Termination
Motivations
Termination is essential to proof correctness of programs.
But
Termination is an indecidable property.
1
Indecidability of termination
Leta1, a2, a3, . . . be an enumeration of all the algorithms on integers. We dene the following functions :
end(i, n)≡1if ai(n) terminates Diag(i)≡ if end(i, i) = 1 then loop end(i, n)≡0if ai(n)¬terminates else stop
For everyi,Diag(i) terminates iai(i)does not terminate.
But Diag is al algorithm, so that∃aj s.t.Diag=aj. We then have Diag(j)terminates i aj(j)terminates, that is
aj(j)terminates iaj(j)does not terminate.
Which is the error in the proof ? The existence of the fonction end.
Termination of a very simple system
f(g(x), y)→f(y, y) is not even trivial !
f(g(a), g(a))→f(g(a), g(a))→f(g(a), g(a))→. . .
The case of typed lambda calculus
Not very expressive (extended polynomials, total).
Termination is not trivial.
Many dierent proofs in the literature.
Even the simplest (arithmetical) proof is subtle.
4
Strong normalization of typed lambda calculus Théorème : Every typedterm is normalising, i.e. ifΓ`t:A, then t∈SNβ.
5
Some General Remarks
Typing is stable by (typed) substitution : ift is of typed A, and x, uare of typed B, then t{x/u} is of typed A.
SN is not stable by substitution. Example : x x∈SN, λy.y y∈ SN, but (x x){x/λy.y y}= ∆ ∆∈/ SN. t∈SN
i there is no innite reduction sequence starting att i every reduction sequence starting att is nite i∀t0 [(t→β t0)impliest0∈ SN].
A particular case :t∈SN ift is in normal form.
The standard order between types is given by A < A→B and B < A→B.
Thus base types are minimal with respect this order.
u∈SN i λy.u∈SN.
u1. . . nn∈SN ix u1. . . un∈SN.
Given t∈SN we dene µ(t) as the maximal lenght of a
reduction sequence starting at t. We observe that t→ t0implies µ(t0)< µ(t).
Third Proof of the SN property
Lemme :Ift and u are typed and SN, thent{x/u} is SN.
Proof. By induction on htype(u), µ(t), size(t)i.
The base case hbase type, 0, 1iis trivial.
Caset=λy.v is straightforward (size(t)strictly decreases).
Caset=y ~cn with x6=y is straightforward (µ(t)decreases and size(t)strictly decreases.).
Caset=x. We havex{x/u}=u∈SN by hypothesis.
Caset=x b ~cn. By i.h. B=b{x/u} and Ci =ci{x/u} are SN.
We want to show that u B ~Cn is SN. It is sucient to show that all its reducts are SN. We reason by inductionon µ(u) +µ(B) + Σi µ(Ci). The reducts are
8
u0 B ~Cn, where u→ u0. Apply the i.h.
u B0 C~n, where B→ B0. Apply the i.h.
u B C1. . . Ci0. . . Cn, where Ci → Ci0. Apply the i.h.
u0{y/B}C~n, where u=λy.u0. But u0{y/B}C~n = (z ~Cn){z/u0{y/B}}and
type(u0{y/B})< type(u). We thus conclude by thei.h. since both z ~Cn and u0{y/B} are typed and SN.
Case t= (λz.b)c ~d. By i.h.B =b{x/u} and C =c{x/u} and Di =di{x/u} are SN. Suppose t{x/u}= (λz.B)C ~Dn ∈/ SN.
Then B{z/C} D~n ∈/ SN. ButB{z/C} D~n= (b{z/c}d~n){x/u}
and µ(b{z/c}d~n)< µ(t). ThusB{z/C} D~n ∈SN by the i.h.
Contradiction. Thus t{x/u}= (λz.B)C ~Dn∈ SN.
9
Théorème : Ift is typable, thent is SN.
Proof. By induction on the structure of t.
Caset=xis trivial.
Caset=λy.u holds by the i.h.
