Escaping Infinite Loops 204
twocentplain writes in with an MIT news release about Jolt, a research project designed to unfreeze software stuck in an infinite loop (for a subset of infinite loops). It uses a combination of static instrumentation (using LLVM) and a run time watchdog that checks the program state during loop iteration; when a duplicate state is detected it permits the user to take one a few actions to escape the loop. The authors claim it works well enough that the program can often continue operating properly. The original paper contains detailed case studies.
yipes (Score:2, Insightful)
bad programmers can now sink to new lows...
PL/C and PL/I Checkout Compiler also "fixed" bugs (Score:2)
The standard teaching language at Cornell in the mid-70s was PL/C, Cornell's version of the IBM PL/I Checkout Compiler. It didn't "fix" infinite loops, but if "fixed" a lot of simple syntax errors and some runtime errors like "divide by zero" or out-of-bounds array indexes.
Sure, it wasn't always reliable, and could even cause infinite loops rather than preventing them, but it still let you speed up the code-keypunch-wait-run-debug cycle a lot. Fixing the syntax errors meant that you could usually identify
does it work with c++ templates? (Score:2)
waiting for them to compile seems a lot like waiting for a lineprinter
Re: (Score:2)
The free batch-job handler that most student projects used gave you 1 second of CPU time and 6-10 pages of output (depending on the year.) But if things were busy, it might take an hour between the time you queue up to put your cards into the reader and the time your printout arrives. A few years later, I was taking a compiler course at night, and could either do my work on a VAX shared with about 30-40 other people, or on a mainframe running a somewhat odd version of Unix, which usually only had a coup
Re: (Score:2)
Yes and no. Once the infinite loop had been detected, it can also be reported and characterized.
Granted, it's no insurance policy against a faulty mission-control system on an airplane or in a nuclear facility, but it does represent an interesting facet of quality control.
Re: (Score:2)
Yeah, it's no different from ON ERROR RESUME NEXT, with the added benefit of adding a cost to correct programs.
They'd have to save the state of the whole machine on every watchdog tick. Hashing the whole memory is out of question, you'd need to hash just pages written to since the last tick, and that requires setting up page faults on the rest (or some custom architecture with generational memory, also costly).
Plus, there's absolutely no way to resume from such a loop when you detect it and still have the
Loop invariants (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
>>My thought exactly. Not to mention that other operations performed by the loop (that are obviously malfunctioning) may be necessary for the program to proceed correctly even if they don't affect the loop invariant.
I guess MAYBE if you write code defensively throughout your codebase, it might work. Though it seems a recipe for disaster unless it'd be a worse disaster for your code to freeze up. (Medical equipment, maybe? Yikes.) But programmers that are cautious to validate all their input and output
Re: (Score:2)
Don't your average, bog-standard windows programs run in an infinite loop? Does this account for that?
Re: (Score:2)
No, as you can see from the following, the standard Win32 message pump isn't an infinite loop...
while(GetMessage(&Msg, NULL, 0, 0) > 0)
{
TranslateMessage(&Msg);
DispatchMessage(&Msg);
}
Re: (Score:2)
The loop invariant (assuming you know what it is) is not the state of your program, but only the state of your loop!
If after several loops the state of the program is not changing, the loop obviously is not doing anything and is an endless loop ... well that was simple, don't get how you failed to see that.
Re: (Score:3)
Re: (Score:2)
Just put a monad on that loop :)
Re: (Score:2)
If after several loops the state of the program is not changing, the loop obviously is not doing anything and is an endless loop ...
This is a false assumption. It may be reading a hardware value that hasn't changed yet - the state of the program will be the same.
Or it might be running a loop that should run forever with the same state in normal conditions. Like a watchdog.
The authors claim... (Score:3)
If the software wasn't written properly to begin with, what metric are we now using to establish it is operating "properly" ?
Re: (Score:2)
Re: (Score:2)
Not to mention that if you just jump out of the loop, the software state is probably (in most cases) invalid anyhow.
These days many programs are event based. I'd say there's a decent chance, that program is left in valid state, especially if loop is broken at the condition, and remaining code in the function is allowed to execute before function returns to the main event loop.
Re: (Score:2)
Re: (Score:2)
Actually, you could be in a much worse condition. With it hung, you don't then end up working with it's invalid output. If you let it continue it might return "SUCCESS" and cause further processing on garbage output.
