Projecting Terms onto Term Height - Handling Terms in Integer Term Rewriting

3.5 Handling Terms in Integer Term Rewriting

3.5.1 Projecting Terms onto Term Height

We now present an integer abstraction for terms similar to the path-length abstraction for heap structures. Our aim is to represent terms by their “maximal height”, i.e., the maximal number of nested constructor symbols. Our aim is to extend this concept to our rewrite rules such that they constrain such heights instead of matching and replacing terms. So from a rule f(List(n, i)) → f(n), we want to automatically obtain that the height h1 of the first argument on the left-hand side has to be at least 1, and that the height h0₁ of the first argument on the right-hand side is smaller by at least one than h1. From this, we could then generate the rule f(h1) → f(h01) J h1 ≥ 1 ∧ h

1+ 1 ≤ h1K, for which we can easily prove termination using Thm. 3.24. So first, we formally define the height of a term. For this, we ignore the values of integers nested in a term, and completely disregard them.

Definition 3.27 (Term Height) Let t ∈ T (Σc∪ Z, V) be a term. Then the term height

of t is defined recursively as th(t) =      0 _{if t ∈ V ∪ Z} 1 + max{th(ti) | 1 ≤ i ≤ n} if t = f(t1, . . . , tn)

Example 3.28 (Term Height) For t1 = List(n, i), we have th(t1) = 1, and for t2 = List(List(n, 7), 12) we have th(t2) = 2.

The definition of th is “monotonic”, i.e., for any term t, its term height th(t) is not greater than that of all instantiations tσ for some substitution σ. We will use this in the transformation of our rewrite rules, whose semantics are defined by such instantiations.

Lemma 3.29 (Term Height Monotonic) Let t ∈ T (Σc∪ Z, V) and σ : V → T (Σc∪

Z, V ). Then th(t) ≤ th(tσ).

Proof. We prove by induction on the term structure. In the base case, we either have t ∈ Z and then t = tσ and thus th(t) = th(tσ), or t ∈ V and then th(t) = 0 ≤ th(tσ), as

th is obviously a natural number. In the induction step, we consider t = f(t1, . . . , tn) and

use that the claim holds for t1, . . . , tn as induction hypothesis IH. Then,

th(t) = 1 + max{th(ti) | 1 ≤ i ≤ n}

(IH)

≤ 1 + max{th(tiσ) | 1 ≤ i ≤ n}

= th(tσ)

As our rewrite rules usually do not contain fully instantiated terms, but use variables to

match terms, we need to relate the size of these variables v to the size of the enclosing terms t. To this end, we compute how deeply “nested” v appears in t. So in t = List(List(v, 1), 2),

the height of t is 2 plus the height of v, because v is nested two levels deep in t. For this, we ignore integers and variables in integer positions, as we also ignore these in the term height. So in our f(List(n, i)) → f(n) example, we need to relate the size of n to the size of List(n, i). To this end, we define the nesting level of a variable v in a term t, essentially describing the minimal difference in the term height of instantiations vσ of v and tσ.

Definition 3.30 (Nesting Level) Let t ∈ T (Σc∪ Z, V) be a term and v ∈ V a variable.

Then the nesting level nl(t, v) of v in t is defined as

nl(t, v) =            0 if t = v ∞ if v 6∈ V(t) 1 + max{nl(ti, v) | 1 ≤ i ≤ n, v ∈ V(ti)} if v ∈ V(t) ∧ t = f(t1, . . . , tn)

Example 3.31 (Nesting Level) For t1 = List(n, i), we have nl(t1, n) = 1, and for

t2 = List(List(n, m), n), we have nl(t2, n) = 2.

We now use our type filter from above to define the term height projection πth for terms of the form f(t1, . . . , tn), where f ∈ Σd. Such a term represents the state of an evaluation

at some point f, and its arguments t1, . . . , tn correspond to the data values at that point.

