Abstract
Proof, verification and analysis methods for termination all rely on two induction principles: (1) a variant function or induction on data ensuring progress towards the end and (2) some form of induction on the program structure. The abstract interpretation design principle is first illustrated for the design of new forward and backward proof, verification and analysis methods for safety. The safety collecting semantics defining the strongest safety property of programs is first expressed in a constructive fixpoint form. Safety proof and checking/verification methods then immediately follow by fixpoint induction. Static analysis of abstract safety properties such as invariance are constructively designed by fixpoint abstraction (or approximation) to (automatically) infer safety properties. So far, no such clear design principle did exist for termination so that the existing approaches are scattered and largely not comparable with each other.
For (1), we show that this design principle applies equally well to potential and definite termination. The trace-based termination collecting semantics is given a fixpoint definition. Its abstraction yields a fixpoint definition of the best variant function. By further abstraction of this best variant function, we derive the Floyd/Turing termination proof method as well as new static analysis methods to effectively compute approximations of this best variant function.
For (2), we introduce a generalization of the syntactic notion of struc- tural induction (as found in Hoare logic) into a semantic structural induction based on the new semantic concept of inductive trace cover covering execution traces by segments, a new basis for formulating program properties. Its abstractions allow for generalized recursive proof, verification and static analysis methods by induction on both program structure, control, and data. Examples of particular instances include Floyd's handling of loop cutpoints as well as nested loops, Burstall's intermittent assertion total correctness proof method, and Podelski-Rybalchenko transition invariants.
Supplemental Material
- I. Balaban, A. Pnueli, and L. Zuck. Modular ranking abstraction. Int. J. Found. Comput. Sci., 18(1):5--44, 2007.Google Scholar
Cross Ref
- A. Biere, A. Cimatti, E. Clarke, O. Strichman, and Y. Zhu. Bounded model checking. Advances in Computers, 58:118--149, 2003.Google Scholar
- R. Burstall. Program proving as hand simulation with a little induction. Information Processing, 308--312. North-Holland, 1974.Google Scholar
- E. Clarke, O. Grumberg, and D. Peled. Model Checking. MIT Press, 1999. Google Scholar
Digital Library
- M. Clarkson and F. Schneider. Hyperproperties. Journal of Computer Security, 18(6):1157--1210, 2010. Google Scholar
Digital Library
- B. Cook and E. Koskinen. Making prophecies with decision predicates. POPL, 399--410, 2011. Google Scholar
Digital Library
- B. Cook, A. Gotsman, A. Podelski, A. Rybalchenko, and M. Vardi. Proving that programs eventually do something good. POPL, 265--276, 2007. Google Scholar
Digital Library
- B. Cook, S. Gulwani, T. Lev-Ami, A. Rybalchenko, and M. Sagiv. Proving conditional termination. CAV, LNCS 5123, 328--340, 2008. Google Scholar
Digital Library
- B. Cook, A. Podelski, and A. Rybalchenko. Summarization for termination: no return! Form. Methods Syst. Des., 35:369--387, 2009. Google Scholar
Digital Library
- S. Cook. Soundness and completeness of an axiom system for program verification. SIAM J. Comput., 7:70--80, 1978.Google Scholar
Digital Library
- P. Cousot. Méthodes itératives de construction et d'approximation de points fixes d'opérateurs monotones sur un treillis, analyse sémantique de programmes. Thèse d'État ès sciences math., USMG, Grenoble, 1978.Google Scholar
- P. Cousot. Semantic foundations of program analysis. Program Flow Analysis: Theory and Applications, ch. 10, 303--342. Prentice-Hall, 1981.Google Scholar
- P. Cousot. The calculational design of a generic abstract interpreter. M. Broy and R. Steinbrüggen, eds., Calculational System Design. NATO ASI Series F. IOS Press, Amsterdam, 1999.Google Scholar