For the caset=u v use the fact thatt= (z v){z/u} and apply previous lemma.
How to model ?
Rewrite systems :
0 +y → y
s(x) +y → s(x+y)
0∗y → 0
s(x)∗y → (x∗y) +y Rewrite reductions :
s(s(s(0)))∗s(s(0))→∗s(s(s(s(s(s(0))))))
Rewrite Systems
A signatureΣ is a non-empty set offunction symbols s.t. every f ∈Σ has anarityn. We write f/nif the symbolf has arityn.
LetX be a set of variables and let Σ be a signature. The set T(X,Σ) ofterms over X and Σ is dened as follows : Ifx∈ X, then x∈ T(X,Σ)
Iff/n∈Σ, andt1, . . . , tn∈ T(X,Σ), then f(t1, . . . , tn)∈ T(X,Σ)
We write V ar(t) for the set of variables of the termt. A term ist is closedif V ar(t) =∅.
12
Rewrite Systems
Rewrite rule : a pair l→rs.t.
V ar(r)⊆V ar(l) l is not a variable Rewrite system : a set of rewrite rules.
Rewrite step : A terms R-rewrites tot is→R t can be derived from the following system :
l→r∈ R and σ is a subst.
σ(l)→R σ(r) (head) s0 →R t0
u[s0]→R u[t0] (context)
13
Exemple :Consider the following rewrite system
R=
f(x, x) → c
a → b
f(x, b) → d We construct the following rewrite steps f(a, a)→f(a, b)→f(b, b)→c
f(a, a)→f(a, b)→d
Basic vocabulary
A term s is anR-redexi s=θ(l)for some l→r∈ R and some substitutionθ.
A term s is anR-contractumi s=θ(r)for some l→r∈ R and some substitution θ.
A term t is R-reduciblei there existss s.t.t→R s.
Exemple : The termf(a, a)is reducible, the termc is not reducible.
A term t is inR-normal form i it is no R-reducible.
A term s is a R-normal form ofti t→∗Rs and s is in R-normal form.
Exemple : The terms c and dare normal forms of f(a, a).
Termination notions
ThesystemR is weakly normalising (WN) i every element has at least oneR-normal form.
ThesystemR terminates or is strongly normalising (SN) or noetherien orwell-founded (WF) i everyR-reduction sequence starting ats is nite. We notes∈SNR.
16
Weak vs strong normalisation
R=
f(a) → c f(x) → f(a)
The system is weakly normalising but not strongly normalising : f(b)→f(a)→c
f(b)→f(a)→f(a). . .
17
Techniques to show termination Reduction orders
Particular case : interpretations
Example of interpretation : polynomial orders Useful orders :
Lexicographique order Multi-set order Simplication orders
General result Example : RPO Combination of orders :
Motivations Postponment
Projection/simulation Dependency pairs
Termination by reduction orders Pre-order : reexive and transitive relation.
Partial order: reexive, antisymmetric and transitive relation.
Strict order: ireexive and transitive and thus antisymmetric
relation.
A strict order over a signature Σ is a reduction order i 1. Each symbolf ∈Σ is monotone w.r.tÂ
2. Â is stable by substitution 3. Â is WF
Why reduction orders are important ?
20
Théorème : A rewriting system R terminates ithere exists a reduction order  s.t. lÂr for every rewriting rule l→r∈ R.
21
How does it work ? Does R terminate ?
R=
por(x,t) → t por(t, x) → t
The number of symbol decreases....
sÂt i |s|
size of s
>|t| is not a reduction order :
|por(x,por(y,t))|>|por(y, y)| but
|por(t,por(por(t,t),t))| 6>|por(por(t,t),por(t,t))|.
sÂt i |s|>|t|and for every variablexwe have |s|x
number of x in s
≥ |t|x is a reduction order.
Interpretation as particular case of reduction order The reduction order is rst dened on the interpretationof terms, and not directly on terms.
Let ÂA be a WF strict order over the domain of aΣ-algebra A.