Our aim is to replace all term data by its respective height, thus obtaining a term only containing integers and variables below f.

Definition 3.32 (Term Height Projection) Let t = f(t1, . . . , tn) for some f ∈ Σd,

t1, . . . , tn∈ T (Σc∪ Z, V), and TA as in Def. 3.26. Then πth(t) = f(ˆt1, . . . , ˆtn) with

ˆ ti =      ti if (f, i) 6∈ TA th(ti) otherwise

Example 3.33 (Term Height Projection) We consider R = {f(List(n, i)) → f(n)}.

When rewriting List(List(List(n, 9), 4), 11) with R, we obtain the following sequence, under which we have denoted the term height projection of the respective terms:

f(List(List(List(n, 9), 4), 11)) ,→ f(List(List(n, 9), 4)) ,→ f(List(n, 9)) ,→ f(n)

f(3) f(2) f(1) f(0)

The goal now is to find an analogous translation Πthof rules that is “compatible” with πth, i.e., such that if we have t ,→ρ t0for some rule ρ, we also have πth(t) ,→Πth(ρ) πth(t

0_{). Then, we} can reproduce all original evaluations in the translated system, and hence, the translation is non-termination preserving. To this end, we look at a rule f(t1, . . . , tn) → g(s1, . . . , sm) J ϕ K. Of course, we do not need to change those arguments of f and g that are not term arguments. We handle term arguments by replacing them by variables, and then adding constraints about these variables. So when replacing an argument ti by a variable hi representing its

height, we know by Lemma 3.29 that this height is at least th(ti). Thus, we add a constraint

hi ≥ th(ti). Furthermore, for all variables v occurring at term positions inside of ti, we

know that whenever we instantiate ti in a rule application, the height of the instantiation

of v will be smaller than the height of the instantiation of ti. Moreover, we know that the

difference between the two will be at least as large as the nesting level nl(ti, v) of v in ti.

Thus, we can add the constraint v + nl(ti, v) ≤ hi. Finally, we know that the height of any

argument si on the right-hand side is no larger than the heights of the variables occurring

at term arguments in si plus their respective nesting levels. In practice, representing the

maximum is not feasible due to its inherent blowup, as our int-TRSs support no predefined max operator. Thus, each max constraint would have to be represented by a disjunction of all possible cases. Thus, in practice, we replace each max term by the sum of its arguments if we cannot statically determine the maximum element.

Definition 3.34 (Term Height Projection for Rules) Let TA as in Def. 3.26 and

ρ = f(t1, . . . , tn) → g(s1, . . . , sm)J ϕ K be a rewrite rule. Then we define the term height projection for ρ as Πth(ρ) = f(h1, . . . , hn) → g(h01, . . . , h

m) J ϕ ∧ ψ K where hi (resp. h 0

constraint ψ is defined as follows: ψ = ^ 1≤i≤n (f,i)∈TA  h_i ≥ th(t_i) ∧ ^ v∈VTA(ti) (v + nl(ti, v) ≤ hi∧ v ≥ 0)   ∧ ^ 1≤i≤m (g,i)∈TA  h 0 i ≥ th(si) ∧ ^ v∈VTA(si) (v + nl(si, v) ≤ h0i∧ v ≥ 0) ∧ h0_i ≤ max{th(si), max{v + nl(si, v) | v ∈ VTA(si)}}  

Here VTA(t) denotes the variables occurring in t in arguments marked in TA as term

arguments.

We extend Πth to sets of rules R by defining Πth(R) = {Πth(ρ) | ρ ∈ R}.

The following examples demonstrate how well suited the term height projection is to prove termination of standard iteration patterns on user-defined data structures.

Example 3.35 (Term Height Projection for Rules) We continue with R from

Ex. 3.33. For this, we obtain

Πth(R) = {f(h1) → f(h01) J h1 ≥ 1 ∧ n + 1 ≤ h1∧ n ≥ 0 ∧ h 0 1 ≥ 0 ∧ n ≤ h 0 1∧ h 0 1 ≤ nK} As we wanted, we now have f(3) ,→Πth(R)f(2) ,→Πth(R)f(1) ,→Πth(R) f(0).

