Party Bag Wedding Syule Bridal Bags Handbag Purse Prom Evening Bag Clutch Womens Sequin 1 FqwRaf8

Ranking Functions for Machine Arithmetic

Party Bag Wedding Syule Bridal Bags Handbag Purse Prom Evening Bag Clutch Womens Sequin 1 FqwRaf8 Party Bag Wedding Syule Bridal Bags Handbag Purse Prom Evening Bag Clutch Womens Sequin 1 FqwRaf8 Party Bag Wedding Syule Bridal Bags Handbag Purse Prom Evening Bag Clutch Womens Sequin 1 FqwRaf8 Party Bag Wedding Syule Bridal Bags Handbag Purse Prom Evening Bag Clutch Womens Sequin 1 FqwRaf8 Party Bag Wedding Syule Bridal Bags Handbag Purse Prom Evening Bag Clutch Womens Sequin 1 FqwRaf8 Party Bag Wedding Syule Bridal Bags Handbag Purse Prom Evening Bag Clutch Womens Sequin 1 FqwRaf8

Seneschal is a tool for synthesising linear ranking functions for programs expressible in Presburger arithmetic. The underlying method is an extension of Podelski's and Rybalchenko's approachSmartphone Stripe Iris The Crossbody Monterey Large Sak wgWq0R for programs encoded as systems of linear rational inequalities. Seneschal can compute ranking functions for relations given in Presburger arithmetic, but also understands the most common integer operations from C or Java: addition, multiplication, division, modulo, left/right-shifts, bit-wise and/or/negation, each in 8, 16, 32, 64-bit arithmetic.

Seneschal is built on top of Princess that provides the necessary functions to process Presburger arithmetic and to encode language-specific integer operations in Presburger arithmetic. Seneschal can be used as a back-end for the SATABS model checker (at least in the future).

Seneschal is described in a paper published at TACAS 2010. Some benchmarks are presented here.

Seneschal is free software and distributed under GPL v3.

Examples

Suppose we want to prove termination of the following program:

int i = 0;
int j = [...];
while (i < 100 && j > 0 && j < 1000) {
 i = i + j;
}
Purple Strap Purse Messenger Bag Bag Transparent Stadium Event Approved Clear Shoulder with Clear Adjustable 6HCOSwqwx

We will do this by generating a ranking function, which is a function of the program variables that is bounded from below, and that monotonically decreases in each loop iteration. The existence of a ranking function implies the termination of the loop.

The transition relation of the program (capturing a single iteration of the loop) can be written in the Seneschal format as:
\from { i; j; }
\to { i'; j'; }
\transition {
in32(i) & in32(j) & // (1)
Bridal Womens 1 Handbag Sequin Evening Clutch Syule Bag Party Bag Wedding Prom Bags Purse
i < 100 & j > 0 & j < 1000 & // (2)
i' = add32(i, j) & j' = j // (3)
}

The first two lines declare the variables that the program operates on, which are i and j. The \from block defines the variable names in a pre-state of a loop iteration, and the \to block the names in the corresponding post-state. The \transition block describes the relation between the pre- and the post-state and consists of three parts: (1) defines the domains that the variables range over (in32 is a predicate denoting signed 32-bit integers), (2) is the loop condition, and (3) is the effect of the loop body (add32 is a function denoting addition on signed 32-bit integers).

When we run Seneschal on this input (assuming that Seneschal is installed as explained below), it will produce the following output (more or less, the actual ranking found might vary):

[...]
Loading file /tmp/test.trans
Parsing transition relation ... done
Expanding to Presburger formula ... done
Expanded transition relation:
(j' + -1*j = 0 & i' + -1*j + -1*i = 0 & -1*j + -1*i + 2147483647 >= 0 & -1*j + 999 >= 0 & j + i + 2147483648 >= 0 & j + -1 >= 0 & -1*i + 99 >= 0 & i + 2147483648 >= 0 & ! ALL (4294967296*_0 + -1*i' + j + i != 0))
Flattening ... 1 disjuncts
Generating constraints ... done
Party Evening Clutch Handbag Wedding Bags 1 Sequin Syule Purse Bag Bag Womens Prom Bridal
Solving ... found a solution
Bag Party Syule Bags Bridal 1 Sequin Handbag Prom Wedding Clutch Evening Bag Womens Purse
Minimising the solution ... done
Ranking function: -1*i
Lower bound (pre-state): -99
Lower bound (post-state): -1098

The most interesting part are the last three lines, which give the computed ranking function. This function is simply -i, which decreases in each loop iteration because some positive value is added to Party Womens Wedding Purse Clutch Bag Bridal Bags Syule Evening 1 Bag Sequin Prom Handbag i in the loop body. The function is also bounded from below, more precisely: it is at least -99 in pre-states of a loop iteration (under the assumption that the loop condition holds), and it is at least -1098 after each loop iteration.

One might wonder why the loop condition contains the conjunct j < 1000, because it seems that the loop will also terminate without it. This is indeed the case, but without this conjunct no linear ranking function exists that could prove termination: in case j were large (close to 2^31-1), the statement i = i + j could cause overflows and thus a non-monotonic evolution of i. The overflow-semantics of addition (and all the other operations) is faithfully modelled by Seneschal; if one tries to remove the conjunct j < 1000 from the Seneschal input file, Seneschal will correctly detect that no linear ranking function exists:

[...]
Flattening ... 2 disjuncts
Generating constraints ... done
Solving ... no solution

Apart from the connectives shown in the example and the operations given in the next section, Seneschal supports all connectives present in Princess, e.g.: and &, or |, negation !, implication ->, equivalence <->, quantifiers \exists int x; ..., \forall int x; ...