Dénition : The associated order  over the terms is given by : sÂt i Φ(s)ÂA
This order is dened on the interpretations of s and t
Φ(t)for all homomorphismsΦ :T(X,Σ)→ A
Théorème : If for every f ∈Σ, the interpretation fA is monotone w.r.t. ÂA, then  is a reduction order.
Example : polynomial orders
A polynomialΣ-algebre PIN is dened by : A domain which is a subset of IN+ A polynomial Pf
with n indeterminates and coecients inIN for everyf/n∈Σ, there is s.t.
fPIN(a1, . . . , an) =Pf(a1, . . . , an).
Exemple :Let Σ ={f/2,g/2,a/0}. Consider the morphism Φ given polynomials Pf(x, y) =x.y and Pg(x, y) = 2.x+y+ 1 and Pa= 2. Then we have Φ(f(a, g(a, a))) = 2.(2.2 + 2 + 1).
Problem : Polynomials are not necessarily monotone, for example ifPf(X, Y) =X2we have3 >2but Pf(2,3) = 46>4 =Pf(2,2).
24
Towards a polynomial order as interpretation
A polynomial P is completely monotonei it depends on all its indeterminates.
Exemple : P(x, y) = 3.x+y+ 2 and P(x, y) =x.y are all completely monotone.
Théorème : LetPIN be a polynomail Σ-algebra. If every fPIN is a completely monotone polynomial, then the order Âassociated to ÂPIN is a reduction order.
25
How does it work ?
Does R terminate ? R=n
f(x,g(y, z)) → g(f(x, y),f(x, z))
1. Dene the domain : IN− {0,1}.
2. Dene a polynomial for every function symbol : Pf(x, y) =x.y etPg(x, y) = 2.x+y+ 1.
3. Prove that f(x, g(y, z))Âg(f(x, y), f(x, z)) : Prove
σ(x).(2.σ(y) +σ(z) + 1)ÂPIN 2.σ(x).σ(y) +σ(x).σ(z) + 1 for every σ(x), σ(y), σ(z)6= 0,1.
Lexicographic order - particular case
Let (A1, >A1) and (A2, >A2)be two strict ordered sets.
(x, y)>lex(x0, y0)i(x >A1 x0) or(x=x0 and y >A2 y0) Exemple :
(4,”abc”)>lex(3,”abc”)>lex (2,”abcde”)>lex
(2,”bcde”)>lex (2,”e”)>lex(1,”e”)>lex(0, ²)
Lexicographic order - General case
If every>Ai is a strict order over the set Ai, then >lex is a strict order overA1×. . .× An dened as follows :
(x1, . . . , xn)>lex(x01, . . . , x0n) i ∃1≤j ≤n
(xj >Aj x0j and ∀1≤i < j xi =x0i)
Théorème : Every order >Ai over Ai is well-founded i the lexicographic order >lex over A1×. . .× An is well-founded.
28
How does it work ?
Does the following program terminate ? ackerman(0,n) → n+1
ackerman(m+1,0) → ackerman(m,1)
ackerman(m+1,n+1) → ackerman(m,ackerman(m+1,n))
Proof. We show that ackerman(m, n) terminates by induction on (m, n)w.r.t. the lexicographic order.
29
Another example ?
Does the following program terminate ? f(f(x)) → g(f(x)) g(g(x)) → f(x)
Proof. We show thatt→uimplies (|t|,|t|f)>lex(|u|,|u|f).
Multi-set order
A multi-set over a setAis a function M:A →IN. It is nite if M(x)>0 only for a nite number of elements of A.
Exemple : {{a, a, b}}.
Let M and N be two multi-sets. The multi-set unionis dened by M ] N(a) =M(a) +N(a).
Multi-set order
Let a strict order. The associated relation Âmul is given by the transitive closure of the relationÂmul :
M ]{{x}}Âmul M ]{{y1, . . . , yn}}, wheren≥0 and ∀i, xÂyi. Exemple :{{5,3,1,1}} Âmul {{4,3,3,1}}.