Similarly, for the related TRS R0 = {f(List(List(n, v2), v1)) → f(List(n, v2))}, we obtain Πth(R0) = {f(h1) → f(h01) J h1 ≥ 2 ∧ n + 2 ≤ h1∧ n ≥ 0

∧ h0₁ ≥ 1 ∧ n + 1 ≤ h0₁ ∧ h0₁ ≤ n + 1_K}

Here, we obtain the condition h0₁ ≤ max{1, n+1}, which we then simplify to h0

1 ≤ n+1.

Example 3.36 (Term Height Projection for Rules II) For the TRS R = {f(Tree(`, r)) → f(`), f(Tree(`, r)) → f(r)} with a binary constructor, we obtain

Πth(R) = {f(h1) → f(h01) J h1 ≥ 1 ∧ ` + 1 ≤ h1∧ r + 1 ≤ h1 ∧ ` ≥ 0 ∧ r ≥ 0 ∧ h0 1 ≥ 0 ∧ ` ≤ h 0 1∧ h 0 1 ≤ `K, f(h1) → f(h01) J h1 ≥ 1 ∧ ` + 1 ≤ h1∧ r + 1 ≤ h1 ∧ ` ≥ 0 ∧ r ≥ 0 ∧ h0₁ ≥ 0 ∧ r ≤ h0₁∧ h0₁ ≤ r_K}

Example 3.37 (Term Height Projection for Rules III) We look at the example

from Ex. 3.19 again. There, R consists of the following two rules:

f(List(n, v)) → f(List(n, v0)) _{J v > 0 ∧ v}0 = v − 1_K

f(List(n, v)) → f(n) _{J v ≤ 0 K}

For this R, we obtain the following projected int-TRS: Πth(R) = {f(h1) → f(h01) J v > 0 ∧ v 0 = v − 1 ∧ h1 ≥ 1 ∧ n + 1 ≤ h1∧ n ≥ 0 ∧ h0₁ ≥ 1 ∧ n + 1 ≤ h0₁∧ h0₁ ≤ n + 1_K, f(h1) → f(h01) J v ≤ 0 ∧ h1 ≥ 1 ∧ n + 1 ≤ h1∧ n ≥ 0 ∧ h0₁ ≥ 0 ∧ n ≤ h0₁∧ h0₁ ≤ n_K}

Here, the first rule of Πth(R) is not terminating anymore, as our projection does not correctly encode the variable v.

Theorem 3.38 Let R be an int-TRS. If Πth(R) terminates, then R also terminates.

To prove the soundness of this theorem, we first need to prove the following lemma about the relation between the term height of a variable v occurring at a term position of

t and the term height of t.

Lemma 3.39 Let t ∈ T (Σc∪ Z, V), v ∈ VTA(t), and σ : V → T (Σc∪ Z, V). Then

th(vσ) + nl(t, v) ≤ th(tσ).

Proof. We prove the lemma by induction. In the base case, t = v. Then th(vσ)+nl(v, v) =

th(vσ) ≤ th(vσ). We do not need to consider the cases t ∈ Σc∪ Z, as that contradicts

v ∈ VTA(t).

In the induction step, we consider t = f(t1, . . . , tn) and use that the claim holds for

we have v ∈ VTA(t). Then, th(vσ) + nl(t, v) = th(vσ) + 1 + max{nl(ti, v) | 1 ≤ i ≤ n, v ∈ V(ti)} = max{1 + th(vσ) + nl(ti, v) | 1 ≤ i ≤ n, v ∈ V(ti)} (IH) ≤ max{1 + th(tiσ) | 1 ≤ i ≤ n, v ∈ V(ti)} = max{th(tσ) | 1 ≤ i ≤ n, v ∈ V(ti)} = th(tσ)

Finally, we also need to prove the following lemma about the relation between the term height of an instantiated term tσ and the term heights th(vσ) of the variables v occurring in t.