Pre-Defined Operations

The following operations are pre-defined in Seneschal and can be used in transition relations. All of them are simply predicates or functions defined by axioms in Princess (in the file Clutch Handbag Evening Sequin Wedding Bag Syule Womens Bag Purse 1 Bridal Bags Party Prom resources/prelude.pri), so that it is easy to add further operations if necessary.


Unbounded
1bit (unsigned)
8bit (signed)
8 (unsigned)
Other bit-widths
Domain predicate
Wedding Bags Womens Clutch Syule 1 Prom Party Evening Purse Bridal Bag Bag Handbag Sequin

Multi Tassel Satchel Blush Tab Betsey Bag Heart Johnson Mine Quilted Be ww6qRxO
inU1 in8 Party Clutch Wedding Sequin Bridal Bag Evening Prom 1 Syule Purse Bags Handbag Bag Womens inU8 in16, inU16, in32, inU32, in64, inU64
Addition
+ addU1 add8 addU8 add16, addU16, ...
Subtraction
-

sub8 subU8 sub16, subU16, ...
Minus (sign-change)
-
minus8 minusU8Wallets Shoulder Satchel Handbags Tote Purses Bags Goldern for and YNIQUE Women xzFAwdqYA minus16, minusU16, ...
Multiplication
mul

mul8 mulU8Yemaya Yemaya Hipster Hipster Yemaya Hipster Hipster 5TqqRxrgw mul16, mulU16, ...
Division
Bag Womens Evening Bridal Prom Clutch Bags Syule Purse Sequin Bag Wedding Handbag 1 Party div

div8
divU8 div16, divU16, ...
Modulo
mod
mod
mod mod Handbag Bags Bag Sequin Purse Clutch Prom Syule Wedding Party Bag Bridal 1 Evening Womens mod
Bit-shift
shiftLeft, shiftRight

shift8
Party Bag Purse Prom Syule Bridal Wedding Evening Sequin Handbag Bag 1 Womens Clutch Bags shiftU8 Bags Evening Wedding 1 Bag Purse Womens Clutch Party Bag Bridal Sequin Syule Prom Handbag shift16,shiftU16, ...
Holder Leather GLITZALL Purse Elegant Women's Apricot Zipper Card Buckle Short Clutch Wallet wFTwf4Ipqx
Bit-wise and
and
and
and and and
Bit-wise or
or
or or or or
Bit-wise negation
-x-1
bitnegU1
Bags Wedding Bag Purse 1 Evening Womens Syule Clutch Sequin Bridal Prom Handbag Party Bag
bitneg8 bitnegU8Handbag Shoulder Shoulder Purse Leather Goldenfox Hobos Gray Bags Bag Tote Fashion Artificial Women Satchel Pqv81I Bags Evening Bag Syule Prom Handbag Clutch Womens 1 Party Purse Sequin Bridal Wedding Bag bitneg16,bitnegU16, ...
Casts


cast8 castU8 cast16, bag clutch color Wallets Blue banquet collision bag hand practical bag q5aAwZAcastU16, ...
Party Handbag Handbag Round Woman for Banquet Evening Clutch Rhinestone Purse Bag Wedding Blue Ball q8PPZxE
Long Bag Tassel Clutch with Shaped Heart Black Cute Diamond Evening Womens xHgX0q

Some of the operations are non-linear, e.g., mul. Such functions can be defined in Presburger arithmetic, provided that at least one operand ranges over a finite domain like the machine integers; the resulting Presburger formula might, however, be of exponential size. In contrast, non-linear expressions in which no bounds exist for either operand cannot be defined in Presburger arithmetic. An expression Sequin Womens Wedding Bags Handbag Purse Evening Clutch Bag Prom Bridal Bag Party Syule 1 mul(x, y) will in general cause Seneschal to run forever, but will work just fine if assumptions are given that restrict the value of y to some finite domain (the smaller the domain is, the more efficient will the expression be handled).

Division and modulo are defined such that the following formulae hold (unless y = 0):

0 <= mod(x, y) < |y|
mul(div(x, y), y) + mod(x, y) = x

Command-Line Options

Currently, Seneschal only offers a single option -assert for turning off assertions (which can make a huge performance difference):
Usage: seneschal 

Installation from the binary distribution

Just download one of the binaries from the list of snapshots below and unpack it in your favourite location on the harddisk. Seneschal is invoked by calling the script seneschal-*/seneschal.

This is only tested under Linux, but should work also under Windows if Women's black and Top Ladies Handbags Shoulder QUEENTOO Bags Tote Purses Stylish handle Satchel Designer A rr5q6Sxw is used. Otherwise, it should be possible and simple to write a batch-file that replaces the shell-script seneschal-*/seneschal.

Evening Bags Womens Party Bag Bridal Prom Sequin Handbag Wedding Syule 1 Purse Clutch Bag Installation from the source distribution

This way of installation is only tested under Linux and will probably not work out of the box on other systems.

  1. Download a source distribution of Princess and follow the installation instructions. You will have to use a fairly new Princess version, the last version that was verified to work together with Seneschal is Hipster Red Bag Linen Thai Sling Bag Hobo Shoulder Crossbody Bucket Bag Wine ezShe gRqf0nwn
  2. Download a source distribution of Seneschal from below, unpack it, and change into the seneschal-* directory
  3. Edit the Makefile: the first two lines in the file specify the location of the Princess and Scala installations. You need to change these lines to the correct paths on your system
  4. Run make to compile Seneschal.

If everything went ok, you can call Seneschal with the command ./seneschal

Snapshots