Re: (Score:2)
Re: (Score:2)
Isn't it impossible to determine a priori whether a given piece of software will halt? How can you then say that any software that doesn't halt isn't acting properly?
Re: (Score:3)
Re: (Score:2)
Not really. Running the program/input in question is an option, so long as the executing environment itself always halts. It must somehow detect that the program/input in question does not halt, but then halt itself while returning that fact.
The undecidable nature of the halting problem indicates that there is no executing environment for which this is true for all possible programs and inputs.
This software appears to be able to answer that question for some programs and inputs.
LBA vs. Turing (Score:3)
The undecidable nature of the halting problem
...is true only of Turing machines, which have unbounded memory. In some ways, a linear bounded automaton [wikipedia.org] is a better model for realizable computation than a Turing machine, and the halting problem is decidable on these.
Re: (Score:3)
Nope, that is incorrect. The Halting Problem is being able to tell if an arbitrary program will ever halt on a given input, even if you are allowed to run it. That's what makes it tricky, because even if you run a program for X time and it doesn't terminate, maybe you just didn't run it long enough - maybe if you run it for 2X time, it will terminate.
The thing is, the thin
Re: (Score:2)
Yeah, but "restoring" your program in an indefinite state may have worse consequencies than just freezing. Imagine that your compression algorithm has an infinite loop in certains conditions and, when the data has been "successfully" processed, it is written to your file...
Re: (Score:2)
Either it is taking in new data, in which case you will never reach an exact repeated state, or it isn't, in which case the programmer was incompetently using polling instead of a more reasonable notification mechanism, and you should buy or write better software.
Besides, for most graphical applications, a hang means an infinite loop in the main run loop. Kicking the app back out to the main run loop should almost never cause any catastrophic side effects, and will usually leave the app in a state that is
Easy... (Score:2)
Re:Easy... (Score:5, Funny)
I always thought the best method of getting out of infinite loops was to not have infinite loops. Everybody loves watchdogs and timers but they would be a reactive fix rather than a proactive fix.
I always thought the best method of getting out of infinite loops was to not have infinite loops. Everybody loves watchdogs and timers but they would be a reactive fix rather than a proactive fix.
Re: (Score:3)
I always thought the best method of getting out of infinite loops was to not have infinite loops. Everybody loves watchdogs and timers but they would be a reactive fix rather than a proactive fix.
I always thought the best method of getting out of infinite loops was to not have infinite loops. Everybody loves watchdogs and timers but they would be a reactive fix rather than a proactive fix.
I always thought the best method of getting out of infinite loops was to not have infinite loops. Everybody loves watchdogs and timers but they would be a reactive fix rather than a proactive fix.
I always thought the best method of getting out of infinite loops was to not have infinite loops. Everybody loves watchdogs and timers but they would be a reactive fix rather than a proactive fix.
this is the infinite loop watch-- yo dawg, it seems you like repeating so we put an infinite loop in your infinite loop.
Re: (Score:3)
Mother of God.... It's FORKING!!!
kip al bad (Score:2)
bad start cookie
Re: (Score:2)
Any recursive function can be converted to a loop, and vice versa. Of course, any real machine will have a finite heap, so you wouldn't be able to properly emulate a machine with an infinite stack. (Which would be the analogous counterpart to your implied infinite heap, if we include the constraints in a transformation)
Infinite loops aren't the real problem (Score:2)
I've found that tasks waiting on resources without a reasonable timeout (or sometimes no timeout at all) and refusing to respond to outside stimuli are more often the problem than a task stuck in an infinite loop.
Re: (Score:2)
Re: (Score:2)
Good point. A task forever stuck in a wait state pending on a resource allocation would resemble an infinite loop. Though a task that's stuck in the pending queue by the scheduler may not ever show up as an infinite loop since it doesn't actually get scheduled to run anything. I wonder how a task like that would be handled differently than one with an actual infinite loop.
Really interesting (Score:4, Funny)
That's really interesting.
That's really interesting.
That's really interesting.
That's really interesting.
That's really interesting.
# duplicate state detected, jumping loop
Daisy, daisy, give me your answer do..
Re: (Score:3)
I'm sorry Dave. I'm afraid I just can't do that.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Halting Problem (Score:4, Funny)
By making it the user's problem?
Wait a second...
Re: (Score:2)
Re: (Score:2)
It's why ctrl-C still works.