Lemma 3.40 Let t ∈ T (Σc ∪ Z, V) and σ : V → T (Σc ∪ Z, V). Then th(tσ) ≤

max{th(t), max{th(vσ) + nl(t, v) | v ∈ VTA(t)}}.

Proof. We prove the lemma by induction. In the base case, we consider three cases. For t = v ∈ V, we have th(vσ) ≤ th(v) + (th(vσ) + nl(v, v)) = 0 + max{0, th(vσ) + 0}. For t ∈ Σc, we have th(tσ) = th(t) = 1 ≤ max{th(t)} = max{1}. Finally, for t ∈ Z, we have

th(tσ) = 0, which is a lower bound for any term height.

In the induction step, we consider t = f(t1, . . . , tn) and use that the claim holds for

t1, . . . , tn as induction hypothesis IH:

th(tσ) = 1 + max{th(tiσ) | 1 ≤ i ≤ n} (IH) ≤ 1 + max{max{th(ti), max{th(vσ) + nl(ti, v) | v ∈ VTA(ti)}} | 1 ≤ i ≤ n} = max{1 + max{th(ti) | 1 ≤ i ≤ n}, 1 + max{th(vσ) + nl(ti, v) | 1 ≤ i ≤ n, v ∈ VTA(ti)}}

= max{th(t), max{th(vσ) + 1 + nl(ti, v) | 1 ≤ i ≤ n, v ∈ VTA(ti)}} (Def. 3.27)

≤ max{th(t), max{th(vσ) + nl(t, v) | 1 ≤ i ≤ n, v ∈ VTA(ti)}} (Def. 3.30)

= max{th(t), max{th(vσ) + nl(t, v) | v ∈ VTA(t)} as

[

1≤i≤n

VTA(ti) = VTA(t)

Proof. (of Thm. 3.38) We prove the theorem by contradiction. Assume that R has an

infinite reduction t1 ,→R t2 ,→R. . .. We then construct an infinite reduction πth(t1) ,→Πth(R)

t2 ,→Πth(R). . .. To prove that this sequence is indeed a reduction, we show that the following

f(a1, . . . , an) = ti g(a01, . . . , a 0 m) = ti+1 f(h1, . . . , hn) = πth(ti) f(h01, . . . , h 0 m) = πth(ti+1) ,→σ_`→r J ϕ K ,→σ_Π0 th(`→rJ ϕ K) πth πth

To apply the projected rule, we construct σ0 from σ. First, σ may replace some variables by terms. For such variables v, we define σ0(v) = th(σ(v)), i.e., we replace all terms in the codomain of σ by their respective term heights. Furthermore, σ0 is extended to instantiate the additional variables hi/h0i introduced by our translation with suitable values, which

we take from their term instantiation in our concrete rewrite step. For this, we construct

σ0 from σ as follows: σ(v) =                    th(σ(v)) if v ∈ VTA(ti) ∪ VTA(ti+1) th(σ(ai)) if v = hi th(σ(a0_i)) if v = h0_i σ(v) otherwise

We now need to prove that the rule Πth(` → r J ϕ K) = ` 0 _{→ r}0

J ϕ ∧ ψ K can indeed be applied to πth(ti) using the matcher σ0. We only replaced term arguments of `0 by variables

hi, and hence by construction of σ0, `0σ0 = πth(ti) holds. Similarly, we have r0σ0 = πth(ti+1).

What remains is to prove that the constraints ϕ ∧ ψ hold. As we did not modify integer variables, this is trivial for ϕσ0. So we only need to consider the additional conjuncts introduced in ψ.

Constraints of the form hi ≥ th(ti) (resp. h0i ≥ th(si)) are valid because we chose

σ(hi) = th(aiσ) = th(tiσ) and th(tiσ) ≥ th(ti) holds by Lemma 3.29.

