An abstract interpretation framework for termination

Proof, verification and analysis methods for termination all rely on two induction principles: (1) a variant function or induction on data ensuring progress towards the end and (2) some form of induction on the program structure. The abstract interpretation design principle is first illustrated for the design of new forward and backward proof, verification and analysis methods for safety. The safety collecting semantics defining the strongest safety property of programs is first expressed in a constructive fixpoint form. Safety proof and checking/verification methods then immediately follow by fixpoint induction. Static analysis of abstract safety properties such as invariance are constructively designed by fixpoint abstraction (or approximation) to (automatically) infer safety properties. So far, no such clear design principle did exist for termination so that the existing approaches are scattered and largely not comparable with each other. For (1), we show that this design principle applies equally well to potential and definite termination. The trace-based termination collecting semantics is given a fixpoint definition. Its abstraction yields a fixpoint definition of the best variant function. By further abstraction of this best variant function, we derive the Floyd/Turing termination proof method as well as new static analysis methods to effectively compute approximations of this best variant function. For (2), we introduce a generalization of the syntactic notion of struc- tural induction (as found in Hoare logic) into a semantic structural induction based on the new semantic concept of inductive trace cover covering execution traces by segments, a new basis for formulating program properties. Its abstractions allow for generalized recursive proof, verification and static analysis methods by induction on both program structure, control, and data. Examples of particular instances include Floyd's handling of loop cutpoints as well as nested loops, Burstall's intermittent assertion total correctness proof method, and Podelski-Rybalchenko transition invariants.

[1]  Patrick Cousot,et al.  Induction principles for proving invariance properties of programs , 1982 .

[2]  Patrick Cousot,et al.  Precondition Inference from Intermittent Assertions and Application to Contracts on Collections , 2011, VMCAI.

[3]  Patrick Cousot,et al.  A parametric segmentation functor for fully automatic and scalable array content analysis , 2011, POPL '11.

[4]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[5]  Andreas Podelski,et al.  A Complete Method for the Synthesis of Linear Ranking Functions , 2004, VMCAI.

[6]  Patrick Cousot,et al.  A Scalable Segmented Decision Tree Abstract Domain , 2010, Essays in Memory of Amir Pnueli.

[7]  Rod M. Burstall,et al.  Program Proving as Hand Simulation with a Little Induction , 1974, IFIP Congress.

[8]  Zohar Manna,et al.  Axiomatic approach to total correctness of programs , 1973, Acta Informatica.

[9]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[10]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[11]  Andreas Podelski,et al.  Transition predicate abstraction and fair termination , 2005, POPL '05.

[12]  Patrick Cousot,et al.  The calculational design of a generic abstract interpreter , 1999 .

[13]  Stephan Merz,et al.  Model Checking , 2000 .

[14]  Patrick Cousot,et al.  'A la Floyd' induction principles for proving inevitability properties of programs , 1986 .

[15]  P. Cousot,et al.  Constructive versions of tarski's fixed point theorems , 1979 .

[16]  Patrick Cousot,et al.  Proving Program Invariance and Termination by Parametric Abstraction, Lagrangian Relaxation and Semidefinite Programming , 2005, VMCAI.

[17]  Patrick Cousot,et al.  Sometime = always + recursion ≡ always on the equivalence of the intermittent and invariant assertions methods for proving inevitability properties of programs , 1987, Acta Informatica.

[18]  Andreas Podelski,et al.  Summarization for termination: no return! , 2009, Formal Methods Syst. Des..

[19]  Patrick Cousot,et al.  Partial Completeness of Abstract Fixpoint Checking , 2000, SARA.

[20]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[21]  Lauretta O. Osho,et al.  Axiomatic Basis for Computer Programming , 2013 .

[22]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[23]  James H. Morris,et al.  Subgoal induction , 1977, CACM.

[24]  Eric Koskinen,et al.  Making prophecies with decision predicates , 2011, POPL '11.

[25]  Stephen A. Cook,et al.  Soundness and Completeness of an Axiom System for Program Verification , 1978, SIAM J. Comput..

[26]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[27]  Martín Hötzel Escardó,et al.  Joins in the Frame of Nuclei , 2003, Appl. Categorical Struct..

[28]  David Monniaux,et al.  Automatic modular abstractions for template numerical constraints , 2009, Log. Methods Comput. Sci..

[29]  Andreas Podelski,et al.  Transition invariants , 2004, Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science, 2004..

[30]  A. Tarski A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .

[31]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[32]  Patrick Cousot,et al.  Semantic foundations of program analysis , 1981 .

[33]  Patrick Cousot,et al.  Static Determination of Dynamic Properties of Recursive Procedures , 1977, Formal Description of Programming Concepts.

[34]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[35]  Peter Naur Proof of Algorithms by General Snapshots , 1966 .

[36]  Patrick Cousot,et al.  Inductive definitions, semantics and abstract interpretations , 1992, POPL '92.

[37]  Andreas Podelski,et al.  Proving that programs eventually do something good , 2007, POPL '07.

[38]  Jochen Hoenicke,et al.  Refinement of Trace Abstraction , 2009, SAS.

[39]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[40]  Kenneth L. McMillan,et al.  Invisible Invariants and Abstract Interpretation , 2011, SAS.

[41]  Robert W. Floyd,et al.  Assigning meaning to programs , 1967 .

[42]  Xavier Rival,et al.  The trace partitioning abstract domain , 2007, TOPL.

[43]  Armin Biere,et al.  Bounded model checking , 2003, Adv. Comput..

[44]  Sumit Gulwani,et al.  Proving Conditional Termination , 2008, CAV.

[45]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[46]  A. M. Turing,et al.  Checking a large routine , 1989 .

[47]  Patrick Cousot,et al.  Méthodes itératives de construction et d'approximation de points fixes d'opérateurs monotones sur un treillis, analyse sémantique des programmes , 1978 .

[48]  Christopher Strachey,et al.  Toward a mathematical semantics for computer languages , 1971 .

[49]  Amir Pnueli,et al.  Separating Fairness and Well-Foundedness for the Analysis of Fair Discrete Systems , 2005, TACAS.

[50]  Patrick Cousot,et al.  Verification by Abstract Interpretation , 2003, Verification: Theory and Practice.

[51]  Amir Pnueli,et al.  Modular Ranking Abstraction , 2007, Int. J. Found. Comput. Sci..

[52]  Radhia Cousot,et al.  "A la Burstall" Intermittent Assertions Induction Principles for Proving Inevitable Ability Properties of Programs , 1993, Theor. Comput. Sci..

[53]  Ofer Strichman,et al.  Bounded model checking , 2003, Adv. Comput..

[54]  P. Cousot Thesis: These d'Etat es sciences mathematiques: Methodes iteratives de construction et d'approximation de points fixes d'operateurs monotones sur un treillis, analyse semantique de programmes (in French) , 1978 .

[55]  Patrick Cousot,et al.  Constructive design of a hierarchy of semantics of a transition system by abstract interpretation , 2002, MFPS.

[56]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[57]  Radhia Cousot,et al.  Higher-order abstract interpretation (and application to comportment analysis generalizing strictness, termination, projection and PER analysis of functional languages) , 1994, Proceedings of 1994 IEEE International Conference on Computer Languages (ICCL'94).

[58]  Jérôme Feret The Arithmetic-Geometric Progression Abstract Domain , 2005, VMCAI.