Re:Halting Problem (Score:5, Interesting)
Here, the Halting Problem doesn't really apply, because if all else fails, you can (in theory) take every combination of programs up to N bits in length, and every combination of inputs up to M bits in length, and make a table of size 2^(N + M) saying whether a given program halts on a given input by running it and looking for a duplicate state. Of course that's impossible in the real world, but it does demonstrate that there's nothing about this research that's violating established principles of computer science.
And in a sense, that seems to be what they're doing here: checking "has this program existed in this exact same state before?", because if it has, you're in an infinite loop. I seriously doubt it's as effective in the real world as they claim though: in my experience infinite loops simply don't happen in computing anymore. If your computer locks up, it's probably because you're in deadlock, or waiting on the disk or the network.
Re: (Score:3)
Here, the Halting Problem doesn't really apply, because if all else fails, you can (in theory) take every combination of programs up to N bits in length, and every combination of inputs up to M bits in length, and make a table of size 2^(N + M) saying whether a given program halts on a given input by running it and looking for a duplicate state.
Provided you had an infinite amount of computer time.
Tell me, does the following program halt:
very long int h = 1;
while(h)
h = hash(h);
does it halt of
Re: (Score:2)
Even in theory you can't solve the halting problem on a finite amount of computer time since you can construct programs where the hash function takes an arbitrary (2^(size of memory)) amount of time to loop, and it may not cycle through zero.
Sorry, but this is not correct. In the example you provided, you can determine whether the program will halt or run forever because h, however long it may be, can only take a finite number of values, and so the act of hashing h over and over is guaranteed to be periodic. Just keep running the program, keeping track of which values of h have been generated, until h = 0 (output HALTS) or until you see an already seen value of h (output DOES NOT HALT).
Re:Halting Problem (Score:4, Insightful)
True, as Marvin Minsky had once said: "...any finite-state machine, if left completely to itself, will fall eventually into a perfectly periodic repetitive pattern. The duration of this repeating pattern cannot exceed the number of internal states of the machine..." Emphasis in original. BUT, don't let that statement deceive you, as the number of states available to even a computer with very modest memory is so large that even the word 'astronomical' doesn't do it justice. For instance, my first real computer, a humble Commodore 64, with only 64K of memory, can have a total of 2^524288 (65536 * 8) states, something of the order of 1e157826 (yes, 157,826 zeroes after your one!) states. To give some idea of just how big that number of states is, were you to try to cycle through all such states at the astounding rate of 1e17 states per second (a theoretical 100 petahertz machine capable of cracking 56-bit DES keys in less than one second), it would still take 1e157801 years to go through them all. The heat death of the universe will have taken place after less than a thousandth part of that time has elapsed. As such Minsky goes on to say: "...the magnitudes involved should lead one to suspect that theorems and arguments based chiefly on the mere finiteness [of] the state diagram may not carry a great deal of significance." (Marvin Minsky quotes come from Computation, Finite and Infinite Machines, 1967).
Re: (Score:3)
No, it's still the halting problem. The GP was correct. They can't actually know if the program is in an infinite loop (halting problem) so they guess. Then, because they might be wrong they ask the user if they want to take an action to stop what "may" be an infinite loop. They've offloaded the real decision to a human and used a simple heuristic to help inform the human.
Re: (Score:2)
Re: (Score:2)
You have two problems:
One, you assume that the program operates only on memory. But it can have external input, which is an effectively infinite space. Polling the network card is an obvious case.
Two, you assume that you can define and measure a number of "steps", which are wholly unique. You could argue that any cause for this is just a special case of the other problem, but it's a real problem for real programs. And this all started by debating that "real computers" don't meet Turing criteria.
Countere
Re: (Score:2)
Crap, sorry, the first if was supposed to be == and the second if !=. I think that should be clear from context.
Re: (Score:2)
Now if only... (Score:2)
Yea, but what happens.... (Score:2)
...if it goes into an infinite loop while trying to rescue another piece of code?
Re: (Score:2)
Near-ideal solution? (Score:2)
One thing I noticed in the article was this:
and because of some fundamental results in computer science, “I know for a fact that he’ll never be able to get it exactly right.” But, Weimer says, “The vast majority of infinite loops he will be able to figure out.”
Does this we can't get above a certain percentage of correct predictions, or does it mean that more and more work will converge towards 100% (99.5, 99.9%, 99.999% etc. etc.)