For constraints of the form v + nl(ti, v) ≤ hi, we can apply Lemma 3.39. For the constraints

of the form v ≥ 0 for the term variables v, we use that they denote a height and are hence always natural numbers.

Finally, we apply that σ0(h0_i) = th(σ(a0_i)) = th(siσ) and that σ(v) = th(σ(v)) for v ∈

VTA(si) holds and thus, we can use Lemma 3.40 to conclude that th(siσ) ≤ max{th(si),

max{σ(v) + nl(si, v) | v ∈ VTA(si)}} holds.

Corollary 3.41 (THProc is Sound) Let R be an int-TRS. Then THProc(R) =

{Πth(R)} is a sound processor.

Finally, we present a small optimisation to avoid the problem presented in Ex. 3.37, where the projection of terms onto their term height “hides” integer variables important for a termination proof whenever they are nested inside a constructor term. In many cases, such as in the example displayed in Ex. 3.37, we can avoid this problem by just duplicating the integer variable information before applying the THProc processor. So for the rule f(List(n, v)) → f(List(n, v0))_{J v} > 0 ∧ v0 = v − 1_{K, we construct the rule} f(List(n, v), v)) → f(List(n, v0), v0) _{J v > 0 ∧ v}0 = v − 1_K.

Definition 3.42 (Nested Argument Duplication) Let R be an int-TRS and f ∈ Σc∪

Σd, and I be some set of positions. Then we define the nested argument duplication df,I

for a term as df,I(t) =                           

f(df,I(t1), . . . , df,I(tn), v1, . . . , vm) if t = f(t1, . . . , tn) and I = {p1, . . . , pm}

and vi = t|pi if pi ∈ Pos(t)

and otherwise vi a fresh variable

g(df,I(t1), . . . , df,I(tn)) if t = g(t1, . . . , tn) and f 6= g

t otherwise

We then lift df,I to rules by defining df,I(` → r J ϕ K) = df,I(`) → df,I(r) J ϕ K, and analo-

gously to whole int-TRSs.

Theorem 3.43 (ADProc Sound and Complete) Let R be an int-TRS, f ∈ Σc∪ Σd,

and I be some set of positions. Then ADProc(R) = {df,I(R)} is a sound and complete

processor.

Proof. Every reduction using R can be transformed into a reduction using df,I(R) by application of df,I to every term, and similarly, every reduction using df,I(R) can be

transformed to one using R by filtering out all added arguments.

The choice of f, I in the application of ADProc is based on heuristics. In practice, we apply ADProc before THProc, and then use it for every defined symbol f ∈ Σdwith the set

Example 3.44 (Nested Argument Duplication) We again look at the example

from Ex. 3.19 and Ex. 3.37. We choose I = {1 2} and apply ADProc for f and I and obtain R0 consisting of the following two rules:

f(List(n, v), v) → f(List(n, v0), v0) _{J v > 0 ∧ v}0 = v − 1_K

f(List(n, v), v) → f(n, v0) _{J v ≤ 0 K}

For this R0, we obtain the following projected int-TRS: Πth(R) = {f(h1, v) → f(h01, v 0 ) _{J v > 0 ∧ v}0 = v − 1 ∧ h1 ≥ 1 ∧ n + 1 ≤ h1∧ n ≥ 0 ∧ h0₁ ≥ 1 ∧ n + 1 ≤ h0₁∧ h0₁ ≤ n + 1_K, f(h1, v) → f(h01, v 0 ) _{J v ≤ 0 ∧ h}1 ≥ 1 ∧ n + 1 ≤ h1∧ n ≥ 0 ∧ h0₁ ≥ 0 ∧ n ≤ h0₁∧ h0₁ ≤ n_K}

Now, we can again prove termination using Thm. 3.24.

In document Termination analysis for imperative programs operating on the heap (Page 129-137)