- P. Cousot. Partial completeness of abstract fixpoint checking. SARA, LNCS 1864, 1--25, 2000. Google Scholar
Digital Library
- P. Cousot. Constructive design of a hierarchy of semantics of a transition system by abstract interpretation. TCS, 277(1-2):47--103, 2002. Google Scholar
Digital Library
- P. Cousot. Verification by abstract interpretation. Proc. Int. Symp. on Verification -- Theory & Practice, LNCS 2772, 243--268, 2003.Google Scholar
Cross Ref
- P. Cousot. Proving program invariance and termination by parametric abstraction, Lagrangian relaxation and semidefinite programming. VMCAI, LNCS 3385, 1--24, 2005. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Static determination of dynamic properties of programs. Proc. 2nd Int. Symp. on Programming, 106--130. Dunod, Paris, 1976.Google Scholar
- P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. POPL, 238--252, 1977. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Static determination of dynamic properties of recursive procedures. Formal Description of Programming Concepts, 237--277. North-Holland, 1977.Google Scholar
- P. Cousot and R. Cousot. Systematic design of program analysis frameworks. POPL, 269--282, 1979. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Constructive versions of Tarski's fixed point theorems. P. J. of Math., 82(1):43--57, 1979.Google Scholar
Cross Ref
- P. Cousot and R. Cousot. Induction principles for proving invariance properties of programs. Tools & Notions for Program Construction: an Advanced Course, 75--119. Cambridge University Press, Cambridge, UK, 1982.Google Scholar
- P. Cousot and R. Cousot. "À la Floyd" induction principles for proving inevitability properties of programs. Algebraic methods in semantics, 277--312. Cambridge University Press, Cambridge, UK, 1985. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Sometime = always + recursion - always, on the equivalence of the intermittent and invariant assertions methods for proving inevitability properties of programs. Acta Informatica, 24:1--31, 1987. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation frameworks. JLC, 2(4):511--547, 1992.Google Scholar
- P. Cousot and R. Cousot. Comparing the Galois connection and widening/narrowing approaches to abstract interpretation. PLILP, LNCS 631, 269--295, 1992. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Inductive definitions, semantics and abstract interpretation. POPL, 83--94, 1992. Google Scholar
Digital Library
- P. Cousot and R. Cousot. "À la Burstall" intermittent assertions induction principles for proving inevitable ability properties of programs. TCS, 120(1): 123--155, 1993. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Higher-order abstract interpretation (and application to comportment analysis generalizing strictness, termination, projection and PER analysis of functional languages). Int. Conf. on Comp. Lang., 95--112, 1994.Google Scholar
Cross Ref
- P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. POPL, 84--97, 1978. Google Scholar
Digital Library
- P. Cousot, R. Cousot, and L. Mauborgne. A scalable segmented decision tree abstract domain. Time for Verification, Essays in Memory of A. Pnueli, LNCS 6200, 72--95, 2010. Google Scholar
Digital Library
- P. Cousot, R. Cousot, and F. Logozzo. A parametric segmentation functor for fully automatic and scalable array content analysis. POPL, 105--118, 2011. Google Scholar
Digital Library
- P. Cousot, R. Cousot, and F. Logozzo. Precondition inference from intermittent assertions and application to contracts on collections. VMCAI, LNCS 6538, 150--168, 2011. Google Scholar
Digital Library
- R. Cousot. Fondements des méthodes de preuve d'invariance et de fatalité de programmes parallèles. Thèse d'État ès sciences math, INPL, Nancy, 1985.Google Scholar
- B. Davey and H. Priestley. Introduction to Lattices and Order, 2nd Edition. Cambridge University Press, 2002.Google Scholar
Cross Ref
- E. Dijkstra. Guarded commands, nondeterminacy and formal derivation of programs. CACM, 18(8):453--457, 1975. Google Scholar
Digital Library
- E. Dijkstra. A Discipline of Programming. Prentice-Hall, 1976. Google Scholar
Digital Library
