Advertisement

Formal Methods in System Design

, Volume 47, Issue 2, pp 204–229 | Cite as

Proving mutual termination

  • Dima Elenbogen
  • Shmuel Katz
  • Ofer StrichmanEmail author
Article

Abstract

Two programs are said to be mutually terminating if they terminate on exactly the same inputs. We suggest inference rules and a proof system for proving mutual termination of a given pair of procedures \(\langle \) \(f\), \(f'\) \(\rangle \) and the respective subprograms that they call under a free context. Given a (possibly partial) mapping between the procedures of the two programs, the premise of the rule requires proving that given the same arbitrary input in, f(in) and \(f'(in)\) call procedures mapped in the mapping with the same arguments. A variant of this proof rule with a weaker premise allows to prove termination of one of the programs if the other is known to terminate. In addition, we suggest various techniques for battling the inherent incompleteness of our solution, including a case in which the interface of the two procedures is not identical, and a case in which partial equivalence (the equivalence of their input/output behavior) has only been proven for some, but not all, the outputs of the two given procedures. We present an algorithm for decomposing the verification problem of whole programs to that of proving mutual termination of individual procedures, based on our suggested inference rules. The reported prototype implementation of this algorithm is the first to deal with the mutual termination problem.

Keywords

Regression-verification Program termination Mutual termination 

Notes

Acknowledgments

This material is based on research sponsored by the Air Force Research Laboratory, under agreement number FA8655-11-1-3006. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon.

Compliance with Ethical Standards

Conflicts of interest

The authors declare that they have no conflict of interest.

References

  1. 1.
  2. 2.
  3. 3.
    Barnett M, Chang BYE, DeLine R, Jacobs B, Leino KRM (2005) Boogie: a modular reusable verifier for object-oriented programs. In: de Boer FS, Bonsangue MM, Graf S, de Roever WP (eds) FMCO, lecture notes in computer science, vol 4111. Springer, Berlin, pp 364–387Google Scholar
  4. 4.
    Bradley AR, Manna Z, Sipma HB (2005) Linear ranking with reachability. In: Etessami K, Rajamani SK (eds) CAV., LNCSSpringer, Berlin, pp 491–504Google Scholar
  5. 5.
    Clarke E, Kroening D (2003) Hardware verification using ANSI-C programs as a reference. In: Proceedings of ASP-DAC. IEEE Computer Society Press, Los Alamitos, pp 308–311Google Scholar
  6. 6.
    Cook B, Podelski A, Rybalchenko A (2005) Abstraction refinement for termination. SAS 5:87–101MathSciNetGoogle Scholar
  7. 7.
    Cook B, Podelski A, Rybalchenko A (2011) Proving program termination. Commun ACM 54(5):88–98CrossRefGoogle Scholar
  8. 8.
    Elenbogen D (2014) Proving mutual termination of programs. Master’s thesis, Technion, Israel Institute of Technology, http://www.cs.technion.ac.il/~edima/msc-thesis.pdf
  9. 9.
    Elenbogen D, Katz S, Strichman O (2013) Proving mutual termination of programs. In: Bertacco V, Legay A (eds) Hardware and software: verification and testing (HVC’12). Springer, Berlin, pp 24–39CrossRefGoogle Scholar
  10. 10.
    Even S (1979) Graph algorithms. Computer Science Press, RockvillezbMATHGoogle Scholar
  11. 11.
    Floyd R (1967) Assigning meanings to programs. Proc Symp Appl Math 19:19–32MathSciNetCrossRefGoogle Scholar
  12. 12.
    Garner LE (1981) On the Collatz 3n + 1 algorithm. Proc Am Math Soc 82(1):19–22zbMATHMathSciNetGoogle Scholar
  13. 13.
    Godlin B (2008) Regression verification: theoretical and implementation aspects. Master’s thesis, Technion, Israel Institute of TechnologyGoogle Scholar
  14. 14.
    Godlin B, Strichman O (2008) Inference rules for proving the equivalence of recursive procedures. Acta Inf 45(6):403–439zbMATHMathSciNetCrossRefGoogle Scholar
  15. 15.
    Godlin B, Strichman O (2013) Regression verification—proving equivalance of similar programs. J Softw Test Verif Reliab 23(3):241–258CrossRefGoogle Scholar
  16. 16.
    Godlin B, Strichman O (2009) Regression verification. In: \(46\)th Design automation conference (DAC)Google Scholar
  17. 17.
    Hawblitzel C, Kawaguchi M, Lahiri SK, Rebêlo H (2013) Towards modularly comparing programs using automated theorem provers. In: Bonacina MP (ed) CADE, vol 7898., Lecture notes in computer scienceSpringer, Berlin, pp 282–299Google Scholar
  18. 18.
    Kawaguchi M, Lahiri SK, Rebelo H (2010) Conditional equivalence. Tech Rep MSR-TR-2010-119, Microsoft ResearchGoogle Scholar
  19. 19.
    Loughry J, van Hemert J, Schoofs L (2000) Efficiently enumerating the subsets of a set. Unpublished. Available from http://applied-math.org/subset.pdf
  20. 20.
    Manna Z, McCarthy J (1969) Properties of programs and partial function logic. Mach Intell 5:27–37zbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.CS, TechnionHaifaIsrael
  2. 2.Information Systems EngineeringIE, TechnionHaifaIsrael

Personalised recommendations