Proving Termination of Integer Rewriting - Termination analysis for imperative programs operati

To prove termination of an int-TRS R, we use the well-known concept of inferring an order on terms from polynomial interpretations. For this, we interpret function symbols of arity n with polynomials over n variables. By a simple homomorphic extension, we can use this interpretation to map each term to a corresponding polynomial. Then, we can use standard arithmetic reasoning tools to check if a term t is “larger” than another term

t0 by checking if the polynomial for t is always greater than the polynomial for t0. Thus, a polynomial interpretation measures terms as an arithmetic expression and we can define an order on terms by defining t s if the measure of t is greater than or equal to the measure of s.

If we can prove that in every application of a rule from R, this measure is actually decreasing and bounded from below, then we have proved termination. If R were non- terminating, then there would be some infinite reduction t1 ,→ t2 ,→ . . ., and we could apply our measure to obtain a sequence i1  i2  i3. . .. So if this sequence were infinite, it would be a contradiction to the lower bound we found for the measure.

In order to strengthen this approach, we only require some rules R ⊆ R to be decreasing the measure and bounded from below. For all other rules R= R \ R, we only require that they do not increase the measure. This already suffices to prove that the rules in R cannot occur infinitely often in a reduction, by the same argument as above.

Definition 3.18 (Polynomial Interpretations, Reduction Pairs [GTSF06])

Let R be an int-TRS and R some ring. We call a mapping I : Σd∪ Σc∪ Z →Si∈N(Ri → R)

from function symbols to functions an interpretation for R if every symbol of arity n is mapped to a function with n arguments. We extend it homomorphically to terms by defining I(t) =      t if t ∈ V I(f)(I(t1), . . . , I(tn)) if t = f(t1, . . . tn), f ∈ Σd∪ Σc∪ Z

If an interpretation Pol maps all function symbols to polynomials, we call Pol a polynomial

interpretation, and we will only consider these in the following.

We call (, ) a reduction pair iff both are quasi-orders, is closed under substitutions (i.e., if t s, then also tσ sσ for all σ), is closed under substitutions and is well- founded, and and are compatible (i.e., ◦ ⊆ ⊇ ◦ ). For a reduction pair and an int-TRS R, we define the sets R = {` → r J ϕ K | ϕ =⇒ ` r} and R = {` →

r _{J ϕ K | ϕ} =⇒ ` r}.

A polynomial interpretation induces two polynomial orders Pol and Pol, where t Pol s

iff Pol(t) > Pol(s) (for all instantiations of all occurring variables) and Pol(t) ≥ b holds for some b ∈ R and t Pol s iff Pol(t) ≥ Pol(s). Then, (Pol, Pol) is a reduction pair.

Example 3.19 (Interpretations) Let R be the following int-TRS:

f(List(n, v)) → f(List(n, v0)) _{J v > 0 ∧ v}0 = v − 1_K (3.10)

f(List(n, v)) → f(n) _{J v ≤ 0 K} (3.11)

We define the interpretation I over the natural numbers as follows:

I(f) = |X1| I(List) = |X1| + 1

Then, we have I(f(List(n, v))) = I(f)(I(List)(I(n), I(v))) = 1 + |n| and I(f(n)) =

I(f)(I(n)) = |n| for the left and right-hand side of (3.11), and as over the natural numbers,

every value is trivially bounded from below by 0, we have (3.11) ∈ R. Similarly, we obtain (3.10) ∈ R and thus, (I, I) is a reduction pair for R.

Theorem 3.20 (RPProc Sound and Complete) Let R be an int-TRS and (,

) be a reduction pair for R with R = R ∪ R. Then, RPProc(R) = {R \ R}

is a sound and complete processor.

We omit the standard proof for Thm. 3.20 here and instead refer to [GTSF06, FKS11].

Example 3.21 (Proving Termination with Reduction Pairs) We continue with

Ex. 3.19. With the reduction pair (Pol1, Pol1), we obtain RPProc(R) = R

0 _{= {(3.10)}.} We now choose a second polynomial interpretation Pol2 over the integers:

Pol2(f) = X1 Pol2(List) = X2

Then, we have Pol2(f(List(n, v))) = v and Pol2(f(List(n, v0))) = v0, and the formula

v > 0 ∧ v0 = v − 1 =⇒ v > v0∧ ∃b.v ≥ b holds (e.g., for b = 0). Thus, (Pol2, Pol2) is a

reduction pair for R0, with R0= R0. Then we have RPProc(R0_{) = ∅, and in this case,} all int-TRSs obtained from the processor are terminating. As we only used the sound RPProc processor, we have proved termination of R.