Since {{5,3,1,1}} Âmul{{4,3,3,1,1}} Âmul{{4,3,3,1}}
Théorème : Let be a strict order over A, then  is WF i Âmul is WF.
32
How does it work ?
A rich but bored man decides to have fun every day with his money (in euros) in the following way :
either he throw a coin in the fountain,
or he changes a banknote into an arbitrary amount of coins.
Show that the man necessarily becomes poor.
Represent the initial amount of money by a multi-set.
Represent the daily activity of the man by a decreasing order on multi-sets.
33
Other known examples Hercules defeats Hydra
Cut elimination in Gentzen style systems Amoebae reproduction
Recursive Path Orderings
Simplication orders
A simplication order over T(X,Σ)is an order Âs.t.
1. All the symbols of Σ are monotone w.r.t  2.  is stable by substitution
3. t . uimplies tÂu
Example : embedding
The relationsDemb t holds i one of the following cases hold sand t are the same variable
s=f(s1, . . . , sn)and t=f(t1, . . . , tn)and ∀i si Demb ti
s=f(s1, . . . , sn)and there isj s.t.sj Demb t
Exemple :f(f(h(h(a)), h(x)), f(h(x), a)).embf(f(a,x),x)
36
Termination by simplication orders
Lemme : The relation.emb is contained in every simplication order.
Lemme : If is a simplication order, then it is a reduction order (and thus WF).
Proof. Uses the famous Kruskal's Theorem.
37
And the inverse ?
LetR=f(f(x))→ f(g(f(x))).
The systemR terminates (exercice).
Thus →+R is a reduction order.
Suppose that→+R is also a simplication order.
Then f(g(f(x)))Demb f(f(x)) implies f(g(f(x)))→+ f(f(x))→+f(g(f(x))). . ..
Contradiction with the termination of R.
Example : Recursive Path Ordering Let %Σ be a pre-order
reexive and transitive
over Σ. We associate to every symbol f ∈Σ a statusin {LEX, MUL} s.t. iff ∼g, then
f and g have the same status,
and if the status is LEX, then f and g have the same arity.
We note f ∈ΣLEX to indicate that f ∈Σ has LEX status.
The order Ârpo
Let%Σ be a pre-order over a signatureΣ such that ÂΣ is WF.
TheRPO is given bysÂrpo t i
1. [sub-term] s=f(s1, . . . , sn)and ∃i s.t.si Ârpot orsi =t or 2. [Two symbols]s=f(s1, . . . , sn),t=g(t1, . . . , tm)and one of
the following conditions is veried
(a) [precedence]f ÂΣg and for allj,sÂrpo tj
(b) [multi-set]f ∼Σg have MUL status and {{s1, . . . , sn}}(Ârpo)mul{{t1, . . . , tm}}.
(c) [lexicographic]f ∼Σg have LEX status and
(s1, . . . , sn)(Ârpo)lex(t1, . . . , tm)and for allj, sÂrpotj 40
Alternative denition of RPO
∃i(si Ârpo tor si =t) f(s1, . . . , sn)Ârpo t [1]
f ÂΣg and ∀j sÂrpo tj
[2.a]
s=f(s1, . . . , sn)Ârpo g(t1, . . . , tm)
f ∼Σg ∈ΣMUL and {{s1, . . . , sn}}(Ârpo)mul {{t1, . . . , tm}}
[2.b]
s=f(s1, . . . , sn)Ârpo g(t1, . . . , tm) =t
f ∼Σg ∈ΣLEX and (s1, . . . , sn)(Ârpo)lex (t1, . . . , tm) and ∀j sÂrpotj
[2.c] s=f(s1, . . . , sn) Ârpo g(t1, . . . , tm) =t
41
Remarks
Is this denition well-founded ?
Can we avoid condition sÂrpo tj in case LEX [2.c] ?