Re: (Score:2)
No it means that no Computer Program can work out whether a program is in an infinite loop or not (Halting Problem), so he'll have to use heuristics to work it out. You can't get a 100% , because if you did you would have violated something which is mathematically proven.
Re: (Score:2)
Yes, but my question was not if you could reach 100%, but whether you could *arbitrarily close* to 100% given enough effort.
Re: (Score:2)
Since we're talking about heuristics, given enough programs you could train it/program to be pretty close. But then you'd end up with a ton of false positives so its not very worth it. Plus the idea of force-exiting an infinite loop is a bad either anyway, so I'm not sure its worth it in any case.
Re: (Score:2)
Does this we can't get above a certain percentage of correct predictions, or does it mean that more and more work will converge towards 100% (99.5, 99.9%, 99.999% etc. etc.)
It means one of those two things is true, yes.
Re: (Score:2)
Depending on what you mean by "work", either the latter or none of the above. The ability to detect a repeated state in a finite state machine is dependent on two things:
They should this method (Score:2)
Thanks, I'll be here all week. Tip your waitstaff.
uh-oh (Score:2)
All these endless loops which i created just to let some background threads executing....
Take one of what? (Score:2)
Anyone remember Norton Crash-guard/anti-freeze (Score:3)
I seem to remember the old norton crash-guard/anti-freeze utility that was somewhat useful in getting around problems like infinite loops in old Windows programs.
I'm pretty sure the way this worked takes advantage of the fact that windows programs are essentially structured as message-processing co-routines plugged into a infinite scheduling loop (the windows loop). Although mostly, messages are posted, sometimes these messages can go re-entrant and if poorly coded cause an infinite loop. Anti-freeze could be then "sprayed" on the app which would then try to insert or delete messages in the program's processing loop to help it exit the re-entrant part loop and go back to the main scheduling loop. Often this would work well enough to enter the "Save" menu processing part of the program to avoid losing work. It also attempted to handle traps effectively (things that often happen when a program runs past the end of an array if it's in an infinite loop) by suspending the main flow of the program and inserting another message and thread to try an allow for limited operation (like "Save" menu processing).
Unfortunatly, this technology wouldn't be that effective in todays environment (basically, it probably could be classified as malware/spyware so the defenses against malware/spyware woud probably prevent it from working), but it seems like bulding this into an application code development infrastructure seems like it might be a good idea...
Re: (Score:3)
Windows 7 Fault Tolerant Heap (Score:2)
This reminds me of the Windows 7 Fault Tolerant Heap [technet.com]. When the OS detects frequent crashes of a program it may 'shim' the memory management operations (malloc/free) to prevent future crashes. This can, for instance, prevent a crash when a program references recently free'd memory; the OS will deliberately leak that memory and the program keeps on spinning. Double frees can also be automatically mitigated. The heuristics involved will actually analyze the results of these efforts and back out the 'shims'
Unrealistic use case, limited scope (Score:2)
Infinite loops (Score:2)
Re: (Score:2)
My mind state is running on a micro-controller, you insensitive clod!
Illiac had infinite loop detection (Score:5, Interesting)
Here at the U of I, we built the 4th computer ever made: the Illiac [wikipedia.org]
24 hours a day, an operator would sit at the computer to operate it. "Software" or jobs would be submitted by faculty. When one finished, the operator would load the next one.
Since only one job could be running at a time, it was quite important to detect infinite loops. The last bit of the ALU was connected to a speaker, and would produce sound similar to static when the computer was running correctly. If an infinite loop was encountered, then the static would suddenly hum a pitch, and the operator would kick out the job, and move to the next.
As the story goes, the very first machine music was written by a math professor, and submitted as an Illiac job, as a prank on the operator. Sometime around 3am, the operator picked up the next job and fed it to the machine. Immediately, the Illiac began playing "Hail to the Orange"!
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
It's really cool to hear an early example of listening to code. "RAM scanning" was popular on the Amiga many years ago, and it was pretty easy to guess what kind of data was present in the system's memory just by listening to it. Images, code, pre-calculated tables, and text all had unique sounds, so just pumping some memory into the speaker was way faster than looking at a bitmap screen offset or using a hex editor. I used to be able to rip Soundtracker music from games with only a sound editor and noth
Breaking my infinite loops would be easy... (Score:2)
Re: (Score:2)
A Great Solution (Score:2)
The algorithm is:
1: Enter infinite loop
2. Invoke Jolt to escape from infinite loop.
3: GOTO 1
Old Comp Sci joke (Score:2)
Hey, have you heard about the new Cray 2 computer? It is so fast, it can finish an infinite loop in under 10 seconds!
