Control

Siddharth Srivastava, Neil Immerman, Shlomo ZilbersteinUniversity of Massachusetts Amherst

Cyclic Control Flow

Cyclic control is essential in algorithms Essential to many branches of AI for the

same reasons Makes control structures compact, more

generally applicable Examples:▪ Workflow mining▪ Programming by demonstration▪ Automated planning▪ Automated service composition▪ Synthesis of robot controllers

Workflow Mining

[Eker et al. ‘09]

Programming by Demonstration

Given: sequences of ops for reversing small linked lists

Generate: reverse algorithm for unbounded LL

Automated Planning

Plans with loops: broad applicability[Winner et al. ’03, Bonet et al. ’09, Hu et al. ’10]

Generalized Plans: A Unifying Framework

[ICAPS GenPlan‘09, AIJ ‘11]

Common Challenges

Applicability test Cost of

instantiation Domain coverage Quality of

instantiation Complexity of

representation

Control knowledge +

A method for instantiation

Given a problem instance, will the execution of this GP solve

it? i.e.: • Terminate?• Reach a goal state?= Correctness

Applicability Test

Typical assumption: loop = non-nested iteration over collections

Fundamental Open Questions

• Are there useful, more general classes where reasoning about loops is even computable?

• How can we categorize such problem classes?

• How can we determine if a cyclic control flow will terminate and achieve a desired result in these classes?

A Fundamental Formulation

[Abacus Programs]

Abacus Programs

Finite sets of states & registers

Actions with unit increments/decrements

Decrement actions have two effects: If R1=0, goto S3 If R1>0: R1--; goto S2

Turing Machine-equivalent model of computation

[Lambek, 61]

Abacus Programs: Expressiveness

Abacus programs can express any control flow

The reachability problem:

Can state Si be reached in an execution?

Addresses both termination and correctness

Abacus Programs: Expressiveness

But reachability is equivalent to the halting problem for Turing machines in general…

Undecidable!

We identified useful cases where it can be solved

Computing Preconditions: Idea

We build on this idea to develop methods for Simple loops Monotone simple loops with shortcuts

Subclass: Simple Loops with Shortcuts

Need to be monotone:Net change on a register (if any) in each simple loop must have the same sign

Order Independence

loop1 loop2

• Loop1: increases R1 by 3• Loop2: decreases it by 2, then increases it by 5

Precondition for 1 iteration is order dependent (maintain R1 ≥ 0):

Loop1, Loop2

Loop2, Loop1

R1 ≥ 0 R1 ≥ 2

Such conditions cannot even be expressed efficiently using linear constraints

We compute conditionsfor an adversarial ordering

Reachability Results

Computed conditions are also necessary if: every simple loop with shortcuts is order

independent

TheoremGiven

: abacus program, all SCCs: simple loops with monotone shortcuts S: node in F: vector of desired register values

A disjunction of linear constraints on the initial register values gives sufficient conditions for reaching S with register values F.[Srivastava et al.,

ICAPS-10]

Applications

These results allow us to: Test correctness of a given generalized

plan Search for safe control structures

Application in Automated Planning

Under some conditions, can ensure:• All branch effects categorized by “role”-counts • Role-counts undergo constant change due to actions

[Srivastava et al., AIJ-11]

Conclusions: Fundamental Results Are there useful, more general classes where

reasoning about loops is even computable? Yes!

How can we categorize such problem classes? Abacus programs; structural properties

In these classes, how can we determine if a cyclic control flow will terminate and achieve a desired result? Translation to abacus programs Reachability queries

Reachability Results: Future Work

Removing monotonicity makes reachability undecidable even for simple loops with shortcuts!

Future Work Efficiently expressing order dependent

preconditions Identifying greater classes of abacus

programs(?) where reachability is decidable

to be continued…

Questions?