The main problem we need to solve is the synthesis of suitable reduction pairs. In the following, we will present a method to synthesise polynomial interpretations for int-TRSs

without constructor terms, i.e., systems with Σc = ∅. We will later discuss how to extend

these approaches to also handle systems including terms.

We first restrict ourselves to int-TRSs without constructor terms and with only linear conditions. We call such restricted systems Linear Integer Rewrite Systems (LIRS). The technique we present to synthesise polynomial interpretations is an extension of [PR04a], which was restricted to only handling single-path loops. It is similar to the approach presented in [ADFG10] for flowchart programs, but adapted to integer rewriting. As we will see, the advantage of restricting ourselves to linear programs and linear polynomial interpretations allows to synthesise an interpretation by solving linear integer arithmetic constraints only. For this, we can use any of a number of standard tools.

We normalise the rules in our LIRS such that the arguments on the left-hand side are just pairwise different variables x1, . . . , xp, so f(x, 1, x) is replaced by f(x1, x2, x3) and the constraints x2 = 1 and x1 = x3 are added. Similarly, we normalise the arguments on the right-hand side to variables y1, . . . , yq. As we are only considering integer rewriting, this

is a simple syntactic transformation that may lead to additional conjuncts in the rule constraint. We furthermore rename all fresh variables occurring only in the constraint to z1, . . . , zk. Then, all rules are of the form f(x1, . . . , xp) → g(y1, . . . , yq) J ϕ K with ϕ consisting of conjuncts of the formPp

j=1ai,jxj+Pqj=1bi,jyj+Pkj=1ci,jzj ./ difor coefficients

ai,j, bi,j, ci,j, di ∈ Z. Finally, we also normalise each conjunct into linear inequalities of the

formPp

j=1ajxj+Pqj=1bjyj+Pkj=1cjzj ≥ d. For this, we transform t = d into t ≤ d ∧ −t ≤

−d, and t < d into t ≤ d − 1. As our constraint is thus just a system of linear inequalities, we write it as A · (x1, . . . , xp, z1, . . . , zk, y1, . . . , yq)t ≤ d, where each row of A and entry of

d correspond to one inequality in our constraint.5

Example 3.22 (Normalising Linear Integer Rewrite Systems) We first normalise the Integer Rewrite System R with the following two rules:

f(n, v) → f(n, v0) _{J v > 0 ∧ v}0 = v − 1_K (3.12)

f(n, v) → f(n0, v0) _{J n > 0 ∧ n}0 = n − 1_K (3.13) First, we rename variable and write constraints as simple ≤-constraints:

f(x1, x2) → f(y1, y2) J −x2 ≤ −1 ∧ −x1+ y1 ≤ 0 ∧ x1− y1 ≤ 0∧ − x2 + y2 ≤ −1 ∧ x2− y2 ≤ 1K

f(x1, x2) → f(y1, y2) J −x1 ≤ −1 ∧ −x1+ y1 ≤ −1 ∧ x1− y1 ≤ 1K

5_{Variables typeset as v denote vectors, and by v}t_{, we denote the transposition of v. Furthermore, we}

compare column vectors point-wise, i.e., (v1, . . . , vn)t≤ (v01, . . . vn0)tholds iff

We then write this in matrix form and obtain f(x1, x2) → f(y1, y2) J            0 −1 0 0 −1 0 1 0 1 0 −1 0 0 −1 0 1 0 1 0 −1            ·         x1 x2 y1 y2         ≤            −1 0 0 −1 1            K (3.14) f(x1, x2) → f(y1, y2) J      −1 0 0 0 −1 0 1 0 1 0 −1 0      ·         x1 x2 y1 y2         ≤      −1 −1 1      K (3.15)

Definition 3.23 (Normalised Linear Integer Rewrite Systems) We call a set of

rules R a Normalised Linear Integer Rewrite System if all rules ρ ∈ R are of the form

f(x1, . . . , xp) → g(y1, . . . , yq) J A

ρ_·

x z yt≤ dρ_K

for vectors x = (x1, . . . , xp)t, y = (y1, . . . , yq)t, and z = (z1, . . . zk)t, Aρ∈ Zm×(p+q+k), and

dρ _{∈ Z}m, where m corresponds to the number of conjuncts in the constraint of the rule ρ and all xi, yj, and z` are pairwise different.

