The Verification Corner - Loop Termination

Sign in to queue

The Discussion

  • User profile image
    deskin

    Minor nitpick: Around 2:35 the argument is made that one needs to ensure a minimum decrease for the loop termination expression; however this is not the case.  Rather, it is sufficient and necessary that the sequence of values either diverges, or converges to a value less than zero.  For instance, both these loops will provably terminate, for any positive values of x and n:

     

    /* decreases x - 1 */
    while (x > 1)
    {
      x = x / 2;
    }
    

     

    /* decreases x */
    while (x > 0)
    {
      x = x - (1 / n);
      n = n + 1;
    }
    
  • User profile image
    arcnet

    while (x > 0) may terminate in theory but wont do that in any other case Devil.

    int x = 1, n = 100000; 
    while (x > 0) { 
       x = x - (1 / n); 
       n = n + 1; 
    } 
    n = 0x7ffffffe, x = 1 
    n = 0x7ffffff, ... 
    n = 0x8000000, ..., 
    n = -1, x = 2 
    n = 0 -> div by zero 

  • User profile image
    leino

    In your particular examples, there is minimum decrease.  In the first example (with x = x/2), every iteration decreases x by at least 0.5 (since the loop body is entered only if x>1).  In the second example, there is not a single constant that will work for every run of the program.  However, the minimum decrease can be computed from the values that x and n have just before the loop begins.  For example, let X denote the initial value of x and suppose the initial value of n is 1; then, it will take about e^X iterations before the 1/n terms add up to X, where e is the base of the natural logarithm and I'm using ^ to denote exponentiation; so, each iteration will decrease x by at least 1 / e^X.

     

    What you are getting at, though, is correct, namely that what is necessary and sufficient for the loop to terminate is that the successive iterations can be mapped to strictly decreasing values in some well-founded order.

  • User profile image
    iman.saleh

    I downloaded Boogie and dafny verifiers and wanted to know if the Dafny editor used in the demo available for download. I couldn't locate it anywhere.

     

    Thanks!

     

    Iman

  • User profile image
    leino

    @iman.saleh:  We just recently released the Visual Studio 2010 mode for Dafny, see http://boogie.codeplex.com, click "How to install and build the sources" and then scroll down to "Visual Studio integration".

      Rustan

Add Your 2 Cents