- J. Feret. The arithmetic-geometric progression abstract domain. VMCAI, LNCS 3385, 42--58, 2005. Google Scholar
Digital Library
- R. Floyd. Assigning meaning to programs. Proc. Symp. in Applied Math., Vol. 19, 19--32. Amer. Math. Soc., 1967.Google Scholar
Cross Ref
- S. Graf and H. Saïdi. Construction of abstract state graphs with PVS. CAV, LNCS 1254, 72--83, 1997. Google Scholar
Digital Library
- M. Heizmann, J. Hoenicke, and A. Podelski. Refinement of trace abstraction. SAS, LNCS 5673, 69--85, 2009. Google Scholar
Digital Library
- C. Hoare. An axiomatic basis for computer programming. Communications of the Association for Computing Machinery, 12(10):576--580, 1969. Google Scholar
Digital Library
- Z. Manna and A. Pnueli. Axiomatic approach to total correctness of programs. Acta Inf., 3:243--263, 1974.Google Scholar
Digital Library
- K. McMillan and L. Zuck. Invisible invariants and abstract interpretation. SAS, LNCS 6887, 249--262, 2011. Google Scholar
Digital Library
- A. Miné. The octagon abstract domain. HOSC, 19:31--100, 2006. Google Scholar
Digital Library
- D. Monniaux. Automatic modular abstractions for template numerical constraints. Logical Methods in Comp. Sci., 6(3), 2010.Google Scholar
- J. Morris and B. Wegbreit. Subgoal induction. CACM, 20(4):209--222, 1977. Google Scholar
Digital Library
- P. Naur. Proofs of algorithms by general snapshots. BIT, 6:310--316, 1966.Google Scholar
Cross Ref
- D. Pataria. A constructive proof of Tarski's fixed-point theorem for DCPO's. Reported by M.H. Escardó in "Joins in the frame of nuclei", Applied Categorical Structures 11 (2) 117--124, 2003.Google Scholar
Cross Ref
- G. Plotkin. A structural approach to operational semantics. Technical Report DAIMI FN-19, Aarhus University, 1981.Google Scholar
- A. Pnueli, A. Podelski, and A. Rybalchenko. Separating fairness and wellfoundedness for the analysis of fair discrete systems. TACAS, LNCS 3440, 124--139, 2005. Google Scholar
Digital Library
- A. Podelski and A. Rybalchenko. Transition invariants. LICS, 32--41, 2004. Google Scholar
Digital Library
- A. Podelski and A. Rybalchenko. A complete method for the synthesis of linear ranking functions. VMCAI, LNCS 2937, 239--251, 2004.Google Scholar
Cross Ref
- A. Podelski and A. Rybalchenko. Transition predicate abstraction and fair termination. POPL, 132--144, 2005. Google Scholar
Digital Library
- X. Rival and L. Mauborgne. The trace partitioning abstract domain. TOPLAS, 29(5), 2007. Google Scholar
Digital Library
- D. Scott and C. Strachey. Towards a mathematical semantics for computer languages. Tech. rep. PRG-6, Oxford Univ. Comp. Lab., 1971.Google Scholar
- A. Tarski. A lattice theoretical fixpoint theorem and its applications. P. J. of Math., 5:285--310, 1955.Google Scholar
Cross Ref
- R. Turing. Checking a large routine. Con. on High Speed Automatic Calculating Machines, Math. Lab., Cambridge, UK, 67--69, 1949.Google Scholar
Index Terms
An abstract interpretation framework for termination
Recommendations
Abstract interpretation: past, present and future
CSL-LICS '14: Proceedings of the Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)Abstract interpretation is a theory of abstraction and constructive approximation of the mathematical structures used in the formal description of complex or infinite systems and the inference or verification of their combinatorial or undecidable ...
An abstract interpretation framework for termination
POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesProof, verification and analysis methods for termination all rely on two induction principles: (1) a variant function or induction on data ensuring progress towards the end and (2) some form of induction on the program structure. The abstract ...
A Purely Logical Approach to the Termination of Imperative Loops
SYNASC '10: Proceedings of the 2010 12th International Symposium on Symbolic and Numeric Algorithms for Scientific ComputingWe present and illustrate a method for the generation of the termination conditions for nested loops with abrupt termination statements. The conditions are (first-order) formulae obtained by certain transformations of the program text. The loops are ...







Comments