Based on this normal form, we can use standard tools from linear algebra to synthesise a linear ranking function. For this, we express the requirements on a polynomial interpretation inducing a reduction pair in the same syntax of vectors and matrices. So instead of searching for a (linear) polynomial pf ∈ Z[X1, . . . , Xn] for the symbol f, we

now search for a row vector µ_f _{∈ Z}1×n _{with µ}

f · (X1, . . . , Xn)t = pf. The conditions of Def. 3.18 on are thus that the constraints of rules f(x) → g(y)_{J A}ρ_{· (x, z, y)}t _{≤ d}

K imply Pol(f)(x) = µ_f · x ≥ µ_g· y = Pol(g)(y). Furthermore, for , we require that this last inequality is strict and that Pol(f)(x) = µ_f_{· x ≥ b holds for some b ∈ Z.}

Theorem 3.24 (Synthesising Linear Polynomial Interpretations) Let R be a

Normalised Linear Integer Rewrite System. We construct constraints for each rule ρ = f(x) → g(y) _{J A}ρ·(x, z, y)t _{≤ d}ρ

K ∈ R with x = (x1, . . . , xar (f)), y = (y1, . . . , yar (g)),

z = (z1, . . . , zk), Aρ ∈ Zm

ρ_{×(ar(f)+k+ar(g))}

, and dρ _{∈ Z}mρ×1, where mρ is the number of conjuncts in the constraints of ρ.

Let µ_f _{∈ Z}ar (f) _{for every f ∈ Σ and λ}ρ

1, λ

2 ∈ N 1×mρ

0 for every ρ ∈ R be such that the

λρ₁· Aρ₌

−µ_f 0 . . . 0 µ_g (3.16)

λρ₁ · dρ_≤ρ_{≤ 0} _(3.17)

Then we can define a polynomial interpretation Pol by Pol(f) = µ_f · (X1, . . . , Xar (f))t

and (Pol, Pol) is a reduction pair for R. Here, RPol are those rules where 

ρ_{is negative}

and the following holds:

λρ₂· Aρ₌

−µ_f 0 . . . 0 (3.18)

Proof. We first prove that for every f(x) → g(y) _{J A}ρ_{· (x, z, y)}t _{≤ d}ρ

K ∈ R, we indeed have Pol(f(x)) ≥ Pol(g(y)) ⇔ 0 ≥ −Pol(f(x)) + Pol(g(y)):

−Pol(f(x)) + Pol(g(y)) = −µ_f · x + µ_g· y by constr. of Pol

=−µ_f 0 . . . 0 µ_g·x z yt

= λρ₁· Aρ_·

x z yt by (3.16) ≤ λρ₁· dρ _{by the constraint of ρ and λ}ρ

1 ∈ N1×m

≤ ρ≤ 0 by (3.17)

Now, to prove that R is non-empty, we consider the rules ρ for which ρ is negative and (3.18) holds. For these, we have have −Pol(f(x)) + Pol(g(y)) ≤ ρ as above, and thus Pol(f(x)) + ρ _{≥ Pol(g(y)). As}ρ _{< 0, this entails a strict inequality. It remains}

to show that the value of Pol(f(x)) is bounded from below by some constant bρ_{∈ Z, or,}

equivalently, −Pol(f(x)) ≤ bρ_:

−Pol(f(x)) = −µ_f· x by constr. of Pol

=−µ_f 0 . . . 0·x z yt

= λρ₂ · Aρ·x z yt by (3.18)

≤ λρ₂· dρ _{by the constraint of ρ and λ}ρ

2 ∈ N1×m

= bρ

In the case of rank functions with rational coefficients (instead of integer coefficients), it is relatively easy to show that Thm. 3.24 is “complete” in the sense of being a sufficient and necessary condition for the existence of a linear polynomial interpretation that entails a reduction pair. For the formal proof, we refer to [Hoe12]. Furthermore, the rank functions obtained through Thm. 3.24 are truly linear in the sense of having no constant coefficient, and thus a function like X1 + X2 + 1 could not be found. However, this can easily be

extended by changing all defined symbol to contain a new argument that is always 1, and then using the coefficient obtained for this argument as constant coefficient.

Example 3.25 (Synthesising a Linear Polynomial Interpretation) We continue

with the LIRS from Ex. 3.22. For µ_f = 1 0, λ₁(3.14) = 0 1 0 0 0, λ(3.15)₁ =

0 1 0, and λ(3.15)₂ =1 0 0, we get the following:

λ(3.14)₁ · A(3.14) ₌ −µ_f µ_f λ(3.15)₁ · A(3.15) ₌_−µ f µf λ(3.15)₁ · m = −1 λ(3.15)₂ · A(3.15) ₌_−µ f 0

In document Termination analysis for imperative programs operating on the heap (Page 122-128)