We would have that aÂΣa0 impliesf(a, b)Ârpo f(a0,f(a, b)) If all the symbols are LEX, the order is known asLP O.
If all the symbols are MUL, the order is known as MP O.
Property of Ârpo
Théorème : If the pre-order %Σ is WF, then its associated relation Ârpo is also WF.
The RPO was extended to the higher-order case by Jouannaud and Rubio.
Simple example
R
0 +y →r1 y
s(x) +y →r2 s(x+y) 0∗y →r3 0
s(x)∗y →r4 (x∗y) +y
Dene∗ ÂΣ+ÂΣsÂΣ0, all with MUL (or LEX) status.
Show thatl >rpor for every rule l→r∈ R.
44
Thus for example for rule s(x)∗y →r4(x∗y) +y
∗ ÂΣ+
∗ ∼Σ∗
x=x s(x)Ârpo x
{{s(x), y}} (Ârpo)mul {{x, y}}
s(x)∗yÂrpo (x∗y)
y=y s(x)∗y Ârpo y s(x)∗yÂrpo (x∗y) +y
45
Famous example : cut elimination in intuitionistic logic
x[x/t] → t
y[x/t] → y
(λz.u)[x/t] → λz.u[x/t]
(yofuiswinv)[x/t] → yofu[x/t]iswinv[x/t]
(xofuiswinv)[x/y] → yofu[x/y]iswinv[x/y]
(xofuiswinv)[x/λz.t] → v[x/λz.t][w/t[z/u[x/λz.t]]]
(xofuiswinv)[x/x0oft0iszint] → x0oft0iszin((xofuiswinv)[x/t])
Combining orders
Suppose two SN relations R1 and R2. What about R1∪R2? Counter-example by Toyama :
R1=f(x, a, b)→f(x, x, x) R2=
g(x, y)→x g(x, y)→y The systems R1 and R2
which do not share symbols !
are SN butR1∪R2 is not :
f(g(a, b), g(a, b), g(a, b))→R2 f(g(a, b), a, g(a, b))→R2
f(g(a, b), a, b)→R1 f(g(a, b), g(a, b), g(a, b))→. . .
Termination by postponement
A relation R can bepostponedw.r.t. a relation S i for alls, t, us.t. s →R t →S u
there isv s →+S v →∗R∪S u
Théorème : LetR and S be two WF relations s.t.R can be postponed w.r.t.S. Then the relationR∪S is WF.
Corollaire :IfS is WF, thenS∪. is WF.
48
First example
Consider the simply typed λ-calculus with the following rules : (λx.M)N →β M{x/N}
λx.M x →η M
M →Ω ?
Let R=η∪Ω and S =β. Now,
Show that η∪Ω can be postponedw.r.t. β.
Since β is SN, then conclude thatβ∪η∪Ω is SN.
49
Second example
Consider λ-calculus with the following rules : (λx.M)N →β M{x/N} π1(hM, Ni) →π1 M
π2(hM, Ni) →π2 N
LetR=π1∪π2 and S =β. Now,
Show thatπ1∪π2 can be postponedw.r.t. β.
Conclude that if β is SN, thenβ∪π1∪π2 is SN.
Termination by projection/simulation
Théorème : Let R1,R2 be two relations overO s.t.
1. R2 terminates
2. There is asimulationT :O→O0 and arelation S overO0s.t.
a→R1 b implies T(a)→+S T(b), a→R2 b implies T(a)→∗S T(b).
Then, If S terminates,(R1∪R2) termines also.
(Famous) Example
Consider the simply typed extensionalλ-calculus (λx.M)N →β M{x/N}
π1hM, Ni →π1 M π2hM, Ni →π2 N
M →ηexp λx.Mx if
M is of functional type M is not aλ-abstraction M is not applied inC[M]
M →spexp hπ1(M), π2(M)i if
M is of product type M is not a pair
M is not projected inC[M]
52
Thus for example if z:A×B and x: (A×B)→(C →D), then I x z →β x z →spexp x
the variable is applied
hπ1(z), π2(z)i →ηexp λy.(xhπ1(z), π2(z)i)y
Let R1=β∪π1∪π2 and R2=ηexp∪spexp. Now, Show that β∪π1∪π2 is terminating (done).