(That is how I heard it. They probably told the same joke about the IBM 360. Modern supercomputers aren't much faster at infinite loops, but they can do 20,000 at once.)
There's a Chuck (Score:2)
... Norris joke in here somewhere...
Evil input data (Score:2)
Nominal conditions. (Score:2)
Any off-nominal condition I can detect and repair becomes a nominal condition. And I have well-tested code handling all nominal conditions. Thanks for the new design pattern, though. It'll come in handy.
Yow! (Score:2)
I'm sure that'll go swimmingly! What's an indeterminate state between friends?
There are three valid ways to "handle" an infinite loop. Most commonly, just keep looping until the user kills the program. In the embedded world, the most common is that a watchdog timer hard resets the device. In some cases, use alarm and let SIGALRM terminate the program (possibly after a bit of debug log is written).
Otherwise, if the loop can be infinite due to external conditions, it should be handled by the programmer so thi
Re: (Score:2)
In the embedded world, the most common is that a watchdog timer hard resets the device.
This only works if the watchdog poke isn't inside the infinite loop.
I actually think this is an excellent tool, not so much to notify users but as a debugging and test aid. Add it to valgrind/helgrind. Tell me when an iteration of a loop doesn't result in a change in state - this is clearly an anomaly and tells me it is dependent on an external condition to unwedge. Loops which are intended to wait for external events (like a spin lock or other atomic operation) I can flag as such to exempt from the inst
Re: (Score:2)
Detecting an infinite loop as a debugging tool is quite a different matter! I agree that that is a useful thing. Detecting the loop and resetting in a production embedded system is also good if the detection isn't too much load on the system and it doesn't have false positives.
My objection is to the idea of just moving to the next line and assuming all is fine now.
Re: (Score:2)
Re: (Score:2, Informative)
Listen to your management. Generally: failing silently is worse than failing noisily (is worse than not failing at all of course).
In any case, your technique—unless you do a lot more analysis of your software than your comment suggests—will lead to a) lots of watchdog code cluttering up the logic and b) the software failing when it’s run on more data than you expected.
Re: (Score:2)
Replace "throw an exception" with "kill myself with a core dump" and you have yourself a deal! I mean something like SIGABRT (a.k.a. abort()) or SIGQUIT. I can see value in preventing infinite loops, because faulty program exits tend reveal their errors more "naturally" than hung programs.
But exceptions are baaaad in this case. Exceptions can be caught and ignored. An infinite loop like this is
Re: (Score:3)
Re: (Score:2)
In my own code, even.
Re: (Score:2)
I found one in a shipping version of Xcode 4 last week. Steps to reproduce:
1. Create a project containing a library.
2. Drag the library into its own "Link Binary With Libraries" box.
3. Build.
It's not as uncommon as you think when you're dealing with apps that maintain complex, potentially cyclic (or at least heavily cross-linked) data structures under the hood.
One Infinite Loop, Cupertino CA (Score:2)
Re: (Score:2)
Different solution. This isn't a watchdog, this is a, "hey, this program's been here before. And once it's been here, it'll go there. And then there. And then here. And it won't stop."
One bright side: The song that never ends...will.
Re: (Score:2)
I have seen this case. It is not for infinite loops but just too long to process. I have seen it before in my preoptimized code. Usually when I give java script too much data.
Re: (Score:2)
Re:More like "Escaping non-Infinite Loops" (Score:4, Insightful)
Re: (Score:2)
The state of an app is a lot more than just the state of the variables within the app.
For example, if you're reading from (and not writing to) a file, you have a file pointer that changes. If you get back to the same point in the FSM with a different file pointer value, it's not the exact same state. If the file pointer has the same value, it is. If you're writing to the file, it gets a lot more complicated rather quickly, but you get the basic idea.
Re: (Score:2)
Watchdog timers are common. I've seen the timer fire on my DirecTV receiver a few times. However, those strobe reset rather than trying to surgically exit a loop.
I would argue they are much more correct since reset is a well defined state.