Ranking Functions for Size-Change Termination II

The Size-Change Termination technique is based on a program abstraction for which termination is decidable. Termination is verified by a set of local termination proofs that account for all cycles in a control-flow graph. We present algorithms that construct a global ranking function for an SCT instance. Such functions serve as easy-to-check witnesses for termination, and are therefore interesting for purposes of program certification. Their particular form and complexity shed light on the theory of SCT termination proofs. Our constructions are simpler and more transparent than previously known. They improve the upper bound on the size of the ranking expression from triply exponential to singly exponential. Another contribution is a set of lowerbound results, proving that our constructions are optimal in a certain sense. An interesting point that arises from our constructions is the usefulness of multisets of data in ranking expression construction. 1 SCT and Ranking Functions in a Nutshell Let Val be a well-ordered set of data values. A control-flow graph (CFG) is a directed multigraph (F,C). The nodes are called flow-chart points or just flow-points. The set of arcs from f ∈ F to g ∈ F is Cfg. One of the nodes, f0, is initial or starting point. All nodes are reachable from f0. For each f ∈ F , we have a distinct set of parameters Par(f), representing data pertinent to describing the program state at this point. For simplicity, all such sets have the same size n. Formally, the set of (abstract) program states is S t = {(f, σ) | f ∈ F, σ : Par(f)→ Val} . For f, g ∈ F , a size-change graph (SCG) with source f and target g is a bipartite directed graph with source nodes corresponding to Par(f) and target nodes to Par(g). We write this fact as G : f → g. Arcs of G represent constraints on transitions (f, σ)→ (g, σ′). In the ordinary SCT formulation, there are just two types of arcs: a strict arc x ↓ → y represents strict descent, i.e., σ(x) > σ′(y). A non-strict arc x → y represents the constraint σ(x) ≥ σ′(y). We write G |= (f, σ) 7→ (g, σ′) if all constraints are satisfied. An SCT instance, or abstract program, also known as annotated controlflow graph (ACG), is a CFG where every arc c ∈ Cfg is annotated with a SCG Gc : f → g. Let G be an SCT instance (formally we view G as just the set of SCG’s, implicitly specifying the CFG). A G-multipath is a (finite or infinite) sequence M = G1G2 . . . of elements of G that label a corresponding directed path in the CFG, often denoted ? [email protected], cslee [email protected] by cs (for computation sequence, or call sequence—for functional programmers). We also view a multipath as the (finite or infinite) layered directed graph obtained by identifying the target nodes of Gi with the source nodes of Gi+1. A thread in M is a (finite or infinite) directed path in this graph. A thread is descending if it includes a strict arc; it is infinitely descending if it includes infinitely many strict arcs. G is said to satisfy SCT (or “terminate”) if every infinite multipath contains an infinitely-descending thread. This is a sufficient condition for termination of any program modelled by G (in fact, the most precise condition). In the rest of this paper, we only consider terminating instances. Let P (s, s′) be any predicate defined over pairs of states. We write G |= P (s, s′) if G |= s 7→ s′ ⇒ P (s, s′). A (global) ranking function for G is a function ρ : S t→W , where W is a well-ordered set, such that G |= ρ(s) > ρ(s′) for every G ∈ G. It is often convenient to write ρ(f, [x1 → v1, . . . , xn → vn]) as ρf (v1, . . . , vn). Constructing a ranking function for an SCT instance is sometimes a way to understand the type of “behaviour” that the instance expresses. Examples found in previous publications on SCT include programs where the maximum of parameters decreases (consider a standard recursive gcd function), programs where the minimum decreases and programs with a lexicographic descent in a tuple of parameters. It has recently been shown [4] that a ranking function can be constructed for any given SCT instance. It has the following form: ρ(s) = min(maxS1,maxS2, . . .) where maxSi represents the maximum element among a set Si of vectors of parameter values and constants, where vectors are lexicographically ordered. We refer to the above form of expressions as min[max[V ]] where V refers to the type of vectors. Here is an example: Consider an SCT instance consisting of the graphs G1, G2, G3 : f0 → f0 drawn below; the heavy arcs are strict.