Show that η∪sp is conuent and SN.
Dene T(t)as the η∪sp-normal form of t.
Show that t→β∪π1∪π2 t0 impliesT(t)→+β∪π1∪π2 T(t0) Conclude that all the system is SN.
53
Termination by Depedency Pairs
• The technique is due to Aarts and Giesl.
• The order does not decrease for every step, but for thecriticalones.
• The technique is very suitable for functional programming.
• It was extended to higher-order by Sakai and Kusakari.
• It was extended to abstract rewriting by Lengrand.
Termination by Depedency Pairs Let R be a rewriting system.
The set of dened symbolsof R is given by : D ={f |f(l1, . . . , ln)→ r∈ R}.
The set of constructor symbolsofR is given by : C = Σ\ D.
Exemple :
R=
x + 0 → x
x + s(y) → s(x+y)
x ∗ 0 → 0
x ∗ s(y) → x∗y+x
A dependency pairof a rulel→r∈ R is a pair of the form hl, f(~s)i, where f(~s)is a subterm of r and f ∈ D.
The set P D(R)ofdependency pairsof a systemR is the union of the dependency pairs of all the rules ofR.
Exemple :The dependency pairs of R are hx+s(y), x+yi hx∗s(y), x∗yi hx∗s(y), x∗y+xi
56
Rewriting in P D(R) Remark :
1. If t|⇒R v, then t→R v.
2. If t⇒R v, then t→R v.
3. If u|⇒P D(R) v, then exists a term t and a position p∈P os(t)s.t. u|⇒R t[v]p (donc u→R t[v]p).
57
Dependency sequence
Adependency sequence ofR is a sequence u0, v0, u1, v1, . . . where u0⇒∗R v0|⇒P D(R) u1⇒∗R v1|⇒P D(R) ⇒∗R u2. . .
to which we can associate aR-reduction sequence
u0→∗Rv0|⇒R v00[u1]p0 →∗Rv00[v1]p0 |⇒R v00[v10[u2]p1]p0 →∗R ..
Corollaire : (Completeness) IfR terminates, then every dependency sequenceofR is nite.
Soundness of the method
Lemme : LetR a non-terminating system. Then every
non-terminating term contains a non-terminating subterm f(~u) where f ∈ D and ~uis a vector of terminating terms.
Lemme : If every dependency sequence ofR is nite and the vector of terms ~u is terminating, then for every f ∈ D,f(~u)is terminating.
Théorème : (Soundness) If everydependency sequenceofR is nite, then R terminates.
Termination by Dependency Paris
Théorème : A rewriting systemR terminates if there exists a pre-order% which is stable by substitutions et monotone s.t. its strict part is stable by substitutions and well-founded and s.t.
l%r for every rulel→r∈ R sÂt for every dependency pair hs, ti Exemple :
|0| = 1
|s(x)| = |x|+ 1
|x+y| = |x|+|y|
|x∗y| = 2∗ |x| ∗ |y|+ 1
60
|x+ 0|=|x|+ 1 Â 1 =|0|
|x+s(y)|=|x|+|y|+ 1 % |x|+|y|+ 1 =|s(x+y)|
|x∗0|= 2∗ |x|+ 1 Â 1 =|0|
|x∗s(y)|= 2∗ |x| ∗ |y|+ 2∗ |x|+ 1 Â 2∗ |x| ∗ |y|+|x|+ 1 =|x∗y+x|
|x+s(y)|= 2∗ |x| ∗ |y|+ 2∗ |x|+ 1 Â |x|+|y|=|x+y|
|x∗s(y)|= 2∗ |x| ∗ |y|+ 2∗ |x|+ 1 Â 2∗ |x| ∗ |y|+ 1 =|x∗y|
61
